number theory Number theory (or arithmetic or higher arithmetic in older usage) is a branch of pure mathematics devoted primarily to the study of the integers and integer-valued functions. German mathematician Carl Friedrich Gauss (1777–1855) said, "Math ...

, an

integer An integer is the number zero (), a positive natural number (, , , etc.) or a negative integer with a minus sign ( −1, −2, −3, etc.). The negative numbers are the additive inverses of the corresponding positive numbers. In the language ...

''q'' is called a quadratic residue

modulo In computing, the modulo operation returns the remainder or signed remainder of a division, after one number is divided by another (called the '' modulus'' of the operation). Given two positive numbers and , modulo (often abbreviated as ) is t ...

''n'' if it is congruent to a

perfect square ''Perfect Square'' is a 2004 concert film of the alternative rock Musical ensemble, band R.E.M. (band), R.E.M., filmed on July 19, 2003, at the bowling green, Bowling Green in Wiesbaden, Germany. It was released by Warner Reprise Video on March 9, ...

modulo ''n''; i.e., if there exists an integer ''x'' such that: :

x^2\equiv q \pmod.

Otherwise, ''q'' is called a quadratic nonresidue modulo ''n''. Originally an abstract

mathematical Mathematics is an area of knowledge that includes the topics of numbers, formulas and related structures, shapes and the spaces in which they are contained, and quantities and their changes. These topics are represented in modern mathematics ...

concept from the branch of number theory known as

modular arithmetic In mathematics, modular arithmetic is a system of arithmetic for integers, where numbers "wrap around" when reaching a certain value, called the modulus. The modern approach to modular arithmetic was developed by Carl Friedrich Gauss in his bo ...

, quadratic residues are now used in applications ranging from

acoustical engineering Acoustical engineering (also known as acoustic engineering) is the branch of engineering dealing with sound and vibration. It includes the application of acoustics, the science of sound and vibration, in technology. Acoustical engineers are typic ...

cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...

and the factoring of large numbers.

History, conventions, and elementary facts

Fermat, Euler,

Lagrange Joseph-Louis Lagrange (born Giuseppe Luigi LagrangiaLegendre, and other number theorists of the 17th and 18th centuries established theorems and formed conjectures about quadratic residues, but the first systematic treatment is § IV of Gauss's '' Disquisitiones Arithmeticae'' (1801). Article 95 introduces the terminology "quadratic residue" and "quadratic nonresidue", and states that if the context makes it clear, the adjective "quadratic" may be dropped. For a given ''n'' a list of the quadratic residues modulo ''n'' may be obtained by simply squaring the numbers 0, 1, ..., . Because ''a''² ≡ (''n'' − ''a'')² (mod ''n''), the list of squares modulo ''n'' is symmetric around ''n''/2, and the list only needs to go that high. This can be seen in the table

below Below may refer to: *Earth * Ground (disambiguation) * Soil * Floor * Bottom (disambiguation) * Less than *Temperatures below freezing * Hell or underworld People with the surname * Ernst von Below (1863–1955), German World War I general * Fr ...

. Thus, the number of quadratic residues modulo ''n'' cannot exceed ''n''/2 + 1 (''n'' even) or (''n'' + 1)/2 (''n'' odd). The product of two residues is always a residue.

Prime modulus

Modulo 2, every integer is a quadratic residue. Modulo an odd

prime number A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only way ...

''p'' there are (''p'' + 1)/2 residues (including 0) and (''p'' − 1)/2 nonresidues, by

Euler's criterion In number theory, Euler's criterion is a formula for determining whether an integer is a quadratic residue modulo a prime. Precisely, Let ''p'' be an odd prime and ''a'' be an integer coprime to ''p''. Then : a^ \equiv \begin \;\;\,1\pmod& \tex ...

