# Quadratic Reciprocity

### Introduction

[Bezout's Identity](https://brilliant.org/wiki/bezouts-identity/) proofs that the linear equation

\begin{equation*}
    ax \equiv b \pmod{n}
\end{equation*}

has a solution if $(a, n) = 1$. Quadratic reciprocity on the other hand will try to solve the quadratic equation in the form of:

\begin{equation*}
    ax^2 + bx + c \equiv 0 \pmod{n}
\end{equation*}

### Quadratic Residue

In the set of integers $\{0, 1, 2, ..., n\}$, only about $\frac{1}{\sqrt{n}}$ are perfect squares, e.g. $\{0, 1, 4, ...\}$. On the other hand, given an odd prime $p$, integers which are perfect squares (mod $p$) are quite common. In fact, exactly half of the integers in $\{0, 1, ..., p-1\}$ are perfect squares. These perfect square are called <b>quadratic residue mod $p$</b>, and the other integers which are not perfect squares are called <b>quadratic non-residue mod $p$</b>.

#### Formal Definition
<div style="border: 1px solid black; padding: 1.25%; margin: 1.25% 0;">
Suppose $(a, m) = 1$, then $a$ is a <b>quadratic residue mod $m$</b> if the equation $x^2 \equiv a \pmod{m}$ has a solution, else $a$ is a <b>quadratic non-residue mod $m$</b>.
</div>

Now, we will need to answer these following questions: <br>
<ul>
    Given $a$ and $m$,
    <li>How do we know if $a$ is a quadratic residue mod m?</li>
    <li>What are the quadratic residues of m?</li>
</ul>

To answer these questions, consider the following examples:
#### Example 1.1
Find all quadratic residues of 5.

\begin{align}
    0^2 &\equiv 0 \pmod{5}\\
    1^2 &\equiv 1 \pmod{5}\\
    2^2 &\equiv 4 \pmod{5}\\
    3^2 &\equiv 4 \pmod{5}\\
    4^2 &\equiv 1 \pmod{5}\\
\end{align}

The quadratic residues of 5 are $\{1, 4\}$
<div><i>Note</i>: $0$ is neither quadratic residue nor quadratic non-residue</div>

#### Example 1.2
Find all quadratic residues of 7.

\begin{align}
    0^2 &\equiv 0 \pmod{7}\\
    1^2 &\equiv 1 \pmod{7}\\
    2^2 &\equiv 4 \pmod{7}\\
    3^2 &\equiv 2 \pmod{7}\\
    4^2 &\equiv 2 \pmod{7}\\
    5^2 &\equiv 4 \pmod{7}\\
    6^2 &\equiv 1 \pmod{7}\\
\end{align}

The quadratic residues of 7 are $\{1, 2, 4\}$

#### Theorem 1

We can observe that the quadratic residues repeat in a symmetric manner. This is because $x^2 \equiv (-x)^2 \pmod{p}$. As a result, we can be sure that exactly half of the set are quadratic residues mod $p$. Formally,

<div style="border: 1px solid black; padding: 1.25%; margin: 1.25% 0;">
    If $p$ is an odd prime, then $\left\{0^2, 1^2, ..., \left(\frac{p-1}{2}\right)^2\right\}$ are distinct, and gives a complete set of all the quadratic residued mod $p$. As a result, there are exactly $\frac{p+1}{2}$ different quadratic residues mod $p$.
</div>

#### Proof of Uniqueness

Suppose, that two integer, $x, y \in \left\{0, 1, ..., \left(\frac{p-1}{2}\right)\right\}$, where $x \not\equiv y$ has the same squares:

\begin{align}
    x^2 &\equiv y^2 &\pmod{p}\\
    (x+y)(x-y) &\equiv 0 &\pmod{p}\\
\end{align}

We can see that $p | (x - y)$ or $p | (x + y)$ are only possible when $x \equiv y$, since $x+y \leq p-1$. 

