RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIRAPPLICATIONS

CHAOFAN CHEN

Abstract. In this paper we shall explore the structure of the ring of algebraic

integers in any quadratic extension of the field of rational numbers Q, developthe concepts of Gauss and Jacobi sums, and apply the theory of algebraic

integers and that of Gauss-Jacobi sums to solving problems involving power

congruences and power sums as well as to proving the quadratic and cubicreciprocity laws. In particular, we shall address the problem of when a rational

prime (that is, a prime in Z) stays a prime in the ring of algebraic integers in

any quadratic extension of Q, discuss when a rational prime can be writtenas the sum of two squares, and find the number of solutions to congruence

equations of the form xn + yn ≡ 1 mod p when n = 2 or 3.

Contents

1. Introduction 12. Finite Fields and Multiplicative Characters 22.1. Finite Fields 22.2. Multiplicative Characters 52.3. An Example of Multiplicative Characters: The Legendre Symbol 73. Field Extensions and Rings of Integers 83.1. Field Extensions 83.2. Rings of Algebraic Integers in Extension Fields of Q 93.3. The Ring of Gaussian Integers Z[i] 133.4. The Ring Z[ω] 154. Gauss and Jacobi Sums 194.1. Gauss Sums 194.2. Jacobi Sums 214.3. The Equations of the Form xn + yn = 1 in Fp for n = 2 or 3 255. Law of Quadratic Reciprocity 276. Law of Cubic Reciprocity 287. Conclusion 30Acknowledgments 30References 30

1. Introduction

The concept of ordinary integers 0, ±1, ±2, ±3, ..., is a familiar one. Observethat each ordinary integer r is a root to the polynomial x− r, which is monic with

Date: August 8, 2012.

1

2 CHAOFAN CHEN

ordinary integer coefficients. It will then be natural for us to extend the conceptof ordinary integers and define algebraic integers as complex numbers which areroots to some monic polynomial with ordinary integer coefficients. Thus, algebraicintegers include more than just ordinary integers; for example, i =

√−1 is an

algebraic integer because it is a root to the polynomial x2 + 1.Now, consider the set Z[i] = {a+ bi : a, b ∈ Z}. It is easy to check that all the

elements of the set are algebraic integers, for any a + bi ∈ Z[i] is a root to thepolynomial x2 − 2a + (a2 + b2), and that the set Z[i] forms a ring under ordinaryaddition and multiplication of complex numbers. We call Z[i] the ring of Gaussianintegers.

We observe that an ordinary prime number p ∈ Z has the property that if pdivides ab for a, b ∈ Z, then p divides a or p divides b (Here, p divides x ∈ Z meansx = qp for some q ∈ Z). Of course, we can extend both the concepts of divisibilityand of prime elements to Z[i], by defining an element p ∈ Z[i] to be prime when psatisfies the property that if p divides ab for a, b ∈ Z[i], then p divides a or p dividesb (Here, p divides x ∈ Z[i] means x = qp for some q ∈ Z[i]). We will then discoverthat 2 is no longer a prime in Z[i], for 2 divides the product of 1 + i and 1− i butdivides neither of them individually in Z[i]. On the other hand, 3 is a prime in bothZ and Z[i]. This observation leads to an interesting question: When does a primenumber in Z stay a prime in Z[i]? More generally, when does a prime number in Zstay a prime in the ring of algebraic integers in any quadratic extension of Q? Toavoid confusion, we shall speak of primes in Z as rational primes.

Another interesting (and classical) question in number theory is under whatconditions a rational prime can be written as the sum of squares of two integers inZ. If we define the norm of a Gaussian integer a+ bi ∈ Z[i] by N(a+ bi) = a2 + b2,the question above is equivalent to under what conditions a rational prime is thenorm of some Gaussian integer. It turns out that a rational prime p is the sum ofsquares of two integers in Z if and only if p = 2 or p ≡ 1 mod 4, as we shall see.

Of course, besides the ring of Gaussian integers Z[i], there are other rings ofalgebraic integers. Let ω = −1+

√−3

2 throughout this paper. The ring Z[ω] ={a+ bω : a, b ∈ Z} will be of particular interest to us, as the law of cubic reciprocitywill be stated in terms of cubic characters of primary elements in Z[ω]. To prove thelaw of cubic reciprocity, we shall develop the concepts of Gauss and Jacobi sums,which will also be used to prove the law of quadratic reciprocity and to count thenumber of solutions to congruence equations of the form xn + yn ≡ 1 mod p whenn = 2 or 3.

