Lec18: Quadratic Residues I

02 May 2023, MATH4024-Number Theory, Lecturer: Prof A. Munagi

1 Polynomial Congruences
A polynomial congruence has the form

f (x) ≡ 0 (mod m), (1)

where f (x) is a polynomial of degree d > 0 over the integers.

E.g. 2x3 + 7x − 4 ≡ 0 (mod 200).
Generally if m has prime-power factorization m = pa11 pa22 · · · pakk , then solving the con-
gruence (1) is equivalent to solving simultaneously the system of congruences

f (x) ≡ 0 (mod pai i ), i = 1, 2, . . . , k.

Once the solutions of each of the k congruences modulo pai i are known, the solutions of
(1) can be found by the Chinese Remainder Theorem. However, the solutions of each
congruence modulo pi needs to be found first!
We will consider the case d = 2, that is, quadratic congruences.

2 Quadratic Residues
We begin with congruences of the form

x2 ≡ a (mod p), (2)

where p is a an odd prime and a 6≡ 0 (mod p).

If the congruence (2) has a solution we say that a is a quadratic residue modulo p.
If (2) has no solution, then a is called a quadratic nonresidue modulo p.
Thus a is a quadratic residue mod p if and only if (a, p) = 1 and a has a square root
modulo p.

1
Prof A. Munagi Lec18: Quadratic Residues I MATH4024-Number Theory

For example, take p = 11. Then, working modulo 11, we have:

12 ≡ 1, 22 ≡ 4, 32 ≡ 9, 42 ≡ 5, 52 ≡ 3, 62 ≡ 3, 72 ≡ 5, 82 ≡ 9, 92 ≡ 1, 102 ≡ 1.
So
the quadratic residues mod 11 are 1, 3, 4, 5, 9,
the quadratic nonresidues mod 11 are 2, 6, 7, 8, 10.

Remark 2.1. It suffices to square only the first half of the numbers since for any
x ∈ {6, 7, . . . , 10}, we have x2 ≡ (x − 11)2 ≡ (11 − x)2 (mod 11), i.e., 62 ≡ (−5)2 ≡ 52
(mod 11), etc.

Lemma 2.2. The congruence x2 ≡ a (mod p) has either no solution or exactly two
incongruent solutions modulo p.

Proof. If x2 ≡ a (mod p) has a solution, say x = x0 , then (−x0 )2 ≡ x20 ≡ a (mod p).
Thus −x0 is also a solution. But x0 6≡ −x0 (mod p), for if x0 ≡ −x0 (mod p) then
2x0 ≡ 0 (mod p) which implies that p|x0 , a contradiction.
Lastly, show that there are no other solutions. Assume that x = x0 and x = x1 are
both solutions. Then x20 ≡ x21 ≡ a (mod p) which implies x20 −x21 ≡ (x0 +x1 )(x0 −x1 ) ≡
0 (mod p) which implies that p|(x0 + x1 ) or p|(x0 − x1 ) which means that x1 ≡ −x0 or
x1 ≡ x0 (mod p).
Hence if x2 ≡ a (mod p) has a solution, it has exactly two incongruent solutions.

Proposition 2.3. Let p be an odd prime. Then there are exactly (p − 1)/2 quadratic
residues and (p − 1)/2 quadratic nonresidues in the set {1, 2, . . . , p − 1}.

Exercise 1. Prove Proposition 2.3. (Hint: use Lemma 2.2 and/or Remark 2.1).

There is a handy notation for the expression “a is a quadratic residue modulo p”.
(Some authors have used aRp with the negation aRp, but the following is standard).

The Legendre Symbol (after French mathematician Adrien-Marie Legendre (1752-1833)).

