5 Quadratic Reciprocity Law

5.1 Primitive roots and solutions of congruences

In Corollary 3.6, we see that if d|(p − 1), where p is a prime, then

xd ≡ 1 (mod p)
is solvable and has exactly d solutions. In this section, we study an extension of
this result.
theorem 5.1 Suppose m = 1, 2, 4, pα or 2pα , where p is an odd prime. Let
(a, m) = 1 and let d = (ϕ(m), n). The congruence
xn ≡ a (mod m) (5.1)
is solvable if and only if
aϕ(m)/d ≡ 1 (mod m).
In the case when the congruence is solvable, there are exactly (n, ϕ(m)) solutions.
Proof
We may assume that n ≤ ϕ(m) by Euler’s Theorem. If
xn ≡ a (mod m)
has a solution, then let g k be its solution where g is a primitive root modulo m.
Hence
 kn/d
aϕ(m)/d ≡ g kn(ϕ(m)/d) ≡ g ϕ(m) ≡ 1 (mod m).

Conversely, suppose
aϕ(m)/d ≡ 1 (mod m).
Let a = g ` . Note that from our assumption and the fact that g is a primitive
root, we must have
ϕ(m)|(`ϕ(m)/d).
Hence d|`.
Now consider the linear congruence
nu ≡ ` (mod ϕ(m)).
52 Quadratic Reciprocity Law

Note that since d = (n, ϕ(m)) divides `, the above congruence is solvable by
Theorem 1.40. Now, let s = g u . Then
sn = g nu = g nu+ϕ(m)v ≡ g ` ≡ a (mod m)
and hence
xn ≡ a (mod m)
is solvable.
By specifying n = 2 and m = p we see that
theorem 5.2 (Euler’s Criterion) The congruence equation
2
x ≡ a (mod p)
is solvable if and only if
a(p−1)/2 ≡ 1 (mod p).

5.2 The Legendre Symbol

Let a be any integer relatively prime to p, where p is an odd prime. The Legendre
symbol is defined by
  (
a 1 if x2 ≡ a (mod p) is solvable,
= .
p −1 otherwise.

From the Euler Criterion, we see immediately that

 
a
a(p−1)/2 ≡ (mod p).
p
This is because ap−1 ≡ 1 (mod p) and so a(p−1)/2 ≡ ±1 (mod p).
When p|n we simply define
 
n
= 0.
p
 
n
From Euler’s Criterion, we obtain immediately that the Legendre symbol p
is a completely multiplicative function of n, i.e.,
    
mn m n
= .
p p p

In the subsequent sections, we will learn an algorithm in computing the Leg-

endre symbol, thereby allowing us to determine the solvability of the congruence
x2 ≡ a (mod p).
 5.3 Gauss Lemma 53

definition 5.3 For (a, p) = 1, we say that a is a quadratic residue modulo p if

x2 ≡ a (mod p) is solvable. Otherwise, we say that a is a quadratic non-residue
modulo p.

5.3 Gauss Lemma

In this section, we give an elementary proof of the Gauss Lemma.

theorem 5.4 Let p be a prime and let a be an integer such that (a, p) = 1.
Consider
p−1
S := {a, 2a, · · · , a}
2
and let
T := {s (mod p)|s ∈ S},

with elements in T between 0 and p − 1. Suppose there are m elements in T

which are greater than p/2, then
 
a
= (−1)m .
p
Proof
Let r1 , r2 , · · · , rm be elements in T exceeding p/2. Let s1 , s2 , · · · , sk be the
remaining elements in T . Note that
p−1
m+k = .
2
Now, rj > p/2 implies that 0 < p − rj < p/2.
∗
Note that since (Z/pZ) is a group, multiplication by a induces a bijection on
this group and hence, no two si ’s coincide and no two p − rj coincide. It remains
to show that no p − rj coincides with si . Let

rj ≡ ρa (mod p) and si ≡ σa (mod p),

with ρ < p/2, σ < p/2 and ρ 6= σ. If

−rj ≡ si (mod p),

then
a(ρ + σ) ≡ 0 (mod p).

