$-1$ is a quadratic residue modulo $p$ if and only if $p\equiv 1\pmod{4}$

elementary-number-theory quadratic-residues

I came across this problem and I believe Lagrange's theorem is the key to its solution. The question is:

Let $p$ be an odd prime. Prove that there is some integer $x$ such that $x^2 \equiv −1 \pmod p$ if and only if $p \equiv 1 \pmod 4$.

I appreciate any help. Thanks.


If such an element exists it would have order $4$, so by Lagrange's theorem $4|p-1$ and thus $p\equiv 1\mod 4$.

If $p\equiv 1\mod 4$ we can use Wilson's theorem to explicitly write down an element that squares to $-1$: $$ -1\equiv(p-1)!\equiv 1\cdot\ldots\cdot \frac{p-1}{2}\frac{p+1}{2}\cdot\ldots\cdot(p-1)\equiv\left(\left(\frac{p-1}{2}\right)!\right)^2\cdot(-1)^{\frac{p-1}{2}}\equiv\left(\left(\frac{p-1}{2}\right)!\right)^2 $$


There is a slightly more general version of this result: if a finite field has an odd number $q$ of elements, then the equation $x^2+1=0$ has a solution in the field if and only if $q\equiv1\pmod4$. In your case you can of course take $\mathbb Z/p\mathbb Z$ as finite field, in which case $q=p$.

Here's a simple proof. Group all nonzero elements of your field in packets $\{a,-a,a^{-1},-a^{-1}\}$. It is easy to see that if one would have generated the packet from any of its three elements other than $a$, it would still give the same packet. In other words one has partitioned the $q-1$ nonzero elements into packets. Not all packets have four distinct elements though: while it cannot happen that $a=-a$ (since $q$ is odd), it can happen either that $a=a^{-1}$ or that $a=-a^{-1}$; in both cases the packet has two elements instead of four.

Now $a=a^{-1}$ happens if and only if $a^2=1$, and since $a^2-1=(a-1)(a+1)$, this occurs precisely for $a=1$ and $a=-1$, giving one packet of this type, regardless of the field. For the other type $a=-a^{-1}$, this happens if and only if $a^2=-1$. That need not occur at all, but if it does, there are precisely two solutions to this quadratic equation, which then together define a single packet of this second type. Now since all remaining packets are of size $4$, and all packet sizes add up to $q-1$, one easily sees that a packet of the second type exists if and only if $q-1$ is a multiple of $4$.


An alternative to the other (perfectly good) proofs already suggested is the following. We use that the group $\mathbb{Z}_p^*$ of units of the ring $\mathbb{Z}_p$ is cyclic of order $p-1$, and consider its generator $a$. Then as $(a^{\frac{p-1}{2}})^2=1$, and $\mathbb{Z}_p$ is an integral domain, either $a^{\frac{p-1}{2}}=1$ or $a^{\frac{p-1}{2}}=-1$, and we must be in the second case since $a$ has order $p-1$.

Now $-1\in\mathbb{Z}_p^*$ is a square if and only if it is an even power of $a$, so substituting $4n+1$ and $4n+3$ for $p$ in the above tells you that this only happens if $p=4n+1$.

Related

A linear operator commuting with all such operators is a scalar multiple of the identity.
If $f_k \to f$ a.e. and the $L^p$ norms converge, then $f_k \to f$ in $L^p$
How to find solutions of linear Diophantine ax + by = c?
$L^p$ and $L^q$ space inclusion
The limit of a sum $\sum_{k=1}^n \frac{n}{n^2+k^2}$ as $n\rightarrow\infty$ [closed]
extended stars-and-bars problem(where the upper limit of the variable is bounded)
Universal Chord Theorem
Limits: How to evaluate $\lim\limits_{x\rightarrow \infty}\sqrt[n]{x^{n}+a_{n-1}x^{n-1}+\cdots+a_{0}}-x$
Normal subgroup of prime index
Analyzing limits problem Calculus (tell me where I'm wrong).
Inverse trigonometric function identity doubt: $\tan^{-1}x+\tan^{-1}y =-\pi+\tan^{-1}\left(\frac{x+y}{1-xy}\right)$, when $x<0$, $y<0$, and $xy>1$
Identity for convolution of central binomial coefficients: $\sum\limits_{k=0}^n \binom{2k}{k}\binom{2(n-k)}{n-k}=2^{2n}$