. In this case, it is customary to consider 0 as a special case and work within the multiplicative group of nonzero elements of the field Z/''p''Z. (In other words, every congruence class except zero modulo ''p'' has a multiplicative inverse. This is not true for composite moduli.)Gauss, DA, art. 96 Following this convention, the multiplicative inverse of a residue is a residue, and the inverse of a nonresidue is a nonresidue.Gauss, DA, art. 98 Following this convention, modulo an odd prime number there are an equal number of residues and nonresidues. Modulo a prime, the product of two nonresidues is a residue and the product of a nonresidue and a (nonzero) residue is a nonresidue. The first supplement to the law of quadratic reciprocity is that if ''p'' ≡ 1 (mod 4) then −1 is a quadratic residue modulo ''p'', and if ''p'' ≡ 3 (mod 4) then −1 is a nonresidue modulo ''p''. This implies the following: If ''p'' ≡ 1 (mod 4) the negative of a residue modulo ''p'' is a residue and the negative of a nonresidue is a nonresidue. If ''p'' ≡ 3 (mod 4) the negative of a residue modulo ''p'' is a nonresidue and the negative of a nonresidue is a residue.

Prime power modulus

All odd squares are ≡ 1 (mod 8) and thus also ≡ 1 (mod 4). If ''a'' is an odd number and ''m'' = 8, 16, or some higher power of 2, then ''a'' is a residue modulo ''m'' if and only if ''a'' ≡ 1 (mod 8).

For example, mod (32) the odd squares are :1² ≡ 15² ≡ 1 :3² ≡ 13² ≡ 9 :5² ≡ 11² ≡ 25 :7² ≡ 9² ≡ 49 ≡ 17 and the even ones are :0² ≡ 8² ≡ 16² ≡ 0 :2² ≡ 6²≡ 10² ≡ 14²≡ 4 :4² ≡ 12² ≡ 16.

So a nonzero number is a residue mod 8, 16, etc., if and only if it is of the form 4^''k''(8''n'' + 1). A number ''a'' relatively prime to an odd prime ''p'' is a residue modulo any power of ''p'' if and only if it is a residue modulo ''p''.Gauss, DA, art. 101 If the modulus is ''p''^''n'', :then ''p''^''k''''a'' ::is a residue modulo ''p''^''n'' if ''k'' ≥ ''n'' ::is a nonresidue modulo ''p''^''n'' if ''k'' < ''n'' is odd ::is a residue modulo ''p''^''n'' if ''k'' < ''n'' is even and ''a'' is a residue ::is a nonresidue modulo ''p''^''n'' if ''k'' < ''n'' is even and ''a'' is a nonresidue. Notice that the rules are different for powers of two and powers of odd primes. Modulo an odd prime power ''n'' = ''p''^''k'', the products of residues and nonresidues relatively prime to ''p'' obey the same rules as they do mod ''p''; ''p'' is a nonresidue, and in general all the residues and nonresidues obey the same rules, except that the products will be zero if the power of ''p'' in the product ≥ ''n''. Modulo 8, the product of the nonresidues 3 and 5 is the nonresidue 7, and likewise for permutations of 3, 5 and 7. In fact, the multiplicative group of the non-residues and 1 form the Klein four-group.

Composite modulus not a prime power

The basic fact in this case is :if ''a'' is a residue modulo ''n'', then ''a'' is a residue modulo ''p''^''k'' for ''every'' prime power dividing ''n''. :if ''a'' is a nonresidue modulo ''n'', then ''a'' is a nonresidue modulo ''p''^''k'' for ''at least one'' prime power dividing ''n''. Modulo a composite number, the product of two residues is a residue. The product of a residue and a nonresidue may be a residue, a nonresidue, or zero.

For example, from the table for modulus 6 1, 2, 3, 4, 5 (residues in bold). The product of the residue 3 and the nonresidue 5 is the residue 3, whereas the product of the residue 4 and the nonresidue 2 is the nonresidue 2.

Also, the product of two nonresidues may be either a residue, a nonresidue, or zero.

For example, from the table for modulus 15 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 (residues in bold). The product of the nonresidues 2 and 8 is the residue 1, whereas the product of the nonresidues 2 and 7 is the nonresidue 14.