This implies that p|(ρ + σ). Since |ρ + σ| < p, this is impossible.

Now, since m + k = (p − 1)/2, p − ri , 1 ≤ i ≤ n and sj , 1 ≤ j ≤ k, are distinct
and less than p/2 and that they are all less than p/2, we conclude that
p−1
{p − r1 , p − r2 , · · · , p − rm , s1 , s2 , · · · , sk } = {1, 2, · · · , }.
2
54 Quadratic Reciprocity Law

Multiplying the elements on both sides, we find that

 
p−1
(−r1 )(−r2 ) · · · (−rm ) · s1 · · · sk ≡ ! (mod p).
2
But  
m (p−1)/2 p−1
r1 · r2 · · · rm · s1 · · · sk ≡ (−1) a ! (mod p)
2
as the ri ’s and sj ’s are congruent to elements in S, we conclude that
a(p−1)/2 ≡ (−1)m (mod p),
and hence,
 
a
= (−1)m .
p

5.4 Proofs of Gauss’ Quadratic Reciprocity Law

Let a = −1 then m = (p − 1)/2 since as 6∈ S for all s ∈ S. From Euler’s Criterion

or Gauss Lemma (Theorem 5.4), we deduce that
 
−1
= (−1)(p−1)/2 .
p
This is the first part of Gauss’ quadratic reciprocity law.
Let a = 2 and p ≡ 1 (mod 4). Set p = 4` + 1. We have S = {1, 2, · · · , 2`}.
Therefore 2S = {2, 4, · · · , 2`, 2` + 2, · · · , 4`}. Hence m = `. In other words
  (
2 1 if p = 8` + 1
=
p −1 if p = 8` + 5.
Similarly, we have
  (
2 1 if p = 8` + 7
=
p −1 if p = 8` + 3.
In short, we may write
 
2 2
= (−1)(p −1)/8 .
p

We now prove the final part of Gauss’ quadratic reciprocity law. First, we need
a lemma.
lemma 5.5 For odd positive integer m, we have
 
sin mx (m−1)/2
Y
2 2 2πj
= (−4) sin x − sin .
sin x m
1≤j≤(m−1)/2
 5.4 Proofs of Gauss’ Quadratic Reciprocity Law 55

Proof
It is known that
m
Ak (cos x)m−k (sin x)k ik .
X
cos mx + i sin mx = (cos x + i sin x)m =
k=0

Comparing the imaginary parts of both sides, we conclude that

(m−1)/2
X
sin mx = A2`+1 sin2`+1 x cosm−(2`+1) x(−1)` .
`=0

Hence
sin mx
sin x
is a polynomial in sin2 x of degree (m − 1)/2. We note that the function
sin mx
sin x
vanishes when x = 2πj/m for 1 ≤ j ≤ (m − 1)/2. Hence
 
sin mx Y
2 2 2πj
=C sin x − sin .
sin x m
1≤j≤(m−1)/2

The constant C can be found by letting x tends to 0. The left hand side is m
and the right hand side becomes
Y 2πj
C(−1)(m−1)/2 sin2 .
m
1≤j≤(m−1)/2

Using the fact that

sin(π − x) = sin x,
we find that
m−1
Y 2πj Y kπ
sin2 = sin .
m m
1≤j≤(m−1)/2 k=1

But
m−1 m−1
Y kπ 1 Y
e−ikπ/m ω k − 1 ,


sin = m−1 m−1
m 2 i
k=1 k=1

where ω = e2πi/m . Now,

m−1
Y
e−ikπ/m = i−(m−1) ,
k=1

and using the equation

m
Y
xm − 1 = (x − ω k ),
k=1
56 Quadratic Reciprocity Law

we deduce that
m−1
Y
m(−1)m−1 = (ω k − 1).
k=1

Hence,
m−1
Y kπ m
sin = m−1 .
m 2
k=1

(m−1)/2
This implies that C = (−4) and the proof is complete.

