 This lecture is part of Berkeley Math 115, an introductory undergraduate course on number theory, and will be about quadratic residues. So, quick background, we're trying to study solutions of polynomials, fx is common to zero, mod p, and we record degree one polynomials, follow easily from Euclid's algorithm, and degree two polynomials can easily be reduced to the question of whether x squared is common to a mod p has a solution. Now, if a is not zero, and x squared is common to a mod p for some x, we say a is a quadratic residue. So the name quadratic residue is really just a fancy way of saying it's a square. So quadratic means it's just a word for being a square, and residue means we're taking it modulo p. So this is just quadratic residue is just a slightly long-winded way of saying it's a square modulo p. And if a is not zero, and an x squared is common to a has no solution, then a is a quadratic non-residue. I often forget to put the word quadratic in and sometimes call it a residue or a non-residue. So be warned, I might sometimes get a bit muddled. So for example, let's take p equals seven. What are the residues and what are the non-residues? So let's look at x, x can be zero, one, two, three, four, five or six, and the squares are zero, one, four, two, two, four, one. So the quadratic residues are one, two and four, and the quadratic non-residues are three, five and six. And there's a very common piece of notation for this, which is given by the Legendre symbol. So the Legendre symbol for p and odd prime is defined to be one if a is a quadratic residue and minus one if a is a quadratic non-residue and zero if a is common to zero, mod p. This seems to be a rather funny definition. I mean, what on earth is the point of it? Well, let me first of all just write down what it is mod seven. So let's take p equals seven and let a be zero, one, two, three, four, five or six, modulo p. Then a, p is going to be zero, plus one, plus one, minus one, plus one, minus one, minus one. So now let's explain why we adopt such a funny definition. Very convenient because of the following properties. The first property is that a, the quadratic Legendre symbol a, p is just equal congruent to a to the p minus one over two, modulo p. And we've actually proved this before. This is just Euler's theorem, which says that you can tell whether or not a is a square just by looking at whether this number here is plus one or minus one. Well, as I said, we gave a proof earlier, but let's give another proof. What we do is we use the, we pick a primitive root g of p so that g to the p minus one is congruent to one and g to the p minus one over two is congruent to minus one, modulo p. And then since there's a primitive root, a is equal to g to the n for some n unless a is congruent to zero, in which case this result is trivial. And then we notice that a is a quadratic residue is equivalent to n being even. If n is even, then this is obvious because a would be equal to g to the n over two squared. And you can easily check that if n is, that the square of any element must be g to the power of something for n even. And then you can check that g to the n to the p minus one over two is congruent to plus one if n is even and minus one if n is odd, fairly easy calculation. So that shows that a is a, that a is a quadratic residue if and only if a is equal to g to the n for n even. So this formula here holds. Another property is that the Legendre symbol is a homomorphism from z modulo pz star, the non-zero residues to a little group with two elements plus one and minus one. So this obviously raises the question, what do we mean by homomorphism? Well, a homomorphism is just a complicated way of saying it preserves multiplication. So this means f of a b has to be f of a times f of b. And we can show this as a homomorphism in two ways. First of all, we can just notice that a Legendre symbol a p is just congruent to a to the p minus one over two. And it's kind of obvious that a b to the p minus one over two is congruent to a to the p minus one over two times b to the p minus one over two. Well, that proof uses the existence of a primitive root. So it sort of works, but you remember primitive roots are kind of tricky. So we can also give a proof of this without using primitive roots just by counting carefully. What we notice is that exactly half of all non-zero residue classes, so that the non-zero is usually one two p minus one are squares or quadratic residues. And that's because the map x goes to x squared. It has the product minus x also goes to x squared. So if a is a quadratic residue, it has exactly two square roots. Remember, a is non-zero, so it can't have just one square root. So that means that every number is the square of either zero or two numbers modulo p, which means the number that are squares must be exactly half of these. So there are p minus one over two quadratic residues. So if you pick a number at random, there's about a 50% chance that it's a square as long as it's not actually divisible by p. And that means that there are also p minus one over two, and which is either p minus, so p minus one minus p minus one over two, none quadratic non-residues, or maybe none quadratic residues, I don't quite know which is best. So that means if we've got the quadratic residues, then we can look at the quadratic