# β

In number theory, the law of quadratic reciprocity, like the Pythagorean theorem, has lent itself to an unusual number of proofs. Several hundred proofs of the law of quadratic reciprocity have been found.

## Proofs that are accessibleEdit

Of relatively elementary, combinatorial proofs, there are two which apply types of double counting. One by Gotthold Eisenstein counts lattice points. Another applies Zolotarev's lemma to ${\displaystyle ({\mathbb {Z} }/pq{\mathbb {Z} })^{\times }}$  expressed by the Chinese remainder theorem as ${\displaystyle ({\mathbb {Z} }/p{\mathbb {Z} })^{\times }\times ({\mathbb {Z} }/q{\mathbb {Z} })^{\times }}$  and calculates the signature of a permutation.

## Eisenstein's proofEdit

Eisenstein's proof of quadratic reciprocity is a simplification of Gauss's third proof. It is more geometrically intuitive and requires less technical manipulation.

The point of departure is "Eisenstein's lemma", which states that for distinct odd primes p, q,

${\displaystyle \left({\frac {q}{p}}\right)=(-1)^{\sum _{u}\left\lfloor qu/p\right\rfloor },}$

where ${\displaystyle \left\lfloor x\right\rfloor }$  denotes the floor function (the largest integer less than or equal to x), and where the sum is taken over the even integers u = 2, 4, 6, ..., p−1. For example,

${\displaystyle \left({\frac {7}{11}}\right)=(-1)^{\left\lfloor 14/11\right\rfloor +\left\lfloor 28/11\right\rfloor +\left\lfloor 42/11\right\rfloor +\left\lfloor 56/11\right\rfloor +\left\lfloor 70/11\right\rfloor }=(-1)^{1+2+3+5+6}=(-1)^{17}=-1.}$

This result is very similar to Gauss's lemma, and can be proved in a similar fashion (proof given below).

Using this representation of (q/p), the main argument is quite elegant. The sum ${\displaystyle \Sigma _{u}\left\lfloor qu/p\right\rfloor }$  counts the number of lattice points with even x-coordinate in the interior of the triangle ABC in the following diagram:

 Lattice point diagram Example showing lattice points inside ABC with even x-coordinates, for p = 11 and q = 7

Because each column has an even number of points (namely q−1 points), the number of such lattice points in the region BCYX is the same modulo 2 as the number of such points in the region CZY:

The number of points with even x-coordinate inside BCYX (marked by O's) is equal modulo 2 to the number of such points in CZY (marked by X's)

Then by flipping the diagram in both axes, we see that the number of points with even x-coordinate inside CZY is the same as the number of points inside AXY having odd x-coordinates:

The number of points with even x-coordinate inside CZY is equal to the number of points with odd x-coordinate inside AXY

The conclusion is that

${\displaystyle \left({\frac {q}{p}}\right)=(-1)^{\mu },}$

where μ is the total number of lattice points in the interior of AYX. Switching p and q, the same argument shows that

${\displaystyle \left({\frac {p}{q}}\right)=(-1)^{\nu },}$

where ν is the number of lattice points in the interior of WYA. Since there are no lattice points on the line AY itself (because p and q are relatively prime), and since the total number of points in the rectangle WYXA is

${\displaystyle \left({\frac {p-1}{2}}\right)\left({\frac {q-1}{2}}\right),}$

we obtain finally

${\displaystyle \left({\frac {q}{p}}\right)\left({\frac {p}{q}}\right)=(-1)^{\mu +\nu }=(-1)^{(p-1)(q-1)/4}.}$

### Proof of Eisenstein's lemmaEdit

For an even integer u in the range 1 ≤ up−1, denote by r(u) the least positive residue of qu modulo p. (For example, for p = 11, q = 7, we allow u = 2, 4, 6, 8, 10, and the corresponding values of r(u) are 3, 6, 9, 1, 4.) The numbers (−1)r(u)r(u), again treated as least positive residues modulo p, are all even (in our running example, they are 8, 6, 2, 10, 4.) Furthermore, they are all distinct, because if (−1)r(u)r(u) ≡ (−1)r(t)r(t) (mod p), then we may divide out by q to obtain u ≡ ±t (mod p). This forces ut (mod p), because both u and t are even, whereas p is odd. Since there exactly (p−1)/2 of them and they are distinct, they must be simply a rearrangement of the even integers 2, 4, ..., p−1. Multiplying them together, we obtain

