Here we would show a beautiful application of Fermat’s Little Theorem.

An integer a is a quadratic residue with respect to prime p if a \equiv x^2 \mod{p} for some integer x.

Given a prime p and an integer a, how fast can we decide whether a is a quadratic residue modulo p? As it turns out (courtesy to Euler), pretty fast.

Statement

Given a prime p and an integer a,

  • (First Part) If a^\frac{p-1}{2} \equiv 1 \mod{p}, it means a is a quadratic residue module p.
  • (Second Part) If a^\frac{p-1}{2} \equiv -1 \mod{p}, it means a is a not a quadratic residue module p.

One  might wonder: what about other possible values of   a^\frac{p-1}{2} modulo p? As it turns out, a^\frac{p-1}{2} modulo p can have only two possible values \pm 1, as shown in the proof of the second part below.

Proof of the First Part

Recall that according to Fermat’s Little Theorem, if integers a and p are coprime (that is, a and p do not have any common divisor except 1), the following is true:

a^{p-1}\equiv 1\mod{p}\ \ \ \ (1), or equivalently

a^{p-1} - 1\equiv 0\mod{p}\ \ \ \ (2)

Now, observe that just like a^2-b^2=(a+b)(a-b), we can write Equation (2) as

\begin{array}{rcl}a^{p-1}-1 &=&0\mod{p}\\\implies(a^\frac{p-1}{2}-1)(a^\frac{p-1}{2}+1) &\equiv&0\mod{p}\ \ \ \ (3)\\\end{array}

Now, since p is prime, if the product of two numbers module p is zero modulo p, at least one of them must be zero modulo p. (If p were not prime, the product of the factors of p would be 0\equiv \mod{p}, and hence the above argument would not hold. Moreover, if p is prime, product st of two non-zero integers 1\leq s,t\leq p-1 cannot be a multiple of p since p is coprime to s,t.) Hence, according to this argument, at least one of the factors on the left hand side of Equation (3) (that is, either a^\frac{p-1}{2}-1 or a^\frac{p-1}{2}+1) must be congruent to 0\mod{p}.

Now suppose a\equiv x^2\mod{p} for some integer 0\leq x\leq p-1. That is, we are assuming that a is a quadratic residue modulo p. Then, it follows that

\begin{array}{rcl}a^\frac{p-1}{2}-1&=&(x^2)^\frac{p-1}{2}-1\\  &=&x^{p-1}-1\\  &\equiv&1-1\mod{p}\ \ \ \ \text{using Fermat's Little Theorem}\\  \implies a^\frac{p-1}{2}&\equiv&1\mod{p}\ \ \ \ (4)\\\end{array}

Hence, if a is a quadratic residue modulo p, the first factor of Equation (3) becomes zero, and thus Equation (3) is satisfied. Equation (4) is the proof of the first part of the statement.

Proof of the Second Part

Now, when a is not a quadratic residue modulo p, we can observe that
\begin{array}{rcl}a^\frac{p-1}{2}&\equiv&\left(a^{p-1}\right)^\frac{1}{2}\mod{p}\\  &\equiv&(1)^\frac{1}{2}\mod{p}\ \ \ \ \text{using Fermat's Little Theorem}\\  &\equiv&q\mod{p}\\\end{array}
where q is an integer such that q^2\equiv 1\mod{p}. The two candidate values for q are therefore $\latex \pm 1$. However, q cannot be +1, since it would imply a^\frac{p-1}{2}\equiv 1\mod{p} which is identical to Equation (4) which , in turn, would imply a is a quadratic residue modulo p, contradicting our assumption that a is not a quadratic residue modulo p. Therefore, q=a^\frac{p-1}{2}\equiv -1\mod{p}, which completes the proof of the second part of the statement.

\square

Advertisements