This phenomenon can best be described using the vocabulary of abstract algebra. The congruence classes relatively prime to the modulus are a group under multiplication, called the group of units of the ring Z/''n''Z, and the squares are a subgroup of it. Different nonresidues may belong to different cosets, and there is no simple rule that predicts which one their product will be in. Modulo a prime, there is only the subgroup of squares and a single coset. The fact that, e.g., modulo 15 the product of the nonresidues 3 and 5, or of the nonresidue 5 and the residue 9, or the two residues 9 and 10 are all zero comes from working in the full ring Z/''n''Z, which has zero divisors for composite ''n''. For this reason some authors add to the definition that a quadratic residue ''a'' must not only be a square but must also be relatively prime to the modulus ''n''. (''a'' is coprime to ''n'' if and only if ''a''² is coprime to ''n''.) Although it makes things tidier, this article does not insist that residues must be coprime to the modulus.

Notations

Gauss used and to denote residuosity and non-residuosity, respectively; :for example, and , or and . Although this notation is compact and convenient for some purposes, a more useful notation is the Legendre symbol, also called the quadratic character, which is defined for all integers and positive odd

s as :

\left(\frac\right) = \begin\;\;\,0&\textp \text  a\\+1&\text a \operatorname p \textp \text  a\\-1&\texta \operatorname p \textp \text a\end

There are two reasons why numbers ≡ 0 (mod ) are treated specially. As we have seen, it makes many formulas and theorems easier to state. The other (related) reason is that the quadratic character is a homomorphism from the multiplicative group of nonzero congruence classes modulo to the complex numbers under multiplication. Setting

(\tfrac) = 0

allows its domain to be extended to the multiplicative

semigroup In mathematics, a semigroup is an algebraic structure consisting of a Set (mathematics), set together with an associative internal binary operation on it. The binary operation of a semigroup is most often denoted multiplication, multiplicatively ...

of all the integers. One advantage of this notation over Gauss's is that the Legendre symbol is a function that can be used in formulas. It can also easily be generalized to

cubic Cubic may refer to: Science and mathematics * Cube (algebra), "cubic" measurement * Cube, a three-dimensional solid object bounded by six square faces, facets or sides, with three meeting at each vertex ** Cubic crystal system, a crystal system w ...

, quartic and higher power residues. There is a generalization of the Legendre symbol for composite values of , the Jacobi symbol, but its properties are not as simple: if is composite and the Jacobi symbol

(\tfrac) = -1,

then , and if then

(\tfrac) = 1,

but if

(\tfrac) = 1

we do not know whether or . For example:

(\tfrac) = 1

and

(\tfrac) = 1

, but and . If is prime, the Jacobi and Legendre symbols agree.

Distribution of quadratic residues

Although quadratic residues appear to occur in a rather random pattern modulo ''n'', and this has been exploited in such applications as acoustics and

, their distribution also exhibits some striking regularities. Using Dirichlet's theorem on primes in arithmetic progressions, the law of quadratic reciprocity, and the

Chinese remainder theorem In mathematics, the Chinese remainder theorem states that if one knows the remainders of the Euclidean division of an integer ''n'' by several integers, then one can determine uniquely the remainder of the division of ''n'' by the product of the ...

(CRT) it is easy to see that for any ''M'' > 0 there are primes ''p'' such that the numbers 1, 2, ..., ''M'' are all residues modulo ''p''.

For example, if ''p'' ≡ 1 (mod 8), (mod 12), (mod 5) and (mod 28), then by the law of quadratic reciprocity 2, 3, 5, and 7 will all be residues modulo ''p'', and thus all numbers 1–10 will be. The CRT says that this is the same as ''p'' ≡ 1 (mod 840), and Dirichlet's theorem says there are an infinite number of primes of this form. 2521 is the smallest, and indeed 1² ≡ 1, 1046² ≡ 2, 123² ≡ 3, 2² ≡ 4, 643² ≡ 5, 87² ≡ 6, 668² ≡ 7, 429² ≡ 8, 3² ≡ 9, and 529² ≡ 10 (mod 2521).