2. Finite Fields and Multiplicative Characters

2.1. Finite Fields. We shall begin by investigating some of the properties of finitefields. In particular, we shall prove that the number of elements in a finite field issome positive integral power of a rational prime, and that the multiplicative groupof a finite field is cyclic.

Theorem 2.1. The number of elements in a finite field is some positive integralpower of a rational prime.

Proof. Let F be a finite field. Define the map ϕ : Z → F by ϕ(k) = k1F where1F denotes the multiplicative identity of F . Then ϕ is a ring homomorphism.The image of ϕ, ϕ(Z) is a (finite) subring of the finite field F ; in particular it

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 3

must be an integral domain. Since we have ϕ(Z) ∼= Z/kerϕ, Z/kerϕ is an integraldomain, so kerϕ is a prime ideal in Z. Thus, we have kerϕ = pZ, and consequentlyϕ(Z) ∼= Z/pZ for some rational prime p. Note that we have ϕ(Z) = {k1F : k ∈ Z},so we have proved that the integer multiples of the (multiplicative) identity of afinite field F forms a subfield of F isomorphic to Z/pZ for some rational prime p.

We shall identify Z/pZ with the image of ϕ, ϕ(Z), in F and think of F as a finitedimensional vector space over Z/pZ. Let n be the dimension and {x1, ..., xn} be abasis of F over Z/pZ. Then every element x ∈ F can be written uniquely in theform a1x1 + ...+ anxn with ai ∈ Z/pZ. It then follows that F has pn elements. �

Let 0 and 1 denote the additive and multiplicative identities (respectively) of afinite field F , and let p be the least positive integer such that p1 = 0. The first partof the proof of Theorem 2.1 tells us that p must be a prime number. It is calledthe characteristic of F . For all x ∈ F , we have px = p(1x) = (p1)x = 0x = 0. Thisobservation leads to the following proposition.

Proposition 2.2. If F has characteristic p, then (a + b)pd

= apd

+ bpd

for all a,b ∈ F and all positive integers d.

Proof. For d = 1, we have

(a+ b)p = ap +p−1∑k=1

(p

k

)ap−kbk + bp = ap + bp

because p divides(pk

)for 1 ≤ k ≤ p− 1.

Now suppose that (a + b)pd

= apd

+ bpd

is true for some d ≥ 1. It then follows(a + b)p

d+1= ((a + b)p

d

)p = (apd

+ bpd

)p = (apd

)p + (bpd

)p = apd+1

+ bpd+1

. Theinduction is complete. �

Let F be a finite field with q elements. The multiplicative group F× of F isF − {0}, and has q − 1 elements. Thus every element x ∈ F× satisfies xq−1 = 1,and every element x ∈ F satisfies xq = x. To show that F× is cyclic, we will provea stronger result that every finite subgroup of the multiplicative group of a field iscyclic (Our main reference is [3]). We need the following lemmas before we proceed.

Lemma 2.3. Let G be a group and let g, h ∈ G be commuting elements of finiteorders m, n respectively with (m,n) = 1. Then we have |gh| = mn.

Proof. We have (gh)mn = (gm)n(hn)m = 1, where 1 denotes the identity of G, sol = |gh| divides mn. Then we have gl = h−l ∈ 〈g〉 ∩ 〈h〉 = {1}, so m and n bothdivide l. It then follows, from (m,n) = 1, that mn divides l = |gh|. Thus, we have|gh| = mn. �

Lemma 2.4. Let G be a finite abelian group, and let m = max {|g| : g ∈ G}. Then|g| divides m for every g ∈ G.

Proof. Let h ∈ G have order m, and let g be any element of G. Let m =∏ni=1 pi

ri

be the prime factorization of m in Z. If there exists a rational prime p which divides|g| but not m, then G contains an element x of order p. Since we have (p,m) = 1,by Lemma 2.3, we have |xh| = pm > m, which contradicts the maximality of m.Thus, every rational prime divisor of |g| must be a divisor of m. Suppose nowthat there exists i with pi

r dividing |g| and r > ri. Then G contains an elementof order pir and an element of order m/piri . Since we have (pir,m/piri) = 1, by

4 CHAOFAN CHEN

Lemma 2.3, G contains an element of order mpir−ri > m, which again contradictsthe maximality of m. Thus, every rational prime power divisor of |g| divides m, so|g| divides m. �

We are now ready to prove that every finite subgroup of the multiplicative groupof a field is cyclic, and consequently the multiplicative group of a finite field iscyclic.