#### Corollary

<div style="border: 1px solid black; padding: 1.25%; margin: 1.25% 0;">
    If $p > 3$ is an odd prime, then the sum of its unqiue quadratic residues is divisible by $p$.
</div>

#### Proof

Since the unique quadratic residues are generated by $\left\{0, 1, ..., \left(\frac{p-1}{2}\right)\right\}$, then

\begin{align}
    \sum_{k=0}^{\frac{p-1}{2}} k^2 \equiv \frac{(p-1)(p+1)(2p)}{12} \equiv 0 \pmod{p}
\end{align}

Since $12^{-1}$ exists only when $(12, p) = 1$, we must have $p > 3$.

#### Example 2

If $p$ is an odd prime, show that the congruence $x^2 + y^2 + 1 \equiv 0 \pmod{p}$ always have a solution.

We know that there are $\frac{p+1}{2}$ integers that satisfy $x^2 \equiv 0 \pmod{p}$. Using the same reasoning, it is obvious that there are also $\frac{p+1}{2}$ integers that satisfy $-1 - y^2 \equiv 0 \pmod{p}$. Since the sum of both solution count is $p + 1 > p$ then the solution must overlap somewhere, i.e

\begin{equation*}
    x^2 \equiv -1 - y^2 \Longleftrightarrow x^2 + y^2 + 1 \equiv 0 \pmod{p}
\end{equation*}

for some $(x, y)$.

In [1]:
def generateQR(p):
    qr = [(x**2 % p) for x in range((p+1)//2)];
    qr.sort(); # Optional
    return qr;

n = 7;
qr1 = generateQR(n);
qr2 = quadratic_residues(n);
print(qr1);
print(qr2);
print(sum(qr1) % n == 0);

[0, 1, 2, 4]
[0, 1, 2, 4]
True


### Legendre Symbol

The Legendre symbol is a function that encodes the information about whether a number, $a$, is a quadratic residue modulo an odd prime $p$. It is denoted as:

\begin{align}
    \left(\frac{a}{p}\right) =
    \begin{cases} 
        1 &\text{$a \not\equiv 0$ is a quadratic residue mod $p$} \\
        -1 &\text{$a$ is a quadratic non-residue mod $p$} \\
        0 &\text{$a \equiv 0$ mod $p$}
    \end{cases}
\end{align}

#### Euler's Criterion

Euler's Criterion now state that, if $p$ is an odd prime, then:

\begin{equation*}
    a^\frac{p-1}{2} \equiv \left(\frac{a}{p}\right) \pmod{p}
\end{equation*}

#### Proof of Euler's Criterion

Case $a \equiv 0$:

\begin{equation*}
    0^\frac{p-1}{2} \equiv 0
\end{equation*}

Case $a$ is a QR, use [Fermat's Little Theorem](https://brilliant.org/wiki/fermats-little-theorem/):

\begin{align}
    a &\equiv x^2 &\pmod{p}\\
    a^\frac{p-1}{2} &\equiv x^{p-1} &\pmod{p}\\
    &\equiv 1
\end{align}

Case $a$ is a QNR, use [Wilson's Theorem](https://brilliant.org/wiki/wilsons-theorem/):

\begin{align}
    a &\equiv xy &\pmod{p}\\
    a^\frac{p-1}{2} &\equiv (x_1y_1)(x_2y_2)(...)(x_\frac{p-1}{2}y_\frac{p-1}{2}) &\pmod{p}\\
    &\equiv (p-1)!\\
    &\equiv -1
\end{align}

#### Properties

1. If $a \equiv b \pmod{p}$, then $\left(\frac{a}{p}\right) = \left(\frac{b}{p}\right)$
2. $\left(\frac{ab}{p}\right) = \left(\frac{a}{p}\right)\left(\frac{b}{p}\right)$