Dirichlet's formulas

The first of these regularities stems from Peter Gustav Lejeune Dirichlet's work (in the 1830s) on the analytic formula for the class number of binary quadratic forms. Let ''q'' be a prime number, ''s'' a complex variable, and define a

Dirichlet L-function In mathematics, a Dirichlet ''L''-series is a function of the form :L(s,\chi) = \sum_^\infty \frac. where \chi is a Dirichlet character and ''s'' a complex variable with real part greater than 1. It is a special case of a Dirichlet series. ...

as :

L(s) = \sum_^\infty\left(\frac\right)n^.

Dirichlet showed that if ''q'' ≡ 3 (mod 4), then :

L(1) = -\frac\sum_^ \frac \left(\frac\right) > 0.

Therefore, in this case (prime ''q'' ≡ 3 (mod 4)), the sum of the quadratic residues minus the sum of the nonresidues in the range 1, 2, ..., ''q'' − 1 is a negative number.

For example, modulo 11, :1, 2, 3, 4, 5, 6, 7, 8, 9, 10 (residues in bold) :1 + 4 + 9 + 5 + 3 = 22, 2 + 6 + 7 + 8 + 10 = 33, and the difference is −11.

In fact the difference will always be an odd multiple of ''q'' if ''q'' > 3. In contrast, for prime ''q'' ≡ 1 (mod 4), the sum of the quadratic residues minus the sum of the nonresidues in the range 1, 2, ..., ''q'' − 1 is zero, implying that both sums equal

\frac

. Dirichlet also proved that for prime ''q'' ≡ 3 (mod 4), :

L(1) = \frac\sum_^\frac\left(\frac\right) > 0.

This implies that there are more quadratic residues than nonresidues among the numbers 1, 2, ..., (''q'' − 1)/2.

For example, modulo 11 there are four residues less than 6 (namely 1, 3, 4, and 5), but only one nonresidue (2).

An intriguing fact about these two theorems is that all known proofs rely on analysis; no-one has ever published a simple or direct proof of either statement.

Law of quadratic reciprocity

If ''p'' and ''q'' are odd primes, then: ((''p'' is a quadratic residue mod ''q'') if and only if (''q'' is a quadratic residue mod ''p'')) if and only if (at least one of ''p'' and ''q'' is congruent to 1 mod 4). That is: :

\left(\frac\right) \left(\frac\right) = (-1)^

where

\left(\frac\right)

is the Legendre symbol. Thus, for numbers ''a'' and odd primes ''p'' that don't divide ''a'':

Pairs of residues and nonresidues

Modulo a prime ''p'', the number of pairs ''n'', ''n'' + 1 where ''n'' R ''p'' and ''n'' + 1 R ''p'', or ''n'' N ''p'' and ''n'' + 1 R ''p'', etc., are almost equal. More precisely, let ''p'' be an odd prime. For ''i'', ''j'' = 0, 1 define the sets :

A_=\left\,

and let :

\alpha_ = , A_, .

That is, :α₀₀ is the number of residues that are followed by a residue, :α₀₁ is the number of residues that are followed by a nonresidue, :α₁₀ is the number of nonresidues that are followed by a residue, and :α₁₁ is the number of nonresidues that are followed by a nonresidue. Then if ''p'' ≡ 1 (mod 4) :

\alpha_ = \frac,\;\alpha_ =\alpha_ =\alpha_ = \frac

and if ''p'' ≡ 3 (mod 4) :

\alpha_ = \frac,\;\alpha_ =\alpha_ =\alpha_ = \frac.

For example: (residues in bold) Modulo 17 :1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 ::''A''₀₀ = , ::''A''₀₁ = , ::''A''₁₀ = , ::''A''₁₁ = . Modulo 19 :1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18 ::''A''₀₀ = , ::''A''₀₁ = , ::''A''₁₀ = , ::''A''₁₁ = .

Gauss (1828) introduced this sort of counting when he proved that if ''p'' ≡ 1 (mod 4) then ''x''⁴ ≡ 2 (mod ''p'') can be solved if and only if ''p'' = ''a''² + 64 ''b''².