non-residues, and suppose we take a to be a quadratic residue, then we note that the multiplication by a takes quadratic residues to quadratic non-residues. In fact, we've really got to prove three things. We've got to prove that a quadratic residue times a quadratic residue is a quadratic residue, which is trivial, and we've got to show the quadratic residue times a quadratic non-residue is a quadratic non-residue, and this is easy because if this was a quadratic residue, then this would be the quotient of that by that, so it would also be a quadratic residue. Finally, we've got to show that a quadratic non-residue times a quadratic non-residue is a quadratic residue, and this is the tricky part. So we notice that this isn't actually always true in general. It's true for something like the reals, because there, a non-square would be something negative, and if you multiply two negative numbers by each other, you get something positive, which is a square. On the other hand, if you work with the rationals, you can notice that two is not a square, and if you multiply it by three is not a square, you get six, which is also not a square, so there's no reason in general why the product of two things that are not square should suddenly be a square. However, this does work modulo p, and we notice that multiplication by a non-residue, so a quadratic non-residue, must actually be an isomorphism. That's because the number of quadratic residues is the same as the number of quadratic non-residues, and this is injective, so it must be surjective. This means that if b is a quadratic non-residue, then b is equal to x times a for x of quadratic residue, because the map from quadratic residues to quadratic non-residues is onto, when you're multiplying by b. Now this means that a times b is equal to a times x times a, which is a quadratic residue, because it's a square a squared times another quadratic residue x. So here with a and b are any two quadratic non-residues, and you see their product is a quadratic residue. Now, third property, we know what, whether or not minus one is a quadratic residue. So we saw earlier that this is equal to plus one if p is congruent to one, mod four, and minus one if p is congruent to three, mod four. So we've proved this earlier. We can also prove it by Euler's criterion, so we can notice that minus one p is congruent to minus one, p minus one over two, modulo p, and this is equal to, this exponent is even if p is one, mod four, and it's odd if p is three, mod four, so that gives us, this is plus one for p congruent to three, mod four, minus one if p is congruent to, sorry, that should be a one, p is one, mod four, and it's minus one if p is congruent to three, mod four. Now, if we look at this, we notice that minus one p has the property that depends only on p, mod something. So in this particular case, the something happens to be equal to four. That's rather surprising because there's no obvious reason why whether something is a square, mod p should depend on p, mod something. Well, that suggests we ask the following question. So we can ask, does a p for fixed a depend on p, mod something? Whether something is something we're going to have to determine. Well, the next simplest case is to take a equals two. So let's take a look at this. So we can ask, what is a, when is a a quadratic residue of, sorry, when is a, sorry, when is two a quadratic residue of p? So let's look at some data. Let's take p equals three, five, seven, 11, 13, 17, 19, 23. 29 and 31. And try and check to see whether or not two is a square. Well, three and five, it's very easy to check. It isn't two, seven, yes, because two is congruent to three squared. So let's put a tick there. 11, you can check. It isn't 13, it isn't 17. It actually is because two is congruent to six squared. 36 is two, mod 17. So we put a tick there. 19, nothing works. 23, yes, because two is congruent to five squared. 29, you can check it's not 31. Yes, because two is congruent to eight squared. 64 is two, modulo 31. And now let's see. Does it depend on p mod four? Well, no, because two is not a square mod three and it is a square mod seven and seven is congruent to three modulo four. So this idea fails. So it's not looking very promising. Well, let's try mod eight. And then you notice that if p is one mod eight, well, what primes we've got one mod eight? Well, we've got 17. So one mod eight, yes. What about three mod eight? Well, here we've got three, no, 11, no, 19, no. So three mod eight, it never seems to be a quadratic residue. What about five mod eight? Well, there we have no, 13, no, 29, no. So that seems to be no and seven. We get seven, yes, 31, yes. So it seems to be consistent with the idea that two is a quadratic residue for primes that are one or seven mod eight. So we can provisionally say, what about two p is equal to plus one if p congruent to one or seven and minus one if p is congruent to three or five? Let's put a question mark because we haven't proved this yet. Well, now we want to show this is in fact correct. So in order to do that, we're going to have to use Gauss's lemma. So let's say what Gauss's lemma is. Gauss's lemma gives us this neat formula or the Legendre symbol AP. It's equal to minus one to the N where N is given in the following funny way. So N is the number of residue classes A