The main part of Gauss’ quadratic reciprocity law states that for odd distinct
primes p, q
  
p q
= (−1)(p−1)(q−1)/4 .
q p

Let S = {1, 2, · · · , (p − 1)/2}. Write

[qs]p = [es (q)sq ]p ,

where sq ∈ S and
(
1 if qs = sq ∈ S
es (q) = .
−1 if qs 6∈ S.

Note that es (q) = −1 precisely when qs exceeds p/2. Hence, if m is the number
of elements in qS = {1 ≤ qs (mod p) ≤ p|s ∈ S} that exceeds p/2, then
 
q Y
= (−1)m = es (q).
p
s∈S

Now, define
2πm
F ([m]p ) = sin .
p
Note that F is well defined on (Z/pZ)∗ since F ([m + kp]p ) = F ([m]p ) because
sin(2π(m + kp)/p) = sin(2πm/p). Therefore, the relation

[qs]p = [es (q)sq ]p

yields
2π 2π
sin qs = F ([qs]p ) = F ([es (q)sq ]p ) = es (q) sin sq .
p p
Since s → sq is a bijection of S, we conclude that
2π 2π
  Y
q Y sin p qs Y sin p qs
= es (q) = = .
p 2π 2π
s∈S s∈S sin sq s∈S sin s
p p
 5.5 The Jacobi Symbol 57

Applying Lemma 5.5, we deduce that

  Y Y 
q (q−1)/2 2 2πs 2 2πt
= (−4) sin − sin ,
p p q
s∈S t∈T

where T = {1, 2, · · · , (q − 1)/2}. Hence

  Y Y 
q (q−1)(p−1)/4 2 2πs 2 2πt
= (−4) sin − sin .
p p q
s∈S t∈T

Interchanging the role of p and q, we deduce that

  YY 
p 2πt 2πs
= (−4)(q−1)(p−1)/4 sin2 − sin2 .
q q p
t∈T s∈S

Therefore,
   
p q
and
q p
agrees up to sign and the sign is given by (−1)(p−1)(q−1)/4 by looking at the
products
Y Y 2πs 2πt
 YY 2πt 2πs

sin2 − sin2 and sin2 − sin2 .
p q q p
s∈S t∈T t∈T s∈S

We have thus completed the proof of the quadratic reciprocity law and we
summarize the result as follow:
theorem 5.6 Let p and q be distinct primes. Then we have
 
−1
= (−1)(p−1)/2
p
 
2 2
= (−1)(p −1)/8
p
  
p q
= (−1)(p−1)(q−1)/4 .
q p
example 5.1
Show that x2 ≡ 10 (mod 89) is solvable.
Solutions. We compute
        
10 2 5 2 5 89
= = (−1)(89 −1)/8 = = 1.
89 89 89 89 5

5.5 The Jacobi Symbol

In this section, we discuss an extension of the Legendre symbol.

58 Quadratic Reciprocity Law

definition 5.7 Let Q be a positive odd integer so that

Q = q1 q2 · · · qs
where qi are not necessarily distinct. The Jacobi symbol is defined by
 Y s  
P P
Q j=1 qj

where the expressions on the right hand side involving qj are the Legendre sym-
bols.
We observe that if Q is prime then the Jacobi symbol is simply the Legendre
symbol. We also note that if (P, Q) > 1, then
 
P
=0
qj
for some j and hence
 
P
= 0.
Q
Now if P is a quadratic residue modulo Q, then
x2 ≡ P (mod qj )
is solvable and hence  
P
= 1.
Q
The converse, however, is not true. Although
 
2
= 1,
15
the congruence
x2 ≡ 2 (mod 15)
is not solvable.
From the definition of the Jacobi symbol and the properties of the Legendre
symbol, it is immediate that
    
P P P
=
Q Q0 QQ0
  0 
PP0

P P
=
Q Q Q
 2  
P P
= 1 and =1
Q Q2
Finally, we observe that if P ≡ P 0 (mod Q), then
   0
P P
= .
Q Q
 5.5 The Jacobi Symbol 59

The main result we want to show in this section is

theorem 5.8 If Q is odd positive integer, then

 
−1 Q−1
= (−1) 2
Q
 
2 Q2 −1)
= (−1) 8
Q
  
P Q P −1 Q−1
= (−1) 2 · 2 .
Q P

Proof
To prove the first equality, we observe that
 
ab − 1 a−1 b−1 (a − 1)(b − 1)
− + = .
2 2 2 2

The numerator of the right hand side is divisible by 4 if both a and b are odd.
Hence,
 
ab − 1 a−1 b−1
≡ + (mod 2).
2 2 2

Hence if Q = q1 q2 · · · qs , then
s    
X qj − 1 Q−1
≡ (mod 2).
j=1
2 2

This implies that

  s   Ps
−1 Y −1 j=1 (qj −1)/2
Q−1
= = (−1) = (−1) 2 .
Q j=1
qj

The proof of the second equality is similar except that we used the relation

a2 b 2 − 1 a2 − 1 b 2 − 1 (a2 − 1)(b2 − 1)
 
− + =
8 8 8 8

and observe that the numerator of the right hand side is divisible by 64.
The proof of the last equality follows in exactly the same way as the proof of
the first equality.

With the Jacobi symbol, we can now calculate Legendre symbol without having
to factorize integers (except for factoring −1 and 2).
In the next two sections, we will give another proof of the Gauss Lemma using
results from group theory.
60 Quadratic Reciprocity Law

5.6 The Transfer

Let G be a finite group and H be a subgroup of G. Let X = G/H and fix a set
of representatives for X, namely,
R = {x1 , · · · , xm }
where m = |X|. Write the elements in X as [xj ] instead of xj H.
The group G acts on X via
g · [xi ] = [gxi ].
Now, because we insist that the representative for the cosets in X to be from R
we must write [gxi ] as [xj ] for some 1 ≤ j ≤ m. Since [gxi ] = [xj ] for some j we
could view G as acting on {1, 2, · · · , m} and we write
g ◦ i = j.
In other words, we have
[gxi ] = [xg◦i ].
From the above, we conclude that
gxi = xg◦i hg,[xi ]
for some hg,[xi ] ∈ H. We define the transfer of g to be
Y
Ver(g) = hg,[x] (mod [H, H])
[x]∈X

where where [H, H] is the commutator subgroup of H, namely, the group gen-
erated by {h1 h2 h−1 −1
1 h2 |h1 , h2 ∈ H}.
It appears that Ver(g) depends on our choice of set of representatives R. We
will show that this is not the case.
theorem 5.9 The map Ver : G → H/[H, H] is independent of the choice of
representatives of x ∈ X and it is a homomorphism.
Proof
Let R∗ = {x∗1 , x∗2 , · · · , x∗m } be another fixed set of coset representatives and
suppose we have
[x∗i ] = [xi ].
This means that
x∗i = xi h[xi ]
for some h[xi ] ∈ H. Now,
g[x∗i ] = [gx∗i ] = [gxi ] = [xg◦i ] = [x∗g◦i ].
If we write
gx∗i = x∗g◦i h∗g,[x∗i ]
 5.6 The Transfer 61

for some h∗g,[x∗ ] ∈ H, then the corresponding transfer is defined by

i

Y
Ver∗ (g) = h∗g,[x] (mod [H, H]).
[x]∈X

Note that

gx∗i = gxi h[xi ] = xg◦i hg,[xi ] h[xi ] = x∗g◦i h−1

[xg◦i ] hg,[xi ] h[xi ] .

This implies that

h∗g,[x∗i ] = h−1
[xg◦i ] hg,[xi ] h[xi ] .

Therefore,
Y Y
Ver∗ (g) = h−1
[xg◦i ] hg,[xi ] h[xi ] (mod [H, H]) = hg,[xi ] (mod [H, H]) = Ver(g)
[xi ]∈X [x]∈X

since
ab = abb−1 a−1 ba = ba (mod [H, H])

and
Y
h−1
[xg◦i ] h[xi ] = 1 (mod [H, H]).
[xi ]∈X

Therefore the transfer is independent of the coset representatives.

Next,
st[xi ] = [stxi ] = [xst◦i ].

Hence,
stxi = xst◦i hst,[xi ] .

Now,
s(txi ) = s(xt◦i )ht,[xi ] = xst◦i hs,[xt◦i ] ht,[xi ] .

Therefore,
Y Y
Ver(st) = hst,[xi ] (mod [H, H]) = hs,[xt◦i ] ht,[xi ] (mod [H, H])
[xi ]∈X [xi ]∈X
Y Y
= hs,[xt◦i ] ht,[xi ] (mod [H, H]) = Ver(s)Ver(t).
[xi ]∈X [xi ]∈X

Hence Ver is a homomorphism.

Our next task to compute Ver(s) for a single element s ∈ G. We consider the
cyclic subgroup C generated by s and let C acts on X, namely,

sj [x] = [sj x].

62 Quadratic Reciprocity Law

Note that X is a disjoint union of orbits Oα under the action of C. If |Oα | = fα

and [xα ] ∈ Oα then the elements in the orbit are

{[sj xα ]|j = 0, 1, · · · , fα − 1}.

We can now choose our coset representatives R to contain

{sj xα |j = 0, 1, · · · , fα − 1}

for each orbit Oα . Note that if 0 ≤ j ≤ fα − 2,

s[sj xα ] = [sj+1 xα ]

and since sj+1 xα ∈ R, we have

s(sj xα ) = sj+1 xα hs,[sj xα ]

with hs,[sj xα ] = 1. When j = fα − 1, we find that

s(sfα −1 xα ) = sfα xα = xα hs,[sfα −1 xα ] . (5.2)

Therefore,

Y Y fY
α −1
Y Y
Ver(s) = hs,[x] = hs,[sj xα ] = hs,[sfα −1 xα ] = x−1 fα
α s xα ,
[x]∈X α j=0 α α

where we have used (5.2).

Hence we have

theorem 5.10 Let s ∈ G and let Oα be the orbits of X under the action of
the cyclic subgroup generated by s. Suppose [xα ] is an element in Oα , then
Y Y
Ver(s) = hα = (xα )−1 sfα xα (mod [H, H]).
α α

We have already seen that the map Ver is a homomorphism from G to H/[H, H].
If G is abelian then [H, H] is trivial and we have a homomorphism from G to H
given by
Y P
Ver(s) = sfα = s α fα = sm ,
α

since
X
fα = m
α

where m = |X|.
 5.7 Gauss Lemma via the transfer 63

5.7 Gauss Lemma via the transfer

∗
Let G = (Z/pZ) and H = {[±1]p }. Let the coset representatives of H in G be
S := {1, 2, · · · , (p − 1)/2}. Now, for a ∈ G,
Ver([a]p ) = [a](p−1)/2
p .
We now compute Ver from its definition. Note that for [s]p ∈ S and [a]p ∈ G,
[as]p = [sa es (a)]p
where
(
1 if [as]p = [sa ]p for some sa ∈ S,
es (a) =
−1 otherwise.

Hence,
Ver([a]p ) = [−1]m
p

where m is the number of elements s such that [as]p 6∈ S. Comparing with the
previous computation of Ver(s), we conclude that
 
a
≡ [a](p−1)/2
p = Ver([a]p ) = [−1]m
p ,
p p
where m is the number of elements s such that [as]p 6= [s0 ]p for all s0 ∈ S.
In other words, m is the number of elements in S such that [as]p = [−sa ]p =
[p − sa ]p , or the number of elements in S such that the least positive residues
of as (mod p) exceeds p/2. This proves Gauss Lemma and shows that Gauss
Lemma corresponds to computing Ver([a]p ) in two different ways.