The Pólya–Vinogradov inequality

The values of

(\tfrac)

for consecutive values of ''a'' mimic a random variable like a coin flip. Specifically, Pólya and Vinogradov proved (independently) in 1918 that for any nonprincipal Dirichlet character χ(''n'') modulo ''q'' and any integers ''M'' and ''N'', :

\left, \sum_^\chi(n)\ =O\left( \sqrt q \log q\right),

in big O notation. Setting :

\chi(n) = \left(\frac\right),

this shows that the number of quadratic residues modulo ''q'' in any interval of length ''N'' is :

\fracN + O(\sqrt q\log q).

It is easy to prove that :

\left,  \sum_^ \left( \frac \right) \ < \sqrt q \log q.

In fact, :

\left,  \sum_^ \left( \frac \right) \ < \frac \sqrt q \log q+0.41\sqrt q +0.61.

Montgomery and Vaughan improved this in 1977, showing that, if the

generalized Riemann hypothesis The Riemann hypothesis is one of the most important conjectures in mathematics. It is a statement about the zeros of the Riemann zeta function. Various geometrical and arithmetical objects can be described by so-called global L-function, ''L''-func ...

is true then :

\left, \sum_^\chi(n)\=O\left(\sqrt q \log  \log q\right).

This result cannot be substantially improved, for Schur had proved in 1918 that :

\max_N \left, \sum_^\left(\frac\right)\>\frac\sqrt q

and Paley had proved in 1932 that :

\max_N \left, \sum_^\left(\frac\right)\>\frac\sqrt d \log \log d

for infinitely many ''d'' > 0.

Least quadratic non-residue

The least quadratic residue mod ''p'' is clearly 1. The question of the magnitude of the least quadratic non-residue ''n''(''p'') is more subtle, but it is always prime, with 7 appearing for the first time at 71. The Pólya–Vinogradov inequality above gives O( log ''p''). The best unconditional estimate is ''n''(''p'') ≪ ''p''^θ for any θ>1/4, obtained by estimates of Burgess on character sums. Assuming the Generalised Riemann hypothesis, Ankeny obtained ''n''(''p'') ≪ (log ''p'')².

Linnik Yuri Vladimirovich Linnik (russian: Ю́рий Влади́мирович Ли́нник; January 8, 1915 – June 30, 1972) was a Soviet mathematician active in number theory, probability theory and mathematical statistics. Linnik was born ...

showed that the number of ''p'' less than ''X'' such that ''n''(''p'') > X^ε is bounded by a constant depending on ε. The least quadratic non-residues mod ''p'' for odd primes ''p'' are: :2, 2, 3, 2, 2, 3, 2, 5, 2, 3, 2, ...

Quadratic excess

Let ''p'' be an odd prime. The quadratic excess ''E''(''p'') is the number of quadratic residues on the range (0,''p''/2) minus the number in the range (''p''/2,''p'') . For ''p'' congruent to 1 mod 4, the excess is zero, since −1 is a quadratic residue and the residues are symmetric under ''r'' ↔ ''p''−''r''. For ''p'' congruent to 3 mod 4, the excess ''E'' is always positive.

Complexity of finding square roots

That is, given a number ''a'' and a modulus ''n'', how hard is it # to tell whether an ''x'' solving ''x''² ≡ ''a'' (mod ''n'') exists # assuming one does exist, to calculate it? An important difference between prime and composite moduli shows up here. Modulo a prime ''p'', a quadratic residue ''a'' has 1 + (''a'', ''p'') roots (i.e. zero if ''a'' N ''p'', one if ''a'' ≡ 0 (mod ''p''), or two if ''a'' R ''p'' and gcd(''a,p'') = 1.) In general if a composite modulus ''n'' is written as a product of powers of distinct primes, and there are ''n''₁ roots modulo the first one, ''n''₂ mod the second, ..., there will be ''n''₁''n''₂... roots modulo ''n''. The theoretical way solutions modulo the prime powers are combined to make solutions modulo ''n'' is called the

; it can be implemented with an efficient algorithm.

