Misplaced Pages

Euler's criterion

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Formula concerning prime numbers

In number theory, Euler's criterion is a formula for determining whether an integer is a quadratic residue modulo a prime. Precisely,

Let p be an odd prime and a be an integer coprime to p. Then

a p 1 2 { 1 ( mod p )  if there is an integer  x  such that  x 2 a ( mod p ) , 1 ( mod p )  if there is no such integer. {\displaystyle a^{\tfrac {p-1}{2}}\equiv {\begin{cases}\;\;\,1{\pmod {p}}&{\text{ if there is an integer }}x{\text{ such that }}x^{2}\equiv a{\pmod {p}},\\-1{\pmod {p}}&{\text{ if there is no such integer.}}\end{cases}}}

Euler's criterion can be concisely reformulated using the Legendre symbol:

( a p ) a p 1 2 ( mod p ) . {\displaystyle \left({\frac {a}{p}}\right)\equiv a^{\tfrac {p-1}{2}}{\pmod {p}}.}

The criterion dates from a 1748 paper by Leonhard Euler.

Proof

The proof uses the fact that the residue classes modulo a prime number are a field. See the article prime field for more details.

Because the modulus is prime, Lagrange's theorem applies: a polynomial of degree k can only have at most k roots. In particular, xa (mod p) has at most 2 solutions for each a. This immediately implies that besides 0 there are at least ⁠p − 1/2⁠ distinct quadratic residues modulo p: each of the p − 1 possible values of x can only be accompanied by one other to give the same residue.

In fact, ( p x ) 2 x 2 ( mod p ) . {\displaystyle (p-x)^{2}\equiv x^{2}{\pmod {p}}.} This is because ( p x ) 2 p 2 2 x p + x 2 x 2 ( mod p ) . {\displaystyle (p-x)^{2}\equiv p^{2}-{2}{x}{p}+x^{2}\equiv x^{2}{\pmod {p}}.} So, the p 1 2 {\displaystyle {\tfrac {p-1}{2}}} distinct quadratic residues are: 1 2 , 2 2 , . . . , ( p 1 2 ) 2 ( mod p ) . {\displaystyle 1^{2},2^{2},...,({\tfrac {p-1}{2}})^{2}{\pmod {p}}.}

As a is coprime to p, Fermat's little theorem says that

a p 1 1 ( mod p ) , {\displaystyle a^{p-1}\equiv 1{\pmod {p}},}

which can be written as

( a p 1 2 1 ) ( a p 1 2 + 1 ) 0 ( mod p ) . {\displaystyle \left(a^{\tfrac {p-1}{2}}-1\right)\left(a^{\tfrac {p-1}{2}}+1\right)\equiv 0{\pmod {p}}.}

Since the integers mod p form a field, for each a, one or the other of these factors must be zero. Therefore,

a p 1 2 1 ( mod p ) {\displaystyle a^{\tfrac {p-1}{2}}\equiv 1{\pmod {p}}} or
a p 1 2 1 ( mod p ) . {\displaystyle a^{\tfrac {p-1}{2}}\equiv {-1}{\pmod {p}}.}

Now if a is a quadratic residue, ax,

a p 1 2 ( x 2 ) p 1 2 x p 1 1 ( mod p ) . {\displaystyle a^{\tfrac {p-1}{2}}\equiv {(x^{2})}^{\tfrac {p-1}{2}}\equiv x^{p-1}\equiv 1{\pmod {p}}.}

So every quadratic residue (mod p) makes the first factor zero.

Applying Lagrange's theorem again, we note that there can be no more than ⁠p − 1/2⁠ values of a that make the first factor zero. But as we noted at the beginning, there are at least ⁠p − 1/2⁠ distinct quadratic residues (mod p) (besides 0). Therefore, they are precisely the residue classes that make the first factor zero. The other ⁠p − 1/2⁠ residue classes, the nonresidues, must make the second factor zero, or they would not satisfy Fermat's little theorem. This is Euler's criterion.

Alternative proof

This proof only uses the fact that any congruence k x l ( mod p ) {\displaystyle kx\equiv l\!\!\!{\pmod {p}}} has a unique (modulo p {\displaystyle p} ) solution x {\displaystyle x} provided p {\displaystyle p} does not divide k {\displaystyle k} . (This is true because as x {\displaystyle x} runs through all nonzero remainders modulo p {\displaystyle p} without repetitions, so does k x {\displaystyle kx} : if we have k x 1 k x 2 ( mod p ) {\displaystyle kx_{1}\equiv kx_{2}{\pmod {p}}} , then p k ( x 1 x 2 ) {\displaystyle p\mid k(x_{1}-x_{2})} , hence p ( x 1 x 2 ) {\displaystyle p\mid (x_{1}-x_{2})} , but x 1 {\displaystyle x_{1}} and x 2 {\displaystyle x_{2}} aren't congruent modulo p {\displaystyle p} .) It follows from this fact that all nonzero remainders modulo p {\displaystyle p} the square of which isn't congruent to a {\displaystyle a} can be grouped into unordered pairs ( x , y ) {\displaystyle (x,y)} according to the rule that the product of the members of each pair is congruent to a {\displaystyle a} modulo p {\displaystyle p} (since by this fact for every y {\displaystyle y} we can find such an x {\displaystyle x} , uniquely, and vice versa, and they will differ from each other if y 2 {\displaystyle y^{2}} is not congruent to a {\displaystyle a} ). If a {\displaystyle a} is not a quadratic residue, this is simply a regrouping of all p 1 {\displaystyle p-1} nonzero residues into ( p 1 ) / 2 {\displaystyle (p-1)/2} pairs, hence we conclude that 1 2 . . . ( p 1 ) a p 1 2 ( mod p ) {\displaystyle 1\cdot 2\cdot ...\cdot (p-1)\equiv a^{\frac {p-1}{2}}\!\!\!{\pmod {p}}} . If a {\displaystyle a} is a quadratic residue, exactly two remainders were not among those paired, r {\displaystyle r} and r {\displaystyle -r} such that r 2 a ( mod p ) {\displaystyle r^{2}\equiv a\!\!\!{\pmod {p}}} . If we pair those two absent remainders together, their product will be a {\displaystyle -a} rather than a {\displaystyle a} , whence in this case 1 2 . . . ( p 1 ) a p 1 2 ( mod p ) {\displaystyle 1\cdot 2\cdot ...\cdot (p-1)\equiv -a^{\frac {p-1}{2}}\!\!\!{\pmod {p}}} . In summary, considering these two cases we have demonstrated that for a 0 ( mod p ) {\displaystyle a\not \equiv 0\!\!\!{\pmod {p}}} we have 1 2 . . . ( p 1 ) ( a p ) a p 1 2 ( mod p ) {\displaystyle 1\cdot 2\cdot ...\cdot (p-1)\equiv -\left({\frac {a}{p}}\right)a^{\frac {p-1}{2}}\!\!\!{\pmod {p}}} . It remains to substitute a = 1 {\displaystyle a=1} (which is obviously a square) into this formula to obtain at once Wilson's theorem, Euler's criterion, and (by squaring both sides of Euler's criterion) Fermat's little theorem.