Theorem 2.5. Every finite subgroup of the multiplicative group of a field is cyclic.

Proof. Let G be a finite subgroup of the multiplicative group of a field F . ThenG is a finite abelian group. Let m = max {|g| : g ∈ G}. By Lemma 2.4, we havegm = 1 for every g ∈ G. Thus, every element of G is a root to the polynomialxm − 1, which has at most m roots in F , so we have |G| ≤ m. On the other hand,by Lagrange’s Theorem, m divides |G|, so we have m ≤ |G|. It follows |G| = m.Since G contains an element of order |G|, G must be cyclic. �

Corollary 2.6. The multiplicative group of a finite field is cyclic.

Let F be a finite field. The fact that F× is cyclic allows us to give a criterionfor deciding when xn = a (a ∈ F×) has solutions in F×, as we shall see.

Lemma 2.7. Let a, m ∈ Z and d = (a,m). For b ∈ Z, the congruence ax ≡ b modm has solutions if and only if d divides b. If d divides b, then there are exactly dsolutions which are not equivalent mod m.

Proof. If x0 is a solution, then we have ax0 − b = my0 for some integer y0, whichgives ax0 − my0 = b. Since d divides both a and m, it follows that d dividesax0 −my0 = b.

Conversely, suppose that d divides b. Since we have d = (a,m), there existintegers x′0 and y′0 such that ax′0 −my′0 = d. Let c = b/d. Then we have a(x′0c)−m(y′0c) = dc = b. Let x0 = x′0c and we clearly have ax0 ≡ b mod m.

Suppose that d divides b. To show that ax ≡ b mod m has exactly d solutions,suppose that x0 and x1 are solutions, i.e. they satisfy ax0 ≡ b mod m and ax1 ≡ bmod m, which imply a(x1 − x0) ≡ 0 mod m. Thus, m divides a(x1 − x0), andconsequently m

d divides ad (x1 − x0). Note that a

d and md are relatively prime. It

then follows that md divides x1 − x0, so we have x1 = x0 + kmd for some integer

k. On the other hand, any integer of the form x0 + kmd is a solution, since wehave a(x0 + kmd ) = ax0 + mk ad ≡ b mod m. Also, the solutions x0, x0 + m

d , ...,x0 + (d − 1)md are not equivalent, for if we have x0 + rmd ≡ x0 + smd mod m forsome nonnegative integers r, s with r 6= s and r, s ≤ d − 1, then m would divide|r − s| md , and we would have |r−s|d ∈ Z, which is impossible. Now let x1 = x0 +kmdbe another solution. Then there are integers q and r such that k = qd + r and0 ≤ r ≤ d − 1. Thus, we have x1 = x0 + rmd + qm ≡ x0 + rmd mod m. We haveshown that x0, x0 + m

d , ..., x0 + (d− 1)md are all the solutions, so there are exactlyd solutions which are not equivalent mod m. �

Proposition 2.8. Let F be a finite field with q elements, and let a ∈ F×. Thenxn = a has solutions if and only if a(q−1)/d = 1, where d = (n, q − 1). If there aresolutions, then there are exactly d solutions.

Proof. We have shown that F× is cyclic. Let g be a generator of F× and set a = gb

and x = gy. Then xn = a is equivalent to the congruence ny ≡ b mod q − 1. Theresult follows by applying Lemma 2.7. �

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 5

To conclude our discussion on finite fields, we shall prove the following proposi-tion, using the fact that the multiplicative group of a finite field is cyclic.

Proposition 2.9. For all integers k and rational primes p, we have 1k + 2k + ...+(p− 1)k ≡ 0 mod p if p− 1 does not divide k, and −1 mod p if p− 1 divides k.

Proof. Let g be a generator of F×p , so g has order p − 1. By identifying 1, 2, ...,p − 1 as elements of (Z/pZ)× ∼= F×p and letting i = gri for all integers i with1 ≤ i ≤ p− 1, we have

1k + 2k + ...+ (p− 1)k = (gr1)k + (gr2)k + ...+ (grp−1)k =p−1∑i=1

(gk)ri =p−2∑j=0

(gk)j .