${\displaystyle (-1)^{r(2)}2q\cdot (-1)^{r(4)}4q\cdot \cdots \cdot (-1)^{r(p-1)}(p-1)q\equiv 2\cdot 4\cdot \cdots \cdot (p-1){\pmod {p}}.}$

Dividing out successively by 2, 4, ..., p−1 on both sides (which is permissible since none of them are divisible by p) and rearranging, we have

${\displaystyle q^{(p-1)/2}\equiv (-1)^{r(2)+r(4)+\cdots +r(p-1)}{\pmod {p}}.}$

On the other hand, by the definition of r(u) and the floor function,

${\displaystyle {\frac {qu}{p}}=\left\lfloor {\frac {qu}{p}}\right\rfloor +{\frac {r(u)}{p}},}$

and so since p is odd and u is even, we see that ${\displaystyle \left\lfloor qu/p\right\rfloor }$  and r(u) are congruent modulo 2. Finally this shows that

${\displaystyle q^{(p-1)/2}\equiv (-1)^{\sum _{u}\left\lfloor qu/p\right\rfloor }{\pmod {p}}.}$

We are finished because the left hand side is just an alternative expression for (q/p).

## Proof using Quadratic Gauss SumsEdit

The proof of Quadratic Reciprocity using Gauss sums is one of the more common and classic proofs. These proofs work by comparing computations of single values in two different ways, one using Euler's Criterion and the other using the Binomial theorem. As an example of how Euler's criterion is used, we can use it to give a quick proof of the first supplemental case of determining ${\textstyle \left({\frac {-1}{p}}\right)}$  for an odd prime p: By Euler's criterion ${\textstyle \left({\frac {-1}{p}}\right)\equiv (-1)^{\frac {p-1}{2}}{\pmod {p}}}$  , but since both sides of the equivalence are ±1 and p is odd, we can deduce that ${\textstyle \left({\frac {-1}{p}}\right)=(-1)^{\frac {p-1}{2}}}$ .

### The Second Supplemental CaseEdit

Let ${\textstyle \zeta _{8}=e^{2\pi i/8}}$ , a primitive 8th root of unity and set ${\textstyle \tau =\zeta _{8}+\zeta _{8}^{-1}}$ . Since ${\textstyle \zeta _{8}^{2}=i}$  and ${\textstyle \zeta _{8}^{-2}=-i}$  we see that ${\textstyle \tau ^{2}=2}$ . Because ${\displaystyle \tau }$  is an algebraic integer, if p is an odd prime it makes sense to talk about it modulo p. (Formally we are considering the commutative ring formed by factoring the algebraic integers ${\displaystyle \mathbf {A} }$  with the ideal generated by p. Because ${\displaystyle p^{-1}}$  is not an algebraic integer, 1, 2, ..., p are distinct elements of ${\displaystyle {\mathbf {A} }/p{\mathbf {A} }}$ .) Using Euler's criterion, it follows that

${\displaystyle \tau ^{p-1}=(\tau ^{2})^{\frac {p-1}{2}}=2^{\frac {p-1}{2}}\equiv \left({\frac {2}{p}}\right){\pmod {p}}}$

We can then say that
${\displaystyle \tau ^{p}\equiv \left({\frac {2}{p}}\right)\tau {\pmod {p}}}$

But we can also compute ${\textstyle \tau ^{p}{\pmod {p}}}$  using the binomial theorem. Because the cross terms in the binomial expansion all contain factors of p, we find that ${\textstyle \tau ^{p}\equiv \zeta _{8}^{p}+\zeta _{8}^{-p}{\pmod {p}}}$ . We can evaluate this more exactly by breaking this up into two cases
• ${\textstyle p\equiv \pm 1{\pmod {8}}\Rightarrow \zeta _{8}^{p}+\zeta _{8}^{-p}=\zeta _{8}+\zeta _{8}^{-1}}$ .
• ${\textstyle p\equiv \pm 3{\pmod {8}}\Rightarrow \zeta _{8}^{p}+\zeta _{8}^{-p}=-\zeta _{8}-\zeta _{8}^{-1}}$ .