For example: :Solve x² ≡ 6 (mod 15). ::x² ≡ 6 (mod 3) has one solution, 0; x² ≡ 6 (mod 5) has two, 1 and 4. :: and there are two solutions modulo 15, namely 6 and 9. :Solve x² ≡ 4 (mod 15). ::x² ≡ 4 (mod 3) has two solutions, 1 and 2; x² ≡ 4 (mod 5) has two, 2 and 3. :: and there are four solutions modulo 15, namely 2, 7, 8, and 13. :Solve x² ≡ 7 (mod 15). ::x² ≡ 7 (mod 3) has two solutions, 1 and 2; x² ≡ 7 (mod 5) has no solutions. :: and there are no solutions modulo 15.

Prime or prime power modulus

First off, if the modulus ''n'' is prime the Legendre symbol

\left(\frac\right)

can be quickly computed using a variation of Euclid's algorithm or the

. If it is −1 there is no solution. Secondly, assuming that

\left(\frac\right)=1

, if ''n'' ≡ 3 (mod 4),

Lagrange Joseph-Louis Lagrange (born Giuseppe Luigi LagrangiaLegendre found a similar solution if ''n'' ≡ 5 (mod 8): :

x \equiv  \begin  
\pm\; a^            \pmod& \text a \text n \\
\pm\; a^2^ \pmod& \text a \text n \end

For prime ''n'' ≡ 1 (mod 8), however, there is no known formula.

Tonelli Tonelli may refer to: * Tonelli (surname) Arts * ''Tonelli'' (film), a 1943 German film Science * Tonelli's theorem (functional analysis) * Tonelli's theorem * Tonelli–Shanks algorithm The Tonelli–Shanks algorithm (referred to by Shanks ...

(in 1891) and Cipolla found efficient algorithms that work for all prime moduli. Both algorithms require finding a quadratic nonresidue modulo ''n'', and there is no efficient deterministic algorithm known for doing that. But since half the numbers between 1 and ''n'' are nonresidues, picking numbers ''x'' at random and calculating the Legendre symbol

\left(\frac\right)

until a nonresidue is found will quickly produce one. A slight variant of this algorithm is the Tonelli–Shanks algorithm. If the modulus ''n'' is a prime power ''n'' = ''p''^''e'', a solution may be found modulo ''p'' and "lifted" to a solution modulo ''n'' using Hensel's lemma or an algorithm of Gauss.

Composite modulus

If the modulus ''n'' has been factored into prime powers the solution was discussed above. If ''n'' is not congruent to 2 modulo 4 and the Kronecker symbol

\left(\tfrac\right)=-1

then there is no solution; if ''n'' is congruent to 2 modulo 4 and

\left(\tfrac\right)=-1

, then there is also no solution. If ''n'' is not congruent to 2 modulo 4 and

\left(\tfrac\right)=1

, or ''n'' is congruent to 2 modulo 4 and

\left(\tfrac\right)=1

, there may or may not be one. If the complete factorization of ''n'' is not known, and

\left(\tfrac\right)=1

and ''n'' is not congruent to 2 modulo 4, or ''n'' is congruent to 2 modulo 4 and

\left(\tfrac\right)=1

, the problem is known to be equivalent to integer factorization of ''n'' (i.e. an efficient solution to either problem could be used to solve the other efficiently).

The above discussion indicates how knowing the factors of ''n'' allows us to find the roots efficiently. Say there were an efficient algorithm for finding square roots modulo a composite number. The article congruence of squares discusses how finding two numbers x and y where and suffices to factorize ''n'' efficiently. Generate a random number, square it modulo ''n'', and have the efficient square root algorithm find a root. Repeat until it returns a number not equal to the one we originally squared (or its negative modulo ''n''), then follow the algorithm described in congruence of squares. The efficiency of the factoring algorithm depends on the exact characteristics of the root-finder (e.g. does it return all roots? just the smallest one? a random one?), but it will be efficient.

