Quadratic Residues Definition : The numbers 0 2 , 1 2 , 2 2 , . . . , ( n − 1) 2 mod n , are called quadratic residues modulo n . Numbers which are not quadratic residues modulo n are called quadratic non-residues modulo n . Example : Modulo 11: Introduction to Number Theory 2 i 0 1 2 3 4 5 6 7 8 9 10 i 2 mod 11 0 1 4 9 5 3 3 5 9 4 1 There are six quadratic residues modulo 11: 0, 1, 3, 4, 5, and 9. There are five quadratic non-residues modulo 11: 2, 6, 7, 8, 10. � Eli Biham - May 3, 2005 c 348 Introduction to Number Theory 2 (12) � Eli Biham - May 3, 2005 c 349 Introduction to Number Theory 2 (12) Quadratic Residues (cont.) Quadratic Residues (cont.) Lemma : Let p be prime. Exactly half of the numbers in Z ∗ Since Z ∗ p is cyclic, there is a generator. Let g be a generator of Z ∗ p are quadratic p . residues. With 0, exactly p +1 2 numbers in Z p are quadratic residues. 1. g is a quadratic non-residue modulo p , since otherwise there is some b such Proof : There are at most p +1 2 quadratic residues, since that b 2 ≡ g (mod p ). Clearly, b p − 1 ≡ 1 p − 1 (mod p ), and thus g ≡ 2 b p − 1 ≡ 1 0 2 (mod p ). However, the order of g is p − 1. Contradiction. 1 2 ≡ ( p − 1) 2 (mod p ) 2. g 2 , g 4 , . . . , g ( p − 1) mod p are quadratic residues, and are distinct, therefore, 2 2 ≡ ( p − 2) 2 (mod p ) there are at least p − 1 2 quadratic residues. . . . i 2 ≡ ( p − i ) 2 3. g, g 3 , g 5 , . . . , g ( p − 2) mod p are quadratic non-residues, since if any of them (mod p ) ∀ i . is a quadratic residue, g is also a quadratic residue. . . QED Thus, all the elements in Z p span at most p +1 2 quadratic residues. There are at least p +1 quadratic residues, otherwise, for some i � = j ≤ p − 1 / 2 it 2 holds that i 2 = ( p − i ) 2 = j 2 = ( p − j ) 2 , in contrast to Lagrange theorem that states that the equation x 2 − i 2 = 0 has at most two solutions (mod p ). � Eli Biham - May 3, 2005 c 350 Introduction to Number Theory 2 (12) � Eli Biham - May 3, 2005 c 351 Introduction to Number Theory 2 (12)
Euler’s Criterion Euler’s Criterion (cont.) Theorem : Let p � = 2 be a prime, and let a ∈ Z ∗ p . Then, a is a quadratic ( ⇐ ) If a is a quadratic non-residue: For any r there is a unique s such that (mod p ), i.e., s = ar − 1 , and there is no r ∗ � = r such that s = ar ∗− 1 . p − 1 rs ≡ a 2 ≡ 1 residue modulo p iff a (mod p ). Since a is a quadratic non-residue, r �≡ s (mod p ). Proof : Thus, the numbers 1, 2, 3, . . . , p − 1 are divided into p − 1 2 distinct pairs ( r 1 , s 1 ), ( ⇒ ) If a is a quadratic residue, there is some b such that a ≡ b 2 (mod p ). ( r 2 , s 2 ), . . . , ( r p − 1 2 , s p − 1 2 ), such that r i s i = a , and we get Thus, p − 1 p − 1 2 ≡ b p − 1 ≡ 1 2 ≡ ( b 2 ) a (mod p ) . p − 1 a ≡ r 1 s 1 r 2 s 2 . . . r p − 1 2 s p − 1 2 ≡ 2 ≡ 1 · 2 · . . . · ( p − 1) ≡ − 1 (mod p ) by Wilson’s theorem. QED � Eli Biham - May 3, 2005 c 352 Introduction to Number Theory 2 (12) � Eli Biham - May 3, 2005 c 353 Introduction to Number Theory 2 (12) Quadratic Residues Modulo n = pq Quadratic Residues Modulo n = pq (cont.) Let p and q be large primes and let n = pq (as in RSA). Look at the systems of equations Theorem : Let m ∈ Z ∗ n . If m is a quadratic residue modulo n , then m has x ≡ ± α (mod p ) exactly four square roots modulo n in Z ∗ n . x ≡ ± α (mod q ) Proof : Assume α 2 ≡ m (mod n ). Then which represent four systems (one of each possible choice of ± ). Each system gcd( m, n ) = 1 ⇒ gcd( α 2 , n ) = 1 ⇒ gcd( α, n ) = 1 ⇒ α ∈ Z ∗ n . has an unique solution modulo n which satisfies and