These are the only options for a prime modulo 8 and both of these cases can be computed using the exponential form ${\textstyle \zeta _{8}=e^{\frac {2\pi i}{8}}}$ . We can write this succinctly for all odd primes p as

${\displaystyle \tau ^{p}\equiv (-1)^{\frac {p^{2}-1}{8}}\tau {\pmod {p}}}$

Combining these two expressions for ${\textstyle \tau ^{p}{\pmod {p}}}$  and multiplying through by ${\displaystyle \tau }$  we find that ${\textstyle 2\cdot \left({\frac {2}{p}}\right)\equiv 2\cdot (-1)^{\frac {p^{2}-1}{8}}{\pmod {p}}}$ . Since both ${\textstyle \left({\frac {2}{p}}\right)}$  and ${\displaystyle (-1)^{\frac {p^{2}-1}{8}}}$  are ±1 and 2 is invertible modulo p, we can conclude that
${\displaystyle \left({\frac {2}{p}}\right)=(-1)^{\frac {p^{2}-1}{8}}}$

### The general caseEdit

The idea for the general proof follows the above supplemental case: Find an algebraic integer that somehow encodes the Legendre symbols for p, then find a relationship between Legendre symbols by computing the qth power of this algebraic integer modulo q in two different ways, one using Euler's criterion the other using the binomial theorem.

Let

${\displaystyle g_{p}=\sum _{k=1}^{p-1}\left({\frac {k}{p}}\right)\zeta _{p}^{k}}$

where ${\displaystyle \zeta _{p}=e^{2\pi i/p}}$  is a primitive pth root of unity. This is a Quadratic Gauss Sum. A fundamental property of these Gauss sums is that
${\displaystyle g_{p}^{2}=p^{*}}$

where ${\textstyle p^{*}=\left({\frac {-1}{p}}\right)p}$ . To put this in context of the next proof, the individual elements of the Gauss sum are in the cyclotomic field ${\displaystyle L=\mathbb {Q} (\zeta _{p})}$  but the above formula shows that the sum itself is a generator of the unique quadratic field contained in L. Again, since the quadratic Gauss sum is an algebraic integer, we can use modular arithmetic with it. Using this fundamental formula and Euler's criterion we find that
${\displaystyle g_{p}^{q-1}=(g_{p}^{2})^{\frac {q-1}{2}}=(p^{*})^{\frac {q-1}{2}}\equiv \left({\frac {p^{*}}{q}}\right){\pmod {q}}}$

Therefore
${\displaystyle g_{p}^{q}\equiv \left({\frac {p^{*}}{q}}\right)g_{p}{\pmod {q}}}$

Using the binomial theorem, we also find that ${\textstyle g_{p}^{q}\equiv \sum _{k=1}^{p-1}\left({\frac {k}{p}}\right)\zeta _{p}^{qk}{\pmod {q}}}$ , If we let a be a multiplicative inverse of ${\displaystyle q{\pmod {p}}}$ , then we can rewrite this sum as ${\textstyle \left({\frac {a}{p}}\right)\sum _{t=1}^{p-1}\left({\frac {t}{p}}\right)\zeta _{p}^{t}}$  using the substitution ${\displaystyle t=qk}$ , which doesn't affect the range of the sum. Since ${\textstyle \left({\frac {a}{p}}\right)=\left({\frac {q}{p}}\right)}$ , we can then write
${\displaystyle g_{p}^{q}\equiv \left({\frac {q}{p}}\right)g_{p}{\pmod {q}}}$

Using these two expressions for ${\textstyle g_{p}^{q}{\pmod {q}}}$ , and multiplying through by ${\displaystyle g_{p}}$  gives
${\displaystyle \left({\frac {q}{p}}\right)p^{*}\equiv \left({\frac {p^{*}}{q}}\right)p^{*}{\pmod {q}}}$

Since ${\displaystyle p^{*}}$  is invertible modulo q, and the Legendre symbols are either ±1, we can then conclude that
${\displaystyle \left({\frac {q}{p}}\right)=\left({\frac {p^{*}}{q}}\right)}$

## Proof using algebraic number theoryEdit

The proof presented here is by no means the simplest known; however, it is quite a deep one, in the sense that it motivates some of the ideas of Artin reciprocity.