Note that we also have

(gk − 1)p−2∑j=0

(gk)j =p−2∑j=0

gk(j+1) − gkj = gk(p−1) − g0 = 1− 1 = 0

in Fp. Suppose that p−1 does not divide k in Z. Then we have gk 6= 1 in Fp, so wemust have

∑p−2j=0(gk)j = 0 in Fp, which is equivalent to 1k + 2k + ...+ (p− 1)k ≡ 0

mod p. If p−1 divides k in Z, then we have 1k+2k+ ...+(p−1)k = 1+1+ ...+1 =p− 1 = −1 in Fp, which is equivalent to 1k + 2k + ...+ (p− 1)k ≡ −1 mod p. �

2.2. Multiplicative Characters. We shall now introduce multiplicative charac-ters which will later be used to define Gauss and Jacobi sums.

Definition 2.10. Let Fp denote a finite field with p elements, where p is a rationalprime. A multiplicative character χ on Fp is a group homomorphism from F×p toC×, i.e. it satisfies χ(ab) = χ(a)χ(b) for all a, b ∈ F×p .

An example of a multiplicative character is the trivial multiplicative character εdefined by ε(a) = 1 for all a ∈ F×p .

It is often useful to extend the domain of a multiplicative character to all of Fp.If χ 6= ε, we do this by defining χ(0) = 0. For the trivial character ε, we defineε(0) = 1.

The following proposition summarizes some basic properties of multiplicativecharacters.

Proposition 2.11. Let χ be a multiplicative character on Fp, ε be the trivial char-acter, and a ∈ F×p . Then(a) χ(1) = 1.(b) χ(a) is a (p− 1)st root of unity.(c) χ(a−1) = χ(a)−1 = χ(a).(d)

∑t∈Fp

χ(t) = 0 for χ 6= ε, and∑t∈Fp

ε(t) = p.

Proof. (a) Since we have χ(1) = χ(1 · 1) = χ(1)χ(1) and χ(1) 6= 0, we must haveχ(1) = 1.

(b) For all a ∈ F×p , we have ap−1 = 1, which implies that 1 = χ(1) = χ(ap−1) =χ(a)p−1.

(c) For all a ∈ F×p , we have 1 = χ(1) = χ(aa−1) = χ(a)χ(a−1), which impliesχ(a−1) = χ(a)−1. Since we have |χ(a)| = 1 by part (b), we have χ(a)χ(a) =|χ(a)|2 = 1, which implies χ(a) = χ(a)−1.

6 CHAOFAN CHEN

(d) Suppose χ 6= ε. In this case there is an a ∈ F×p such that χ(a) 6= 1. LetT =

∑t∈Fp

χ(t). Then we have χ(a)T =∑t∈Fp

χ(a)χ(t) =∑t∈Fp

χ(at) = T ,which gives (χ(a)− 1)T = 0, but χ(a)− 1 6= 0, so we must have T = 0. It is clearthat

∑t∈Fp

ε(t) =∑t∈Fp

1 = p. �

The multiplicative characters on Fp form a group by means of the followingdefinitions: (1) If χ and λ are multiplicative characters on Fp, then χλ is the mapgiven by χλ(a) = χ(a)λ(a) for all a ∈ F×p . (2) If χ is a multiplicative character onFp, χ−1 is the map given by χ−1(a) = χ(a)−1. It is not difficult to verify that χλand χ−1 defined above are multiplicative characters on Fp and that these definitionsmake the set of multiplicative characters on Fp into a group. The identity of thisgroup is the trivial character ε.

Theorem 2.12. The group of multiplicative characters on Fp is a cyclic group oforder p−1. For any a ∈ F×p with a 6= 1, there is a character χ on Fp with χ(a) 6= 1.

Proof. We have shown that F×p is a cyclic group of order p−1. Let g be a generatorof F×p . If a is any element of F×p and χ is a multiplicative character on Fp, thenwe have a = gl for some l ∈ Z and χ(a) = χ(g)l. This shows that χ is completelydetermined by the value of χ(g). Since χ(g) is a (p − 1)st root of unity, and sincethere are exactly p−1 of these, it follows that the group of multiplicative characterson Fp has order at most p− 1.