#### Law of Quadratic Reciprocity

The law of quadratic reciprocity states that if $p$ and $q$ are odd primes, then:

\begin{equation*}
    \left(\frac{p}{q}\right)\left(\frac{q}{p}\right) = \left(-1\right)^{\frac{p-1}{2}\frac{q-1}{2}}
\end{equation*}

As a result of the law of quadratic reciprocity, we have the <i>first and second supplement to the law</i>:

\begin{equation*}
    \left(\frac{-1}{p}\right) = (-1)^\frac{p-1}{2} 
\end{equation*}

and,

\begin{equation*}
    \left(\frac{2}{p}\right) = (-1)^\frac{p^2 - 1}{8}
\end{equation*}

For more information, refer to [Law of Quadratic Reciprocity](https://brilliant.org/wiki/law-of-quadratic-reciprocity/)

#### Example 3

Compute the value of

\begin{equation*}
    \left(\frac{109}{137}\right)
\end{equation*}

Since $109^{68} \pmod{137}$ is too hard to compute manually, we will use the help of law of quadratic reciprocity:

\begin{align}
    \left(\frac{109}{137}\right) &\equiv (-1)^{54\cdot68} \left(\frac{137}{109}\right)\\
    &\equiv (-1)^{54\cdot68} \left(\frac{28}{109}\right)\\
    &\equiv (-1)^{54\cdot68} \left(\frac{7}{109}\right) \left(\frac{2}{109}\right)^2\\
    &\equiv (-1)^{54\cdot68} (-1)^{3\cdot54} \left(\frac{109}{7}\right) \left(\frac{2}{109}\right)^2\\
    &\equiv (-1)^{54\cdot68} (-1)^{3\cdot54} \left(\frac{4}{7}\right) \left(\frac{2}{109}\right)^2\\
    &\equiv \left(\frac{2}{7}\right)^2\left(\frac{2}{109}\right)^2\\
    &\equiv 1
\end{align}

#### Corollary

By using Legendre Symbol we can deduce that

<div style="border: 1px solid black; padding: 1.25%; margin: 1.25% 0;">
    If $p \equiv 3 \pmod{4}$ and $a$ is a quadratic residue mod $p$, then $a^\frac{p+1}{4}$ is a solution to the congruence $x^2 \equiv a \pmod{p}$.
</div>

Unfortunately, there is no explicit formula to find the square root modulo of an integer $a$ with respect to $p$ in the form of $p \equiv 1 \pmod{4}$. However, there is an algorithm called [Tonelli-Shanks Algorithm](https://rosettacode.org/wiki/Tonelli-Shanks_algorithm) which can be used to find the root.

#### Proof

If $a$ is a quadratic residue mod $p$, we have

\begin{align}
    \left(\frac{a}{p}\right) &= 1\\
    \left(\frac{a}{p}\right) \cdot a &= a^{\frac{p-1}{2} + 1} = a\\
    x^2 &\equiv a^{\frac{p+1}{2}} \equiv a\\
    x &\equiv a^\frac{p+1}{4}
\end{align}

This formula only works for $p \equiv 3 \pmod{4}$, since $4 \vert p+1$ implies $p \equiv -1 \equiv 3 \pmod{4}$.

In [2]:
def legendre(a, p):
    return (1 if (power_mod(a, (p-1)//2, p)) == 1 else -1);

a = 109; p = 137;
ls1 = legendre(a, p);
ls2 = legendre_symbol(a, p);
ls3 = kronecker(a, p);
ls4 = kronecker_symbol(a, p);
print(ls1);
print(ls2);
print(ls3);
print(ls4);

1
1
1
1


### Solving Diophantine Equation

To solve the following congruence

\begin{equation*}
    ax^2 + bx + c \equiv 0 \pmod{p}
\end{equation*}

We will use the help of [Completing the Square](https://brilliant.org/wiki/completing-the-square/) method.