since x 2 ≡ m (mod p ) m ≡ α 2 (mod n ) x 2 ≡ m (mod q ) then and thus satisfies m ≡ α 2 (mod p ) x 2 ≡ m (mod n ) m ≡ α 2 (mod q ) All the four solutions are roots of m modulo n . m has two square roots modulo p ( α mod p and − α mod p ) and two square These are all the roots. Otherwise there must be more than two roots either roots modulo q ( α mod q and − α mod q ). modulo p or modulo q . QED � Eli Biham - May 3, 2005 c 354 Introduction to Number Theory 2 (12) � Eli Biham - May 3, 2005 c 355 Introduction to Number Theory 2 (12)
Quadratic Residues Modulo n = pq (cont.) Legendre’s Symbol Conclusion : Exactly a quarter of the numbers in Z ∗ n are quadratic residues Definition : Let p be a prime such that p � | a . Legendre’s symbol of a modulo n . over p is a +1 , if a is a quadratic residue modulo p ; ∆ = − 1 , if a is a quadratic non-residue modulo p . p By Euler: a p − 1 ≡ a (mod p ) . 2 p � Eli Biham - May 3, 2005 c 356 Introduction to Number Theory 2 (12) � Eli Biham - May 3, 2005 c 357 Introduction to Number Theory 2 (12) Legendre’s Symbol (cont.) Legendre’s Symbol (cont.) Properties of Legendre’s symbol : p 2 − 1 � � 2 8 . 4. = ( − 1) p � � � � (given without a proof). a ′ 1. a ≡ a ′ a (mod p ) ⇒ = . p p � � � � � � ab a b 5. = . � � � � c 2 1 p p p 2. = = 1 ∀ c . p p Proof : 1 , if p = 4 k + 1; � � Let g be a generator modulo p . Then, ∃ i, a ≡ g i (mod p ) and ∃ j, b ≡ g j − 1 3. = p − 1 , if p = 4 k + 3. (mod p ). a is a quadratic residue iff i is even, b is a quadratic residue iff Proof : j is even, and ab is a quadratic residue iff i + j is even. Thus, by Euler: − 1 p − 1 ab a b ≡ ( − 1) (mod p ) ≡ ( − 1) i + j ≡ ( − 1) i ( − 1) j ≡ 2 (mod p ) . p p p p ≡ ( − 1) 2 k ≡ 1 , 4 k +1 − 1 ( − 1) if p = 4 k + 1; 2 ≡ ≡ ( − 1) 2 k +1 ≡ − 1 , 4 k +3 − 1 ( − 1) if p = 4 k + 3. 2 � Eli Biham - May 3, 2005 c 358 Introduction to Number Theory 2 (12) � Eli Biham - May 3, 2005 c 359 Introduction to Number Theory 2 (12)
Legendre’s Symbol (cont.) Jacobi’s Symbol 6. The reciprocity law: if p � = q are both odd primes then Jacobi’s symbol is a generalization of Legendre’s symbol to composite numbers. p q p − 1 q − 1 = ( − 1) . Definition : Let n be odd, and let p 1 , p 2 , . . . , p k be the prime factors of n 2 2 q p (not necessarily distinct) such that n = p 1 p 2 · · · p k . Let a be coprime to n . Jacobi’s symbol of a over n is (given without a proof). a a a a ∆ = · · · . n p 1 p 2 p k In particular, for n = pq a a a a = = . n pq p q � Eli Biham - May 3, 2005 c 360 Introduction to Number Theory 2 (12) � Eli Biham - May 3, 2005 c 361 Introduction to Number Theory 2 (12) Jacobi’s Symbol (cont.) Jacobi’s Symbol (cont.) Remarks : Properties of Jacobi’s symbol : Let m and n be integers, and let a and b be coprime to m and n . Assume that 1. a ∈ Z ∗ n is a quadratic residue modulo n iff the Legendre’s symbols over n is odd and that the factorization of n is n = p 1 p 2 · · · p k . all the prime factors are 1. � b � a � � 1. a ≡ b (mod n ) ⇒ = . 2. When Jacobi’s symbol is 1, a is not necessarily a quadratic residue. n n � 1 � 2. = 1 ∀ n (1 is a quadratic residue modulo any n ). 3. When Jacobi’s symbol is -1, a is necessarily a quadratic non-residue. n n − 1 � − 1 � 2 . 3. = ( − 1) n Proof : n = p 1 p 2 · · · p k = (( p 1 − 1) + 1)(( p 2 − 1) + 1) · · · (( p k − 1) + 1) opening parentheses: = � i ∈ S ( p i − 1) � S ⊆{ 1 , 2 ,...,k } � Eli Biham - May 3, 2005 c 362 Introduction to Number Theory 2 (12) � Eli Biham - May 3, 2005 c 363 Introduction to Number Theory 2 (12)
Recommend
More recommend