Let p > 2 be a prime and let a 6≡ 0 (mod p). Then the Legendre symbol ( ap ) is
defined by   
a 1 if a is a quadratic residue mod p
=
p −1 if a is not a quadratic residue mod p
That is,   
a 1 if x2 ≡ a (mod p) has solutions
=
p −1 if x2 ≡ a (mod p) has no solution
For example,          
1 3 4 5 9
= = = = = 1;
11 11 11 11 11
         
2 6 7 8 10
= = = = = −1.
11 11 11 11 11

2
Prof A. Munagi Lec18: Quadratic Residues I MATH4024-Number Theory

So we now know that x2 ≡ 5 (mod 11) has solutions; and x2 ≡ 8 (mod 11) has no
solution, etc. (If in doubt, test the candidates x = 1, 2, . . . , 10).

Besides directly attempting to solve x2 ≡ a (mod p), we can evaluate ( ap ) by reduc-

ing a(p−1)/2 modulo p.

Theorem 2.4. Euler’s Criterion. Let p be an odd prime and let a ∈ Z+ with (a, p) =
1. Then  
a
≡ a(p−1)/2 (mod p).
p
 
Proof. First consider ap = 1. Then x2 ≡ a (mod p) has a solution, say x = x0 . By
Fermat’s Little Theorem, we see that

a(p−1)/2 ≡ (x20 )(p−1)/2 ≡ xp−1

0 ≡ 1 (mod p).
   
Hence ap = 1 =⇒ ap = a(p−1)/2 (mod p).
 
Now consider ap = −1. Then x2 ≡ a (mod p) has no solution. But for any i ∈ Z
with (i, p) = 1 there is an integer y such that iy ≡ a (mod p), and we know that i 6≡ y
(mod p) (since x2 ≡ a (mod p) has no solution). So the integers 1, 2, . . . , p − 1 can be
grouped into p−12
pairs with each having a product congruent to a mod p. Multiplying
these pairs together we get (p − 1)! ≡ a(p−1)/2 (mod p). Invoking Wilson’s Theorem,
we have
(p − 1)! ≡ −1 ≡ a(p−1)/2 (mod p).
 
Hence we also obtain ap ≡ a(p−1)/2 (mod p). Q.E.D.

 
a
Note. Computations of p
by Euler’s criterion may require modular exponentiation.

5


Example, compute 23 .
By Euler’s criterion we find the least positive residue of 5(23−1)/2 ≡ 511 (mod 23),
and get 511 ≡ −1 (mod 23).
Hence 5 is a quadratic nonresidue of 23.

The Legendre symbol is completely multiplicative; it has other properties that en-
hance computation.

3
Prof A. Munagi Lec18: Quadratic Residues I MATH4024-Number Theory

Corollary 2.5. Let p be an odd prime and (a, p) = 1 = (b, p). Then
   
a b
(i) If a ≡ b (mod p), then = .
p p
    
a b ab
(ii) = .
p p p
 2
a
(iii) = 1.
p
2 2
Proof. (i) If a≡b (mod
  p), then x ≡ a (mod p) has a solution iff x ≡ b (mod p) has
a solution iff ap = pb (i.e., they are both 1’s or both −1’s together).
(ii) By Euler’s Criterion,
    
a b (p−1)/2 (p−1)/2 (p−1)/2 ab
=a b ≡ (ab) ≡ (mod p).
p p p
 
Since pt is 1 or -1 for all t ∈ Z, the result follows.
    
(Indeed note that the difference ab p
− ap b
p
is 0 or 2 or -2. Since this difference is
divisible by p > 2 it must be 0).
(iii) Follows by putting a = b in part (ii).
 
a
Exercise 2. By definition, if p|a then p
= 0, Show that part (ii) of Corollary 2.5
also holds when p|a.

Exercise 3. Give the complete proof of part (iii) of Corollary 2.5.

Exercise 4. Find all the quadratic residues modulo 13.

Exercise 5. Is 20 a quadratic residue modulo 17?

Exercise 6. How many solutions has the congruence x2 ≡ 48 (mod 13)?