Determining whether ''a'' is a quadratic residue or nonresidue modulo ''n'' (denoted or ) can be done efficiently for prime ''n'' by computing the Legendre symbol. However, for composite ''n'', this forms the quadratic residuosity problem, which is not known to be as hard as factorization, but is assumed to be quite hard. On the other hand, if we want to know if there is a solution for ''x'' less than some given limit ''c'', this problem is NP-complete; however, this is a fixed-parameter tractable problem, where ''c'' is the parameter. In general, to determine if ''a'' is a quadratic residue modulo composite ''n'', one can use the following theorem: Let , and . Then is solvable if and only if: * The Legendre symbol

\left(\tfrac\right)=1

for all odd prime divisors ''p'' of ''n''. * if ''n'' is divisible by 4 but not 8; or if ''n'' is divisible by 8. Note: This theorem essentially requires that the factorization of ''n'' is known. Also notice that if , then the congruence can be reduced to , but then this takes the problem away from quadratic residues (unless ''m'' is a square).

The number of quadratic residues

The list of the number of quadratic residues modulo ''n'', for ''n'' = 1, 2, 3 ..., looks like: :1, 2, 2, 2, 3, 4, 4, 3, 4, 6, 6, 4, 7, 8, 6, ... A formula to count the number of squares modulo ''n'' is given by Stangl.

Applications of quadratic residues

Acoustics

Sound diffusers have been based on number-theoretic concepts such as primitive roots and quadratic residues.

Graph theory

Paley graphs are dense undirected graphs, one for each prime ''p'' ≡ 1 (mod 4), that form an infinite family of conference graphs, which yield an infinite family of symmetric conference matrices. Paley digraphs are directed analogs of Paley graphs, one for each ''p'' ≡ 3 (mod 4), that yield antisymmetric conference matrices. The construction of these graphs uses quadratic residues.

Cryptography

The fact that finding a square root of a number modulo a large composite ''n'' is equivalent to factoring (which is widely believed to be a hard problem) has been used for constructing cryptographic schemes such as the Rabin cryptosystem and the oblivious transfer. The quadratic residuosity problem is the basis for the Goldwasser-Micali cryptosystem. The discrete logarithm is a similar problem that is also used in cryptography.

Primality testing

is a formula for the Legendre symbol (''a'', ''p'') where ''p'' is prime. If ''p'' is composite the formula may or may not compute (''a'', ''p'') correctly. The Solovay–Strassen primality test for whether a given number ''n'' is prime or composite picks a random ''a'' and computes (''a'', ''n'') using a modification of Euclid's algorithm, and also using Euler's criterion. If the results disagree, ''n'' is composite; if they agree, ''n'' may be composite or prime. For a composite ''n'' at least 1/2 the values of ''a'' in the range 2, 3, ..., ''n'' − 1 will return "''n'' is composite"; for prime ''n'' none will. If, after using many different values of ''a'', ''n'' has not been proved composite it is called a " probable prime". The Miller–Rabin primality test is based on the same principles. There is a deterministic version of it, but the proof that it works depends on the

; the output from this test is "''n'' is definitely composite" or "either ''n'' is prime or the GRH is false". If the second output ever occurs for a composite ''n'', then the GRH would be false, which would have implications through many branches of mathematics.

Integer factorization

In § VI of the ''Disquisitiones Arithmeticae''Gauss, DA, arts 329–334 Gauss discusses two factoring algorithms that use quadratic residues and the law of quadratic reciprocity. Several modern factorization algorithms (including Dixon's algorithm, the continued fraction method, the quadratic sieve, and the number field sieve) generate small quadratic residues (modulo the number being factorized) in an attempt to find a congruence of squares which will yield a factorization. The number field sieve is the fastest general-purpose factorization algorithm known.

Table of quadratic residues

The following table lists the quadratic residues mod 1 to 75 (a means it is not coprime to ''n''). (For the quadratic residues coprime to ''n'', see , and for nonzero quadratic residues, see .)

Notes

References

The '' Disquisitiones Arithmeticae'' has been translated from Gauss's Ciceronian Latin into English and German. The German edition includes all of his papers on number theory: all the proofs of quadratic reciprocity, the determination of the sign of the Gauss sum, the investigations into biquadratic reciprocity, and unpublished notes. * * * * * * A7.1: AN1, pg.249. * * * *

External links

* * {{DEFAULTSORT:Quadratic Residue Modular arithmetic NP-complete problems