5.8 The Legendre Symbol and primes of the form x2 + y 2

In this section, we give an explicit form of x and y that satisfy

x2 + y 2 = p
where p is a prime, p ≡ 1 (mod 4).1 This would certainly imply that
theorem 5.11 Let p be an odd prime such that p ≡ 1 (mod 4). Then p is a
sum of two squares.
We first need two lemmas.
lemma 5.12 Let p be an odd prime. We have
X m
= 0.
p
m(mod p)

1 Adapted from “Number Theory” by G.E. Andrews

64 Quadratic Reciprocity Law

Proof
Note that using primitive roots modulo p, we see that if g is a primitive root
modulo p, then the even powers of g are quadratic residues and the odd powers
of g are quadratic non-residues. Therefore there are (p − 1)/2 quadratic residues
and (p − 1)/2 quadratic non-residues. Therefore in the sum
X m
,
p
m(mod p)

there are (p − 1)/2 terms which take the value 1 and (p − 1)/2 terms which take
the value −1. In other words,
X m
= 0.
p
m(mod p)

lemma 5.13 Let p be an odd prime. We have

(
X  (m − a)(m − b)  p−1 if a ≡ b (mod p)
= .
p −1 if a 6≡ b (mod p).
m(mod p)

Proof
Note first by replacing m by m + a, we find that

   
X (m − a)(m − b) X (m)(m − (b − a))
=
p p
m(mod p) m(mod p)
 
X (m)(m − (b − a))
=
p
m(mod p)
m6≡0(mod p)
 
m
since p = 0 when p|m. Let m0 be such that m0 m ≡ 1 (mod p). Then
   02   
X m(m − (b − a)) X m m(m − (b − a))
=
p p p
m(mod p) m(mod p)
m6≡0(mod p) m6≡0(mod p)

m0 m m0 m − m0 (b − a)
X   
=
p p
m(mod p)
m6≡0(mod p)

1 − m0 (b − a)
X  
=
p
m(mod p)
m0 6≡0(mod p)

1 − m0 (b − a)
X  
= −1
p
m0 (mod p)

= −1
 5.8 The Legendre Symbol and primes of the form x2 + y 2 65

by Lemma 5.12. Note that number -1 in the second last line is added so that we
could sum over complete residues m0 (mod p).

Let
p 
n(n2 − m)
X 
S(m) = .
n=1
p

Note that S(0) = 0 by Lemma 5.12 and S(m + N p) = S(m) for any integer N .
Let k 6≡ 0 (mod p). Then

k4
n(n2 − m)
X   
S(m) =
p p
n(mod p)
X  k 2 n   k 2 n2 − k 2 m 
=
p p
n(mod p)

(kn)2 − k 2 m
  X   
k kn
=
p p p
n(mod p)
 
k
= S(k 2 m).
p

Hence, we have

S 2 (k 2 m) = S 2 (m). (5.3)

If u is a quadratic residue modulo p, then u ≡ k 2 (mod p) for some integer k

and

S 2 (u) = S 2 (k 2 · 1) = S 2 (1) (5.4)

by setting m = 1 in (5.3).
If v is a non-residue, then v = `2j ` where ` is a fixed primitive root modulo
p. This is because all quadratic non-residues are odd powers of primitive roots
modulo p. Then by (5.3),

S 2 (v) = S 2 (`(`j )2 ) = S 2 (`). (5.5)

We note that we can replace ` by any quadratic non-residue modulo p.

There are (p − 1)/2 quadratic residues and (p − 1)/2 quadratic non-residues
and hence by (5.4) and (5.5), we deduce that
X p−1 2
p−1 2
S 2 (m) = S 2 (0) + S (1) + S 2 (`) = S (1) + S 2 (`) ,


2 2
m(mod p)

since S 2 (0) = 0.
66 Quadratic Reciprocity Law

Now,
X
S 2 (m)
m(mod p)

s(s2 − m) t(t2 − m)
X X   
=
p p
m(mod p) s(mod p)
t(mod p)
X  st   (m − s2 )(m − t2 ) 
=
m,s,t
p p
X st X (m − s2 )(m − t2 ) 
  
= .
s,t
p m
p

By Lemma 5.13, we deduce that

   
p−1 2 X st X st
S (1) + S 2 (`) =


(p − 1) + (−1)
2 s,t
p s,t
p
s2 ≡t2 (mod p) s2 6≡t2 (mod p)
 
  
 

X st X  st
 X 
st 
= (p − 1) − −
s,t
p  p p 
 s,t
 s,t 

s2 ≡t2 (mod p) s2 ≡t2 (mod p)
 