### Cyclotomic field setupEdit

Suppose that p is an odd prime. The action takes place inside the cyclotomic field

${\displaystyle L=\mathbf {Q} (\zeta _{p}),}$

where ζp is a primitive pth root of unity. The basic theory of cyclotomic fields informs us that there is a canonical isomorphism

${\displaystyle G=\operatorname {Gal} (L/\mathbf {Q} )\cong (\mathbb {Z} /p\mathbb {Z} )^{\times },}$

which sends the automorphism σa satisfying

${\displaystyle \sigma _{a}(\zeta _{p})=\zeta _{p}^{a}}$

to the element

${\displaystyle a\in (\mathbb {Z} /p\mathbb {Z} )^{\times }.}$

(This is because the morphism of reduction from Z to Z/qZ is injective on the set of p-th roots of unity)

Now consider the subgroup H of squares of elements of G. Since G is cyclic, H has index 2 in G, so the subfield corresponding to H under the Galois correspondence must be a quadratic extension of Q. (In fact it is the unique quadratic extension of Q contained in L.) The Gaussian period theory determines which one; it turns out to be

${\displaystyle \mathbf {Q} ({\sqrt {p^{*}}}),}$

where

${\displaystyle p^{*}={\begin{cases}p&{\mbox{if }}p\equiv 1{\pmod {4}},\\-p&{\mbox{if }}p\equiv -1{\pmod {4}}.\end{cases}}}$

At this point we start to see a hint of quadratic reciprocity emerging from our framework. On one hand, the image of H in

${\displaystyle (\mathbf {Z} /p\mathbf {Z} )^{\times }}$

consists precisely of the (nonzero) quadratic residues modulo p. On the other hand, H is related to an attempt to take the square root of p (or possibly of −p). In other words, if now q is a prime (different from p), we have so far shown that

${\displaystyle \left({\frac {q}{p}}\right)=1\quad \iff \quad \sigma _{q}\in H\quad \iff \quad \sigma _{q}{\mbox{ fixes }}\mathbf {Q} ({\sqrt {p^{*}}}).}$

### The Frobenius automorphismEdit

Choose any prime ideal β of the ring of integers OL lying over q, which is unramified, and let

${\displaystyle \phi \in \operatorname {Gal} (L/\mathbf {Q} )}$

be the Frobenius automorphism associated to β; the characteristic property of ${\displaystyle \phi }$  is that

${\displaystyle \phi (x)\equiv x^{q}{\pmod {\beta }}}$

for any x in OL. (The existence of such a Frobenius element depends on quite a bit of algebraic number theory machinery.)

The key fact about ${\displaystyle \phi }$  that we need is that for any subfield K of L,

${\displaystyle \phi {\mbox{ fixes }}K\quad \iff \quad q{\mbox{ splits completely in }}K.}$

Indeed, let δ be any ideal of OK below β (and hence above q). Then, since

${\displaystyle \phi (x)\equiv x^{q}{\pmod {\delta }}}$

for any x in OK, we see that

${\displaystyle \phi \vert _{K}\in \operatorname {Gal} (K/\mathbf {Q} )}$

is a Frobenius for δ. A standard result concerning ${\displaystyle \phi }$  is that its order is equal to the corresponding inertial degree; that is,

${\displaystyle \operatorname {ord} (\phi \vert _{K})=[O_{K}/\delta O_{K}:\mathbf {Z} /q\mathbf {Z} ].}$

The left hand side is equal to 1 if and only if φ fixes K, and the right hand side is equal to one if and only q splits completely in K, so we are done.