to A up to P minus one over two A. So this is sort of half of all multiples of A. And it's the number of residue classes that are congruent to something between P over two and P. Mod P. Well, this looks like a rather funny criterion. So in order to get used to it, let's do a couple of examples. So let's first of all work out whether or not two is a quadratic residue of 17. So what we do is we take half of all the multiples of two. So we take two, four, six, eight, 10, 12, 14 and 16. And now there are P minus one over two of these. So that's, we take the first eight multiples of two. And now what we do is we take a look at which of them are between P over two and P when you reduce mod P. And as we notice, there are just four of them. So Gauss's lemma says that two 17 is equal to minus one to the four, which is plus one. So two is a quadratic residue, mod 17, which we saw earlier, it's congruent to six squared. So let's do another slightly more complicated example. This was easy because all the multiples of two were less than P. So if you try something like seven, 17, this is a little bit more complicated. So let's take the multiples of seven. We take the first eight multiples. So we get seven, 14, 21, 28, 35, 42, 49 and 56. That's eight of them. And then we reduce modulo 17. So we get seven, 14. And then we get four, 11, that's one, eight, 15, five. Now, which of them are between set we want seven, 17 over two is less than X is less than 17, and 17 over two is about eight and a half. So we see there's that one, there's that one, and there's that one. And the number of these is three. So seven, 17 is equal to minus one to the three, which is equal to minus one. So this tells us 17 is not a square, sorry, seven is not a square modulo 17. Well, you may be thinking that Gauss's criterion is actually completely useless, because in order to test whether 17 is a square mod 17, we have to test about 17 over two different cases. And this is no faster than squaring the first 17 over two numbers and see whether any of them are equal to seven. However, the key point is that it turns out to be possible to count the number of these classes quite directly. And what I'll do is we'll first prove Gauss's lemma and then show how to use it to work out numbers like this much faster. So the idea of Gauss's lemma is the numbers from one up to P minus one consist of P minus one over two pairs one P minus one to P minus two. And in general, these are going to be all A minus A, or when I say minus A means something congruent to minus A. And what we're going to do is to multiply together one element from each of these pairs. There's one obvious way of doing it. We can take one times two times three times up to P minus one over two. Alternatively, we could take our number A and multiply it by, and multiply A times one times two A times three A times P minus one over two A. And these numbers are not equal. They're equal up to some sign. And the numbers from A up to P minus one over two A contain one element from each of these P minus one over two pairs because we've got P minus one over two numbers. And you can easily check that none of them are equal to plus or minus another one modulo P. So in order to change all these numbers and numbers from one to P minus one, we've got to multiply all the ones between P plus one over two and P by minus one. So we should have a factor of minus one to the N where N is the number of elements, one A, two A, and so on, congruent to something between P over two and P mod P. And now we can just cancel out this product, the product for the numbers from one up to P minus one, which you see we've also got here. And we find that one is congruent to A to the P minus one over two times minus one to the N, modulo P. And now this thing here, we know is equal to A P by Euler's theorem. And if one of these two numbers is plus one, the other must be plus one. And if one is minus one, the other must be minus one. So this must also be equal to the Legendre symbol. So we've proved Gauss's lemma that the Legendre symbol is equal to minus one to this rather funny number N. And now we will show that this is actually a really good way of calculating Legendre symbols. First of all, I need to define some notation. We're going to define X in square brackets to be the integer part of X. And you've got to be a bit careful what this means. This means that X is equal to the integer part of X plus something from zero to one. More precisely, the something that's called the something, the remainder should be zero, should be less than the remainder and the remainder should be strictly less than one. For example, if we take the integer part of pi, this is equal to three. And if we take the integer part of seven, this is just equal to seven. And if we take the integer part of minus pi, this is equal to minus four, not minus three. You've got to be really careful here because if you try asking your calculator or computer what the integer part of minus pi is, it will quite likely to tell you that the integer part is minus three. But if you think about it, we said that the leftover bit has to be between zero and one, not between zero and minus one if the number is negative. So watch out for this. This is a sort of common source of errors when you're trying to program calculators to do number theory that they