\begin{align}
    ax^2 + bx + c &\equiv 0 &\pmod{p}\\
    x^2 + a^{-1}bx &\equiv -a^{-1}c &\pmod{p}\\
    x^2 + a^{-1}bx + (2^{-1}a^{-1}b)^2 &\equiv -a^{-1}c + (2^{-1}a^{-1}b)^2 &\pmod{p}\\
    (x + 2^{-1}a^{-1}b)^2 &\equiv -a^{-1}c + (2^{-1}a^{-1}b)^2 &\pmod{p}
\end{align}

Let $u = (x + 2^{-1}a^{-1}b)^2$ and $v = -a^{-1}c + (2^{-1}a^{-1}b)^2$

\begin{align}
    u^2 \equiv v \pmod{p}
\end{align}

Find the square root of $v$ using the help of Legendre Symbol, and let $u \equiv \pm\sqrt{v}$. Then $x \equiv -2^{-1}a^{-1}b \pm\sqrt{v}$ are the solutions to the congruence. 
<br><i>Note</i>: $2^{-1}$ and $a^{-1}$ always exists since $p$ is odd prime implies $(2,p) = 1$ and $(a, p) = 1$, given that $p $ does not divide $a$.</br>

#### Example 4

Find the solution to the following congruence

\begin{equation*}
    5x^2 + 3x + 2 \equiv 0 \pmod{7}
\end{equation*}

#### Method 1
Since $2^{-1} \equiv 4$ and $5^{-1} \equiv 3$, we can rewrite the equation as

\begin{align}
    x^2 + 9x + 6 &\equiv 0 \pmod{7}\\
    x^2 + 2x - 1 &\equiv 0 \pmod{7}\\
    x^2 + 2x + 1 &\equiv 2 \pmod{7}\\
    (x+1)^2 &\equiv 2 \pmod{7}\\
\end{align}

Using the help of Legendre Symbol, we get

\begin{align}
    x+1 &\equiv 3 \text{ or } 4 \pmod{7}\\
    x &\equiv 2 \text{ or } 3 \pmod{7}
\end{align}

#### Method 2
From [Quadratic Equation](https://brilliant.org/wiki/quadratic-equations/) we have

\begin{align}
    x &\equiv \frac{-b \pm \sqrt{b^2 - 4ac}}{2a} &\pmod{7}\\
    &\equiv \frac{-3 \pm \sqrt{3^2 - 4\cdot5\cdot2}}{2\cdot5} &\pmod{7}\\
    &\equiv \frac{-3 \pm 2}{10} &\pmod{7}\\
\end{align}

Since $2^{-1} \equiv 4$ and $5^{-1} \equiv 3$, then $10^{-1} \equiv 5$

\begin{align}
    x &\equiv 5(-1) \text{ or } 5(-5) &\pmod{7}\\
    &\equiv 2 \text{ or } 3 &\pmod{7}
\end{align}

In [3]:
def solveQR1(a, b, c, p):
    inv_2 = inverse_mod(2, p);
    inv_a = inverse_mod(a, p);
    
    a = (a * inv_a) % p; 
    b = (b * inv_a) % p;
    c = (c * inv_a) % p;
    
    cts = ((inv_2 * b)**2) % p;
    v = (cts - c) % p;
    
    if(legendre_symbol(v, p) != 1): return "No Solution";
    else: sqrt_v = Mod(v, p).sqrt();
            
    return [sqrt_v - cts, p - sqrt_v - cts];

def solveQR2(a, b, c, p):
    inv = inverse_mod(2, p) * inverse_mod(a, p);
    v = (b**2 - 4*a*c) % p;
    
    if(legendre_symbol(v, p) != 1): return "No Solution";
    else: sqrt_v = Mod(v, p).sqrt();
    
    return [(-b + sqrt_v) * inv % p, (-b - sqrt_v) * inv % p];

a = 5; b = 3; c = 2; p = 7;
res1 = solveQR1(a, b, c, p);
res2 = solveQR2(a, b, c, p);
print(res1);
print(res2);
print(a);

[2, 3]
[2, 3]
5
