Euler's criterion

Last updated November 11, 2023

In number theory, Euler's criterion is a formula for determining whether an integer is a quadratic residue modulo a prime. Precisely,

Proof

The proof uses the fact that the residue classes modulo a prime number are a field. See the article prime field for more details.

Because the modulus is prime, Lagrange's theorem applies: a polynomial of degree $k$ can only have at most $k$ roots. In particular, $x 2 \equiv a (mod p)$ has at most 2 solutions for each $a$ . This immediately implies that besides 0 there are at least $.mw-parser-output .sfrac{white-space:nowrap}.mw-parser-output .sfrac.tion,.mw-parser-output .sfrac .tion{display:inline-block;vertical-align:-0.5em;font-size:85%;text-align:center}.mw-parser-output .sfrac .num,.mw-parser-output .sfrac .den{display:block;line-height:1em;margin:0 0.1em}.mw-parser-output .sfrac .den{border-top:1px solid}.mw-parser-output .sr-only{border:0;clip:rect(0,0,0,0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}p − 1/2$ distinct quadratic residues modulo $p$ : each of the $p - 1$ possible values of $x$ can only be accompanied by one other to give the same residue.

In fact, $(p-x)^{2}\equiv x^{2}{\pmod {p}}.$ This is because $(p-x)^{2}\equiv p^{2}-{2}{x}{p}+x^{2}\equiv x^{2}{\pmod {p}}.$ So, the ${\tfrac {p-1}{2}}$ distinct quadratic residues are: $1^{2},2^{2},...,({\tfrac {p-1}{2}})^{2}{\pmod {p}}.$

As $a$ is coprime to $p$ , Fermat's little theorem says that

a^{p-1}\equiv 1{\pmod {p}},

which can be written as

\left(a^{\tfrac {p-1}{2}}-1\right)\left(a^{\tfrac {p-1}{2}}+1\right)\equiv 0{\pmod {p}}.

Since the integers mod $p$ form a field, for each $a$ , one or the other of these factors must be zero. Therefore,

$a^{p-1}\equiv 1{\pmod {p}}$ or $a^{p-1}\equiv -1{\pmod {p}}$

Now if $a$ is a quadratic residue, $a \equiv x 2$ ,

a^{\tfrac {p-1}{2}}\equiv {(x^{2})}^{\tfrac {p-1}{2}}\equiv x^{p-1}\equiv 1{\pmod {p}}.

So every quadratic residue (mod $p$ ) makes the first factor zero.

Applying Lagrange's theorem again, we note that there can be no more than $p - 1 / 2$ values of $a$ that make the first factor zero. But as we noted at the beginning, there are at least $p - 1 / 2$ distinct quadratic residues (mod $p$ ) (besides 0). Therefore, they are precisely the residue classes that make the first factor zero. The other $p - 1 / 2$ residue classes, the nonresidues, must make the second factor zero, or they would not satisfy Fermat's little theorem. This is Euler's criterion.

Alternative proof

This proof only uses the fact that any congruence $kx\equiv l\!\!\!{\pmod {p}}$ has a unique (modulo $p$ ) solution $x$ provided $p$ does not divide $k$ . (This is true because as $x$ runs through all nonzero remainders modulo $p$ without repetitions, so does $kx$ —if we have $kx_{1}\equiv kx_{2}{\pmod {p}}$ , then $p\mid k(x_{1}-x_{2})$ , hence $p\mid (x_{1}-x_{2})$ , but $x_{1}$ and $x_{2}$ aren't congruent modulo $p$ .) It follows from this fact that all nonzero remainders modulo $p$ the square of which isn't congruent to $a$ can be grouped into unordered pairs $(x,y)$ according to the rule that the product of the members of each pair is congruent to $a$ modulo $p$ (since by this fact for every $y$ we can find such an $x$ , uniquely, and vice versa, and they will differ from each other if $y^{2}$ is not congruent to $a$ ). If $a$ is a quadratic nonresidue, this is simply a regrouping of all $p-1$ nonzero residues into $(p-1)/2$ pairs, hence we conclude that $1\cdot 2\cdot ...\cdot (p-1)\equiv a^{\frac {p-1}{2}}\!\!\!{\pmod {p}}$ . If $a$ is a quadratic residue, exactly two remainders were not among those paired, $r$ and $-r$ such that $r^{2}\equiv a\!\!\!{\pmod {p}}$ . If we pair those two absent remainders together, their product will be $-a$ rather than $a$ , whence in this case $1\cdot 2\cdot ...\cdot (p-1)\equiv -a^{\frac {p-1}{2}}\!\!\!{\pmod {p}}$ . In summary, considering these two cases we have demonstrated that for $a\not \equiv 0\!\!\!{\pmod {p}}$ we have $1\cdot 2\cdot ...\cdot (p-1)\equiv -\left({\frac {a}{p}}\right)a^{\frac {p-1}{2}}\!\!\!{\pmod {p}}$ . It remains to substitute $a=1$ (which is obviously a square) into this formula to obtain at once Wilson's theorem, Euler's criterion, and (by squaring both sides of Euler's criterion) Fermat's little theorem.

Examples

Example 1: Finding primes for which a is a residue

Let a = 17. For which primes p is 17 a quadratic residue?

We can test prime p's manually given the formula above.

In one case, testing p = 3, we have 17^{(3 − 1)/2} = 17¹ ≡ 2 ≡ −1 (mod 3), therefore 17 is not a quadratic residue modulo 3.

In another case, testing p = 13, we have 17^{(13 − 1)/2} = 17⁶ ≡ 1 (mod 13), therefore 17 is a quadratic residue modulo 13. As confirmation, note that 17 ≡ 4 (mod 13), and 2² = 4.

We can do these calculations faster by using various modular arithmetic and Legendre symbol properties.

If we keep calculating the values, we find:

(17/p) = +1 for p = {13, 19, ...} (17 is a quadratic residue modulo these values)

(17/p) = −1 for p = {3, 5, 7, 11, 23, ...} (17 is not a quadratic residue modulo these values).

Example 2: Finding residues given a prime modulus p

Which numbers are squares modulo 17 (quadratic residues modulo 17)?

We can manually calculate it as:

1² = 1

2² = 4

3² = 9

4² = 16

5² = 25 ≡ 8 (mod 17)

6² = 36 ≡ 2 (mod 17)

7² = 49 ≡ 15 (mod 17)

8² = 64 ≡ 13 (mod 17).

So the set of the quadratic residues modulo 17 is {1,2,4,8,9,13,15,16}. Note that we did not need to calculate squares for the values 9 through 16, as they are all negatives of the previously squared values (e.g. 9 ≡ −8 (mod 17), so 9² ≡ (−8)² = 64 ≡ 13 (mod 17)).

We can find quadratic residues or verify them using the above formula. To test if 2 is a quadratic residue modulo 17, we calculate 2^{(17 − 1)/2} = 2⁸ ≡ 1 (mod 17), so it is a quadratic residue. To test if 3 is a quadratic residue modulo 17, we calculate 3^{(17 − 1)/2} = 3⁸ ≡ 16 ≡ −1 (mod 17), so it is not a quadratic residue.

Euler's criterion is related to the law of quadratic reciprocity.

Applications

In practice, it is more efficient to use an extended variant of Euclid's algorithm to calculate the Jacobi symbol $\left({\frac {a}{n}}\right)$ . If $n$ is an odd prime, this is equal to the Legendre symbol, and decides whether $a$ is a quadratic residue modulo $n$ .

On the other hand, since the equivalence of $a^{\frac {n-1}{2}}$ to the Jacobi symbol holds for all odd primes, but not necessarily for composite numbers, calculating both and comparing them can be used as a primality test, specifically the Solovay–Strassen primality test. Composite numbers for which the congruence holds for a given $a$ are called Euler–Jacobi pseudoprimes to base $a$ .

Notes

↑ Gauss, DA, Art. 106
↑ Dense, Joseph B.; Dence, Thomas P. (1999). "Theorem 6.4, Chap 6. Residues". Elements of the Theory of Numbers. Harcourt Academic Press. p. 197. ISBN 9780122091308.
↑ Leonard Eugene Dickson, "History Of The Theory Of Numbers", vol 1, p 205, Chelsea Publishing 1952
↑ Hardy & Wright, thm. 83
↑ Lemmermeyer, p. 4 cites two papers, E134 and E262 in the Euler Archive
↑ L Euler, Novi commentarii Academiae Scientiarum Imperialis Petropolitanae, 8, 1760-1, 74; Opusc Anal. 1, 1772, 121; Comm. Arith, 1, 274, 487

Related Research Articles

In number theory, the Legendre symbol is a multiplicative function with values 1, −1, 0 that is a quadratic character modulo of an odd prime number p: its value at a (nonzero) quadratic residue mod p is 1 and at a non-quadratic residue (non-residue) is −1. Its value at zero is 0.

In mathematics, modular arithmetic is a system of arithmetic for integers, where numbers "wrap around" when reaching a certain value, called the modulus. The modern approach to modular arithmetic was developed by Carl Friedrich Gauss in his book Disquisitiones Arithmeticae, published in 1801.

<span class="mw-page-title-main">Quadratic reciprocity</span> Gives conditions for the solvability of quadratic equations modulo prime numbers

In number theory, the law of quadratic reciprocity is a theorem about modular arithmetic that gives conditions for the solvability of quadratic equations modulo prime numbers. Due to its subtlety, it has many formulations, but the most standard statement is:

In number theory, a Gaussian integer is a complex number whose real and imaginary parts are both integers. The Gaussian integers, with ordinary addition and multiplication of complex numbers, form an integral domain, usually written as $or$

In number theory, Euler's theorem states that, if $n$ and $a$ are coprime positive integers, and $is Euler's totient function, then a raised to the power is congruent to 1 modulo n; that is$

The Jacobi symbol is a generalization of the Legendre symbol. Introduced by Jacobi in 1837, it is of theoretical interest in modular arithmetic and other branches of number theory, but its main use is in computational number theory, especially primality testing and integer factorization; these in turn are important in cryptography.

In modular arithmetic, a number $g$ is a primitive root modulo $n$ if every number $a$ coprime to $n$ is congruent to a power of $g$ modulo $n$ . That is, $g$ is a primitive root modulo $n$ if for every integer $a$ coprime to $n$ , there is some integer $k$ for which $g$ ^$k$ ≡ $a$ . Such a value $k$ is called the index or discrete logarithm of $a$ to the base $g$ modulo $n$ . So $g$ is a primitive root modulo $n$ if and only if $g$ is a generator of the multiplicative group of integers modulo $n$ .

In number theory, an integer q is called a quadratic residue modulo n if it is congruent to a perfect square modulo n; i.e., if there exists an integer x such that:

In algebra and number theory, Wilson's theorem states that a natural number n > 1 is a prime number if and only if the product of all the positive integers less than n is one less than a multiple of n. That is, the factorial $satisfies$

In number theory, quadratic Gauss sums are certain finite sums of roots of unity. A quadratic Gauss sum can be interpreted as a linear combination of the values of the complex exponential function with coefficients given by a quadratic character; for a general character, one obtains a more general Gauss sum. These objects are named after Carl Friedrich Gauss, who studied them extensively and applied them to quadratic, cubic, and biquadratic reciprocity laws.

In number theory, the Kronecker symbol, written as $or, is a generalization of the Jacobi symbol to all integers . It was introduced by Leopold Kronecker.$

The Solovay–Strassen primality test, developed by Robert M. Solovay and Volker Strassen in 1977, is a probabilistic test to determine if a number is composite or probably prime. The idea behind the test was discovered by M. M. Artjuhov in 1967 (see Theorem E in the paper). This test has been largely superseded by the Baillie–PSW primality test and the Miller–Rabin primality test, but has great historical importance in showing the practical feasibility of the RSA cryptosystem. The Solovay–Strassen test is essentially an Euler–Jacobi probable prime test.

In additive number theory, Fermat's theorem on sums of two squares states that an odd prime p can be expressed as:

Gauss's lemma in number theory gives a condition for an integer to be a quadratic residue. Although it is not useful computationally, it has theoretical significance, being involved in some proofs of quadratic reciprocity.

In number theory, the law of quadratic reciprocity, like the Pythagorean theorem, has lent itself to an unusually large number of proofs. Several hundred proofs of the law of quadratic reciprocity have been published.

The Tonelli–Shanks algorithm is used in modular arithmetic to solve for r in a congruence of the form r² ≡ n, where p is a prime: that is, to find a square root of n modulo p.

Cubic reciprocity is a collection of theorems in elementary and algebraic number theory that state conditions under which the congruence x³ ≡ p (mod q) is solvable; the word "reciprocity" comes from the form of the main theorem, which states that if p and q are primary numbers in the ring of Eisenstein integers, both coprime to 3, the congruence x³ ≡ p is solvable if and only if x³ ≡ q is solvable.

In mathematics, particularly in the area of arithmetic, a modular multiplicative inverse of an integer $a$ is an integer $x$ such that the product $ax$ is congruent to 1 with respect to the modulus $m$ . In the standard notation of modular arithmetic this congruence is written as

Quartic or biquadratic reciprocity is a collection of theorems in elementary and algebraic number theory that state conditions under which the congruence x⁴ ≡ p is solvable; the word "reciprocity" comes from the form of some of these theorems, in that they relate the solvability of the congruence x⁴ ≡ p to that of x⁴ ≡ q.

In algebraic number theory the n-th power residue symbol is a generalization of the (quadratic) Legendre symbol to n-th powers. These symbols are used in the statement and proof of cubic, quartic, Eisenstein, and related higher reciprocity laws.

References

The Disquisitiones Arithmeticae has been translated from Gauss's Ciceronian Latin into English and German. The German edition includes all of his papers on number theory: all the proofs of quadratic reciprocity, the determination of the sign of the Gauss sum, the investigations into biquadratic reciprocity, and unpublished notes.

Gauss, Carl Friedrich (1986), Disquisitiones Arithemeticae (Second, corrected edition), translated by Clarke, Arthur A. (English), New York: Springer, ISBN 0-387-96254-9

Gauss, Carl Friedrich (1965), Untersuchungen über höhere Arithmetik (Disquisitiones Arithemeticae & other papers on number theory) (Second edition), translated by Maser, H. (German), New York: Chelsea, ISBN 0-8284-0191-8

Hardy, G. H.; Wright, E. M. (1980), An Introduction to the Theory of Numbers (Fifth edition) , Oxford: Oxford University Press, ISBN 978-0-19-853171-5

Lemmermeyer, Franz (2000), Reciprocity Laws: from Euler to Eisenstein, Berlin: Springer, ISBN 3-540-66957-4

External links

The Euler Archive

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Gauss, DA, Art. 106

[2] Dense, Joseph B.; Dence, Thomas P. (1999). "Theorem 6.4, Chap 6. Residues". Elements of the Theory of Numbers. Harcourt Academic Press. p. 197. ISBN 9780122091308.

[3] Leonard Eugene Dickson, "History Of The Theory Of Numbers", vol 1, p 205, Chelsea Publishing 1952

[4] Hardy & Wright, thm. 83

[5] Lemmermeyer, p. 4 cites two papers, E134 and E262 in the Euler Archive

[6] L Euler, Novi commentarii Academiae Scientiarum Imperialis Petropolitanae, 8, 1760-1, 74; Opusc Anal. 1, 1772, 121; Comm. Arith, 1, 274, 487

[1]

[2]

[3]

[4]

[5]

[6]