Examples

Example 1: Finding primes for which a is a residue

Let a = 17. For which primes p is 17 a quadratic residue?

We can test prime p's manually given the formula above.

In one case, testing p = 3, we have 17 = 17 ≡ 2 ≡ −1 (mod 3), therefore 17 is not a quadratic residue modulo 3.

In another case, testing p = 13, we have 17 = 17 ≡ 1 (mod 13), therefore 17 is a quadratic residue modulo 13. As confirmation, note that 17 ≡ 4 (mod 13), and 2 = 4.

We can do these calculations faster by using various modular arithmetic and Legendre symbol properties.

If we keep calculating the values, we find:

(17/p) = +1 for p = {13, 19, ...} (17 is a quadratic residue modulo these values)
(17/p) = −1 for p = {3, 5, 7, 11, 23, ...} (17 is not a quadratic residue modulo these values).

Example 2: Finding residues given a prime modulus p

Which numbers are squares modulo 17 (quadratic residues modulo 17)?

We can manually calculate it as:

1 = 1
2 = 4
3 = 9
4 = 16
5 = 25 ≡ 8 (mod 17)
6 = 36 ≡ 2 (mod 17)
7 = 49 ≡ 15 (mod 17)
8 = 64 ≡ 13 (mod 17).

So the set of the quadratic residues modulo 17 is {1,2,4,8,9,13,15,16}. Note that we did not need to calculate squares for the values 9 through 16, as they are all negatives of the previously squared values (e.g. 9 ≡ −8 (mod 17), so 9 ≡ (−8) = 64 ≡ 13 (mod 17)).

We can find quadratic residues or verify them using the above formula. To test if 2 is a quadratic residue modulo 17, we calculate 2 = 2 ≡ 1 (mod 17), so it is a quadratic residue. To test if 3 is a quadratic residue modulo 17, we calculate 3 = 3 ≡ 16 ≡ −1 (mod 17), so it is not a quadratic residue.

Euler's criterion is related to the law of quadratic reciprocity.

Applications

In practice, it is more efficient to use an extended variant of Euclid's algorithm to calculate the Jacobi symbol ( a n ) {\displaystyle \left({\frac {a}{n}}\right)} . If n {\displaystyle n} is an odd prime, this is equal to the Legendre symbol, and decides whether a {\displaystyle a} is a quadratic residue modulo n {\displaystyle n} .

On the other hand, since the equivalence of a n 1 2 {\displaystyle a^{\frac {n-1}{2}}} to the Jacobi symbol holds for all odd primes, but not necessarily for composite numbers, calculating both and comparing them can be used as a primality test, specifically the Solovay–Strassen primality test. Composite numbers for which the congruence holds for a given a {\displaystyle a} are called Euler–Jacobi pseudoprimes to base a {\displaystyle a} .

Notes

  1. Gauss, DA, Art. 106
  2. Dense, Joseph B.; Dence, Thomas P. (1999). "Theorem 6.4, Chap 6. Residues". Elements of the Theory of Numbers. Harcourt Academic Press. p. 197. ISBN 9780122091308.
  3. Leonard Eugene Dickson, "History Of The Theory Of Numbers", vol 1, p 205, Chelsea Publishing 1952
  4. Hardy & Wright, thm. 83
  5. Lemmermeyer, p. 4 cites two papers, E134 and E262 in the Euler Archive
  6. L Euler, Novi commentarii Academiae Scientiarum Imperialis Petropolitanae, 8, 1760-1, 74; Opusc Anal. 1, 1772, 121; Comm. Arith, 1, 274, 487

References

The Disquisitiones Arithmeticae has been translated from Gauss's Ciceronian Latin into English and German. The German edition includes all of his papers on number theory: all the proofs of quadratic reciprocity, the determination of the sign of the Gauss sum, the investigations into biquadratic reciprocity, and unpublished notes.

  • Gauss, Carl Friedrich (1986), Disquisitiones Arithemeticae (Second, corrected edition), translated by Clarke, Arthur A. (English), New York: Springer, ISBN 0-387-96254-9
  • Gauss, Carl Friedrich (1965), Untersuchungen über höhere Arithmetik (Disquisitiones Arithemeticae & other papers on number theory) (Second edition), translated by Maser, H. (German), New York: Chelsea, ISBN 0-8284-0191-8

External links

Categories: