The quadratic Gauss sum redux

David Grant

Abstract
Let p be an odd prime and ζ be a primitive pth -root of unity. For
any integer a prime to p, let ( ap ) denote the Legendre symbol, which is
1 if a is a square mod p, and is −1 otherwise. Using Euler’s Criterion
that a(p−1)/2 = ( ap ) mod p, it follows that the Legendre symbol gives a
homomorphism from the multiplicative group of nonzero elements F∗p of
Fp = Z/pZ to {±1}. Gauss’s law of quadratic reciprocity states that for
any other odd prime q,
q p
( )( ) = (−1)(p−1)(q−1)/4 .
p q
A table describing the multitude of proofs of this cherished result over
the past two centuries is given in Appendix B of [10], which shows that
the starting point of many of the proofs (including one of Gauss’s) is the
quadratic Gauss sum,
p−1
X a
g= ( )ζ a ,
a=1
p
and Gauss’s calculation that
−1
g2 = ( )p. (1)
p

The purpose of this note is to present a variety of proofs of (1) (some well
known and others perhaps less so), using techniques from different branches of
number theory, each providing its own insight.
Let φ(x) = (xp − 1)/(x − 1) = xp−1 + · · · + 1. Identifying x with ζ, we can
view (1) as an equality in the cyclotomic field K = Q[x]/(φ(x)). The Galois
group D of K over Q consists of the automorphisms {σb |b ∈ F∗p } of K defined by
σb (ζ) = ζ b . By the multiplicativity of the Legendre symbol, if we let gb = σb (g),
then
p−1 p−1
X a b X ab ab b
gb = ( )ζ ab = ( ) ( )ζ = ( )g.
a=1
p p a=1
p p

So it follows that g 2 is fixed by D and hence by Galois theory is a rational

number. The crux of (1) therefore is in determining which rational number.
The “standard” approach to proving (1) is lovely in its own right (see, e.g., [10],
Proposition 3.19), and it is hard to find a sleeker proof than those given in [7,
Proposition 6.3.2] and [3, Theorem 1.14(a)].

1
 A pretty proof of (1) comes from noting that since ζ is a root of φ,
p−1
X
0= ζ a. (2)
a=0

So, if inspired by Euler’s Criterion, we set ( ap ) = 0 when a is a multiple of p, we

then have
p−1 p−1
X a a X b2
g= (1 + ( ))ζ = ζ , (3)
a=0
p
b=0

since (1 + ( ap ))ζ a is 1 if a = 0 mod p, vanishes if a is not a square mod p, and

2 2
is ζ b + ζ (−b) if a = b2 6= 0 mod p. From (3) we get
p−1
X
gg−1 = nr ζ r ,
r=0

where nr is the number of solutions to x2 − y 2 = (x − y)(x + y) = r for x, y ∈ Fp .

Since n0 = 2p − 1, and nr = p − 1 for 0 < r < p, applying (2) now gives

gg−1 = p, (10 )

which is equivalent to (1).

Considerably more difficult than (1) is finding the argument of g as a complex
number when we take ζ = e2πi/p . Gauss proved that
√ √
g = p if p = 1 mod 4, and g = i p if p = 3 mod 4. (4)
√
(Here p denotes the positive square root of p.) Proofs of (4) using the calculus
of residues and Fourier analysis are given in [9] and [3] (the definitive survey
of the various work on (4) is [2]). There is a particularly lovely proof of (4)
by Schur (given in [9]) that uses only linear algebra, which adapts to give a
miraculous proof of (1) (see also [12]). Let S be the p × p matrix whose ij th
entry is ζ ij for 0 ≤ i, j < p. Then, if we let a bar denote complex conjugation,
(2) implies that S S̄ is p times the identity matrix. Hence, since S is symmetric,
√
S/ p is a unitary matrix, so each of its eigenvalues λ has complex absolute
value |λ| = 1. Let v be the column vector whose ath component, for 0 ≤ a < p,
is ( ap ), and [g(a)] be the column vector whose ath component, for 0 ≤ a < p, is
ga . Then
Sv = [g(a)] = gv.
√ √
Therefore g/ p is an eigenvalue of S/ p, and so

|g|2 = gḡ = p, (100 )

which is equivalent to (10 ) since ḡ = g−1 .