Now, since the pth roots of unity are distinct modulo β (i.e. the polynomial Xp − 1 is separable in characteristic q), we must have

${\displaystyle \phi (\zeta _{p})=\zeta _{p}^{q};}$

that is, ${\displaystyle \phi }$  coincides with the automorphism σq defined earlier. Taking K to be the quadratic field in which we are interested, we obtain the equivalence

${\displaystyle \left({\frac {q}{p}}\right)=1\quad \iff \quad q{\mbox{ splits completely in }}\mathbf {Q} ({\sqrt {p^{*}}}).}$

### Completing the proofEdit

Finally we must show that

${\displaystyle q{\mbox{ splits completely in }}\mathbf {Q} ({\sqrt {p^{*}}})\quad \iff \quad \left({\frac {p^{*}}{q}}\right)=1.}$

Once we have done this, the law of quadratic reciprocity falls out immediately since

${\displaystyle \left({\frac {p^{*}}{q}}\right)=\left({\frac {q}{p}}\right)}$

if p ≡ 1 (mod 4), and

${\displaystyle \left({\frac {p^{*}}{q}}\right)=\left({\frac {-p}{q}}\right)=\left({\frac {-1}{q}}\right)\left({\frac {p}{q}}\right)={\begin{cases}+\left({\frac {p}{q}}\right)&{\mbox{if }}q\equiv 1{\pmod {4}},\\-\left({\frac {p}{q}}\right)&{\mbox{if }}q\equiv -1{\pmod {4}}\end{cases}}}$

if p ≡ -1 (mod 4).

To show the last equivalence, suppose first that

${\displaystyle \left({\frac {p^{*}}{q}}\right)=1.}$

In this case, there is some integer x (not divisible by q) such that

${\displaystyle x^{2}\equiv p^{*}{\pmod {q}},}$

say

${\displaystyle x^{2}-p^{*}=cq}$

for some integer c. Let

${\displaystyle K=\mathbf {Q} ({\sqrt {p^{*}}}),}$

and consider the ideal

${\displaystyle (x-{\sqrt {p^{*}}},q)}$

of K. It certainly divides the principal ideal (q). It cannot be equal to (q), since

${\displaystyle x-{\sqrt {p^{*}}}}$

is not divisible by q. It cannot be the unit ideal, because then

${\displaystyle (x+{\sqrt {p^{*}}})=(x+{\sqrt {p^{*}}})(x-{\sqrt {p^{*}}},q)=(cq,q(x+{\sqrt {p^{*}}}))}$

is divisible by q, which is again impossible. Therefore (q) must split in K.

Conversely, suppose that (q) splits, and let β be a prime of K above q. Then

${\displaystyle (q)\subsetneq \beta ,}$

so we may choose some

${\displaystyle a+b{\sqrt {p^{*}}}\in \beta \setminus (q),}$

where a and b are in Q. Actually, since

${\displaystyle p^{*}\equiv 1{\pmod {4}},}$

elementary theory of quadratic fields implies that the ring of integers of K is precisely

${\displaystyle \mathbf {Z} \left[{\frac {1+{\sqrt {p^{*}}}}{2}}\right],}$

so the denominators of a and b are at worst equal to 2. Since q ≠ 2, we may safely multiply a and b by 2, and assume that

${\displaystyle a+b{\sqrt {p^{*}}}\in \beta \setminus (q),}$

where now a and b are in Z. In this case we have

${\displaystyle (a+b{\sqrt {p^{*}}})(a-b{\sqrt {p^{*}}})=a^{2}-b^{2}p^{*}\in \beta \cap \mathbf {Z} =(q),}$

so

${\displaystyle q\mid a^{2}-b^{2}p^{*}.}$

However, q cannot divide b, since then also q divides a, which contradicts our choice of

${\displaystyle a+b{\sqrt {p^{*}}}.}$

Therefore, we may divide by b modulo q, to obtain

${\displaystyle p^{*}\equiv (ab^{-1})^{2}{\pmod {q}}}$

as desired.

## ReferencesEdit

Every textbook on elementary number theory (and quite a few on algebraic number theory) has a proof of quadratic reciprocity. Two are especially noteworthy:

Lemmermeyer (2000) has many proofs (some in exercises) of both quadratic and higher-power reciprocity laws and a discussion of their history. Its immense bibliography includes literature citations for 196 different published proofs.

Ireland & Rosen (1990) also has many proofs of quadratic reciprocity (and many exercises), and covers the cubic and biquadratic cases as well. Exercise 13.26 (p 202) says it all

Count the number of proofs to the law of quadratic reciprocity given thus far in this book and devise another one.