get the integer part wrong. So now using this notation, we can now work out whether or not two is a quadratic residue of P. So this is equal to minus one to the N, where N is the number of numbers, one times two, two times two, three times two octa P minus one over two times two, which is just two, four, six octa P minus one, that's between P over two and P. And you see it's rather nice because all these numbers are already less than P, so we don't have to reduce them mod P. And how many of them are between zero and P over two and P? Well, the number is the total number of these things, which is P minus one over two minus number between zero and P over two. And that is P minus one over two minus, well, the number of these between zero and P over two is just the integer part of P divided by four. And by the way, don't confuse this with a Legendre symbol. This means we divide P by four and then take the integer part of it, whereas if I said P four, this would be a Legendre symbol except Legendre symbols aren't defined for the number four. So this would make no sense at all. So now what we're going to do is to try and work out this expression for all values of P. And we need to know minus one to the N, so we want to know are these odd or even? And this is a little bit complicated. And if you think about it a bit, you'll see that whether or not these are odd or even depends on what P is mod eight. So let's try putting P equals eight M, plus one or eight M plus three or eight M plus five or eight M plus seven. And then we will work out what is P minus one over two. And here we get four M, four M plus one, four M plus two, four M plus three, so we know that more date. And then we want to work out the fractional part P divided by four. And you can see the fractional part is, sorry, the integer part will be two M, here it will again be two M, two M plus one and two M plus one. And now we have P minus one over two minus P over four. It's now going to be two M, two M plus one, two M plus one and two M plus two. And you see these two are odd and these two are even. So minus one to the N is going to be plus one, minus one, minus one or plus one. And by Gauss's lemma, this is equal to two P. So by looking at this, we now see that two is a quadratic residue of P. If P is congruent to one or seven mod eight, you can also write this as P is congruent plus or minus one. And it's minus one if P is congruent to three or five mod eight, which you can think of as P not congruent to plus or minus one, which may be a little bit easier to remember. So now we will have an application of this. In fact, I'll give an application to Mersenne prime. So you recall a Mersenne prime is a prime of the form two to the P minus one where P is prime. In general, it's kind of difficult. It's not very easy to test whether two to the P minus one is prime if P is large, but there's one very simple test you can do using the quadratic residue symbol. So we recall that if a prime Q divides two to the P minus one, then Q is congruent to one modulo P because two has ordered P modulo Q. So P must divide the number of non-zero residue classes mod Q. And this means that Q must be ordered P plus one, two P plus one, three P plus one or four P plus one and so on. However, Q is necessarily odd and this P is very small. So we can cross off P plus one, which is even and three P plus one, which is even. And we see the smallest possibility is two P plus one. So we can ask when does Q equals two P plus one divide two to the P minus one. And we have a simple criterion for it. If P and two P plus one are both prime and P is congruent to three mod eight, then Q equals two P plus one divides two to the P minus one. So two to the P minus one is not prime. So just before proving this, let's look at some examples. I should have said P has to be greater than three here because if P is equal to three, this proof doesn't, this breaks down. I mean, two P plus one does indeed divide it, but two P plus one turns out to be equal to two to the P minus one of P equals three. So two to the three minus one equals two times three plus one. So two to the three minus one is actually prime. Well, so examples apart from P equals three, we can get P equals 11. So two to 11 minus one is divisible by 23 as we saw earlier, which is two P plus one. Another example would be P equals 83. So we see two to the 83 minus one is divisible by 167, which is two times 83 plus one. And I think you'll agree if you didn't know this, it really wouldn't be at all obvious that two to the 83 minus one is divisible by 167. It'd be a rather tiresome calculation, even using Russian peasant multiplication to check this. Now let's show why this is true. Well, if P is congruent to three, mod eight, this implies that Q, which is equal to two P plus one is congruent to seven, mod eight. So two is a quadratic residue of Q. So two to the Q minus one over two is congruent to plus one modulo Q. This is just Euler's criterion for when numbers are quadratic residues. Well, Q minus one over two is just P. So two to the P is congruent to plus one mod P, so mod Q, sorry. So two to the P minus one is congruent to zero mod Q, which is just the same as saying that Q divides two to the P minus one. Okay, so next video, I'll be doing more examples of using Gauss's Lemma to compute quadratic residues.