X st
=p ,
s,t
p
s2 ≡t2 (mod p)

where we have used Lemma 5.12 in the last equality. Next,

     
X st X st X st
= +
s,t
p s,t
p s,t
p
s2 ≡t2 (mod p) s≡t(mod p) s≡−t(mod p)

t2 −t2
X   X  
= + = 2(p − 1)
p p
t(mod p) t(mod p)

Hence we conclude that

 2  2
S(1) S(`)
+ = p.
2 2

Now, if 2|S(m) then we would have found integers x and y such that

x2 + y 2 = p.
 5.9 Appendix : Primes of the form x2 + y 2 , a second approach 67

To show that 2|S(m) for all integers m, we observe that

(p−1)/2  p−1
n(n2 − m) n(n2 − m)
X  X  
S(m) = +
n=1
p p
n=(p+1)/2
(p−1)/2  (p−1)/2 
n(n2 − m) (p − n)((p − n)2 − m)
X  X 
= +
n=1
p n=1
p
(p−1)/2  2

X n(n − m)
=2 ,
n=1
p

where the last equality follows for the fact that p ≡ 1 (mod 4).

Remark 5.14 Recently, H.H. Chan, L. Long and Y.F. Yang showed the follow-
ing observation:
Let p ≡ 1 (mod 6). Suppose a is any integer such that x3 ≡ a (mod p) is not
solvable. Then
3p = x2 + xy + y 2 ,

with
p  3   Xp  3 
X α +1 a α +a
x= and y = .
α=1
p p α=1 p

5.9 Appendix : Primes of the form x2 + y 2, a second approach

In this section, we give another proof of Theorem 5.11. This proof is due to D.
Zagier and is motivated by the work of R. Heath-Brown, who is in turn motivated
by Liouville.
Consider the set

S = {(x, y, z) ∈ Z+ |x2 + 4yz = p}.

Note that S is non-empty. This is because if p = 4k + 1, then (1, 1, k) ∈ S. Define

the map on S by

 (x + 2z, z, y − x − z) if x < y − z,


α : (x, y, z) → (2y − x, y, x − y + z) if y − z < x < 2y, .

 (x − 2y, x − y + z, y) if x > y.


We can check that this is a map on S by checking that each expression in the
image satisfies x2 + 4yz = p. For example,

(x + 2z)2 + 4z(y − x − z) = p

if x2 + 4yz = p.
68 Quadratic Reciprocity Law

We next check that α is an involution. This again can be checked by considering

the three cases as listed in the definition of α. For example, if x < y − z, then
α(x, y, z) = (x + 2z, z, y − x − z) = (x0 , y 0 , z 0 )
and x + 2z > 2z or x0 > 2y 0 . Hence
α(x0 , y 0 , z 0 ) = (x0 − 2y 0 , x0 − y 0 + z 0 , y 0 ) = (x, y, z).
The rest of the cases can be verified in a similar way.
Our next step is to show that the only fixed point of α is (1, 1, k) where
p = 1 + 4k. If we use the definition of α, we find that the only possible case
where a fixed point exists for α is when y − z < x < 2y since x, y, z are all
positive integers. This implies that the fixed point must be of the form (u, u, w).
But this would mean that u2 + 4uw = p and that u|p, or u = 1 or p. Now, u 6= p
for otherwise, the left hand side would be greater than the right hand side. Hence
u = 1 and w = k and the only fixed point of α is (1, 1, k). For any involution β,
we find that the number of elements in S is the sum of the number of elements
in
{s, β(s)|β(s) 6= s}
and
{t|β(t) = t}.
Since there is only one fixed point for α, we conclude that the number of elements
in S is odd.
We next consider a simple involution
σ(x, y, z) = (x, z, y).
Since the number of elements in S is odd, σ must have a fixed point, say
(x0 , y0 , z0 ). But this is a fixed point of σ means that y0 = z0 and thus, we
conclude that
x20 + 4y02 = p
and this completes the proof of Theorem 5.11.