One algebraic number theoretic approach to (1) is to realize that in any
field F of characteristic not p containing a primitive pth -root of unity ζ, the

2
group characters χa : hζi → F ∗ defined by χa (ζ) = ζ a are distinct for a =
1, ..., p − 1, and hence by a Theorem of Dedekind [4, Chpt. 14, Thm. 7] are
Pp−1
linearly independent functions over F . Hence a=1 ( ap )χa is not identically 0
Pp−1 a
as a function on hζi, so for some b, a=1 ( p )χa (ζ b ) = gb 6= 0 in F . Since

p−1
X a
( ) = 0, (5)
a=1
p

(the homomorphism from F∗p to itself given by x → x2 has kernel ±1, so has
an image which is a subgroup of F∗p of index 2), necessarily b 6= 0. Therefore
g = ±gb , and we have g 6= 0 in F . Now considering g as an element in the ring
of integers Z[ζ] of K, its reduction modulo any maximal ideal q of Z[ζ] is in a
field of characteristic not p that contains a primitive pth -root of unity, so long as
q is not the ideal p generated by 1 − ζ (the lone prime ideal of Z[ζ] dividing p).
Therefore, g is not 0 mod q for q 6= p, and on the other hand, by (5), g is 0 mod
p. Hence, g is a unit in Z[ζ] times a nontrivial power of 1 − ζ. Therefore, gḡ ∈ Z
is a nontrivial power of p. The elementary bound |g| < p then establishes (100 ).
Pedro Berrizbeitia showed us a lovely proof of (1) using that F∗p is a cyclic
group of even order. On the one hand this shows that there is a b ∈ F∗p which
is not a square, and that D is cyclic. Hence K contains a unique quadratic
field L. Then, since g ∈ K and g 2 ∈ Q, σb (g) = −g means L = Q(g). From
Qp−1
p = φ(1) = i=1 (1 − ζ i ), an easy manipulation gives that ρ2 = ( −1 p )p, where
Q(p−1)/2 i −i
ρ = i=1 (ζ − ζ ). Since ρ ∈ K, this gives that L = Q(ρ), so g/ρ is
a rational number r. But g 2 is an algebraic integer and hence in Z, so by
the unique factorization of integers into the product of primes, g 2 /( −1 p )p = r
2

implies that r is an integer. But g/r is an algebraic integer in Z[ζ], and since
g/ζ is a polynomial in ζ of degree less than p − 1 with coefficients of ±1, this is
impossible unless r = ±1. Then g 2 = ( −1 2
p )pr gives (1).
To see how analytic number theory aids in our
P understanding of (1), we can
n s
(as in [5]) use the Dirichlet L-Series L(s) = (
n≥1 p )/n , which (just using
|( np )| ≤ 1) defines an analytic function where the real part of s is greater than
1. But L(s) has an analytic continuation to the whole complex s-plane, and
satisfies the functional equation [1, Thm 12.11],

ps−1 Γ(s) −πis/2 −1 πis/2

L(1 − s) = g s
(e +( )e )L(s), (6)
(2π) p
where Γ(s) is the Gamma function. Note that (6) gives one relation between
L(s) and L(1 − s), and plugging in 1 − s for s in (6) gives another. Using
these equations to eliminate L(s) and L(s − 1), and employing Euler’s reflection
formula for the Gamma function, Γ(s)Γ(1−s) = sinππs , yields (1). (For references
on the analogy (noticed by Jacobi) between this reflection formula and (1), see
[10, p. 139.])
An arithmetic geometer might say the “reason” (1) is true is that Hasse
and Davenport showed that −1/g is a zero of the congruence zeta function for

3
the curve y p − y = x2 defined over Fp [6], so by Weil’s proof of the Riemann
Hypothesis for curves over a finite field [13], g must be an algebraic integer
√
of absolute value p in every embedding into the complex numbers, i.e., (100 )
holds.
At the risk of filling the proverbial (and apocryphal [8]) much-needed gap
in the literature, we provide one more elementary proof of (1), inspired by the
theory of cyclic codes (see [11, Chapter 7]).
If F is a finite field and n is a positive integer, then an F -vector subspace C
of F n is called a linear code of length n, and C is called cyclic if (x1 , ..., xn ) ∈
C implies that (x2 , ..., xn , x1 ) ∈ C. Cyclic codes of length n are in one-to-
one correspondence with the ideals in R = F [x]/(xn − 1). When n = p and
F = Fq for some other prime q such that ( pq ) = 1, an important example of
such cyclic codes are the quadratic residue codes, which make use of analogues
of Gauss sums in R. By transporting this circle of ideas to the Q-algebra
A = Q[x]/(xp − 1), we will get a simple proof to (1).
Of course A is the “wrong ring” in which to work, since it is not a field like
K is. However, there is still something of a Galois theory for A, which is quite
explicit. For any positive integer b, since xp − 1 divides xbp − 1, there is a Q-
algebra endomorphism τb of A induced by x → xb , that only depends on b mod
p. Since τb τc = τbc , when b is invertible mod p, τb is a Q-algebra automorphism
of A. The map b → τb then gives an action of F∗p on A. Let A0 be the sub
Q-algebra of A fixed under this action. Since the action is transitive on the set
{x, x2 , ..., xp−1 }, an element

c0 + c1 x + c2 x2 + · · · + cp−1 xp−1 mod xp − 1, ci ∈ Q, 1 ≤ i ≤ p − 1,

is fixed if and only if c1 = c2 = · · · = cp−1 . Hence A0 is spanned as a Q-vector

space by 1 and φ(x).
Pp−1
Let G = a=1 ( ap )xa in A. Then G = g mod φ(x). Again, by the mul-
tiplicativity of the Legendre symbol, τb (G) = ( pb )G, so G2 lies in A0 . Hence,
there are rational numbers m and n such that

m + nφ(x) = G2 . (7)

Taking (7) mod φ(x) gives g 2 = m. To find m, we will now find 2 equations in
m and n. Using (5) and taking (7) mod x − 1 gives

m + np = 0. (8)

Comparing constant terms in (7) gives

p−1 p−1
X a p−a X a −a −1
m+n= ( )( )= ( )( )=( )(p − 1). (9)
a=1
p p a=1
p p p

(This is the calculation which is easier to do in A than in K, and so the moti-

vation for this approach.) Solving (8) and (9) gives m = ( −1
p )p.

4
References
[1] T. Apostol, Introduction to analytic number theory, Undergraduate Texts
in Mathematics, Springer-Verlag, New York, 1976.
[2] B. Berndt, R. Evans, The Determination of Gauss Sums, Bull. Amer. Math.
Soc. 5 (1981) 107–129.
[3] B. Berndt, R. Evans, K. Williams, Gauss and Jacobi sums, Canadian Math-
ematical Society Series of Monographs and Advanced Texts, Vol. 21, John
Wiley & Sons, New York, 1998.
[4] D. Dummit, R. Foote, Abstract Algebra, third edition, John Wiley & Sons,
2004.

[5] B. H. Gross, Some remarks on signs in functional equations, Ramanujan J.

7 (2003) 91–93.
[6] H. Hasse, H. Davenport, Die Nullstellen der Kongruenzzetafunktionen in
gewissen zyklischen Fällen, J. Reine Angew. Math. 172 (1934) 151–182.
[7] K. Ireland, M. Rosen, A classical introduction to modern number theory,
Graduate Texts in Mathematics, Vol. 84, second edition, Springer-Verlag,
New York, 1990.
[8] A. Jackson, Chinese Acrobatics, an Old-Time Brewery, and the Much
Needed Gap: The Life of Mathematical Reviews, Notices Amer. Math.
Soc. 44 (1997) 330–337.

[9] E. Landau, Elementary number theory. Translation by J. E. Goodman.

Chelsea, New York, 1958.
[10] F. Lemmermeyer. Reciprocity laws. From Euler to Eisenstein, Springer
Monographs in Mathematics, Springer-Verlag, Berlin, 2000.

[11] F. J. MacWilliams, N. J. A. Sloane, The theory of error correcting codes,

North-Holland Mathematical Library, Vol. 16, North-Holland, Amsterdam,
1977.
[12] R. Murty, Quadratic reciprocity via linear algebra, Bona Mathematica 12
(2001) 75–80.

[13] A. Weil. Sur les courbes algébriques et les variétés qui s’en déduisent, Her-
mann, Paris, 1948.

Department of Mathematics, University of Colorado at Boulder, Boulder, CO

80309–0395
[email protected]