Now define a function λ : F×p → C − {0} by λ(gk) = e2πi(k/(p−1)). It is notdifficult to check that λ is well defined and is a multiplicative character. Supposeλn = ε. Then we have λn(g) = ε(g) = 1. However, we also have λn(g) = λ(gn) =e2πi(n/(p−1)). It follows that p − 1 divides n. Since we have λp−1(a) = λ(ap−1) =λ(1) = 1, we have λp−1 = ε. It then follows that λ is a character of order p − 1,and that ε, λ, λ2, ..., λp−2 are all distinct. Since there are at most p− 1 characterson Fp, ε, λ, λ2, ..., λp−2 must be all the characters on Fp. Thus, the group ofmultiplicative characters is a cyclic group of order p− 1, with λ as a generator.

For any a ∈ F×p with a 6= 1, we have a = gl and p − 1 does not divide l.Consequently, we have λ(a) = λ(gl) = e2πi(l/(p−1)) 6= 1. �

Corollary 2.13. Let a ∈ F×p with a 6= 1, and G be the group of multiplicativecharacters on Fp. Then we have

∑χ∈G χ(a) = 0.

Proof. Let S =∑χ∈G χ(a). Since we have a 6= 1, there is a character λ on Fp with

λ(a) 6= 1. Then we have λ(a)S =∑χ∈G λ(a)χ(a) =

∑χ∈G λχ(a) = S. Thus, we

have (λ(a)− 1)S = 0 and consequently S = 0. �

Multiplicative characters are useful in the study of power congruences. To il-lustrate this, consider the equation xn = a for a ∈ F×p . By Proposition 2.8, weknow that it has solutions if and only if a(p−1)/d = 1, where d = (n, p − 1), andthat if there are solutions, then there are exactly d solutions. We shall now derivea formula for the number of solutions in Fp of the equation xn = a where a ∈ Fpusing characters. For simplicity, we shall assume that n divides p − 1, and in thiscase we have d = (n, p− 1) = n.

Proposition 2.14. Let a ∈ F×p and suppose that n divides p − 1. If xn = a hasno solutions in Fp, then there is a character χ such that χn = ε and χ(a) 6= 1.

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 7

Proof. Let g and λ be the same as in Theorem 2.12. Set χ = λ(p−1)/n. Then wehave χn = λp−1 = ε. Now, we have χ(g) = λ(p−1)/n(g) = λ(g(p−1)/n) = e2πi/n, anda = gl for some l ∈ Z. Since xn = a has no solutions in Fp, n does not divide l andconsequently χ(a) = χ(g)l = e2πi(l/n) 6= 1. �

For a ∈ Fp, let N(xn = a) denote the number of solutions in Fp of the equationxn = a.

Proposition 2.15. If n divides p− 1, then we have N(xn = a) =∑χn=ε χ(a).

Proof. We shall first show that there are exactly n characters of order dividing n.Let χ be a character of order dividing n, and g be a generator of F×p . Since thevalue of χ(g) must be an nth root of unity, there are at most n characters of orderdividing n. Now the character χ given by χ(g) = e2πi/n is a character of order n,and it follows that ε, χ, χ2, ..., χn−1 are n distinct characters of order dividing n.

To prove the formula, note that xn = 0 has one solution in Fp, namely, x = 0.Now, it is not difficult to see that

∑χn=ε χ(0) = 1 since we have ε(0) = 1 and

χ(0) = 0 for χ 6= ε.Now suppose a 6= 0. Suppose, furthermore, that xn = a has solutions in Fp.

Then Proposition 2.8 tells us that there are exactly d = (n, p − 1) = n solutions.Let b be an element of Fp with bn = a. For all characters χ on Fp with χn = ε, wehave χ(a) = χ(bn) = χn(b) = ε(b) = 1. Thus, we have

∑χn=ε χ(a) = n, which is

equal to N(xn = a) in this case.Finally, suppose that xn = a has no solution in Fp (a 6= 0). We must show∑χn=ε χ(a) = 0. Let R =

∑χn=ε χ(a). By the proposition above, there is a

character ρ with ρn = ε and ρ(a) 6= 1. Then we have ρ(a)R =∑χn=ε ρ(a)χ(a) =∑

χn=ε ρχ(a) = R, which gives (ρ(a)− 1)R = 0 and consequently R = 0. �

2.3. An Example of Multiplicative Characters: The Legendre Symbol.We shall now introduce the Legendre symbol, which is a multiplicative characterof order 2 on Fp.

Definition 2.16. Let a and m be two integers with (a,m) = 1. Then a is aquadratic residue mod m if the congruence x2 ≡ a mod m has a solution. Otherwisea is a quadratic nonresidue mod m.

Definition 2.17. Let p be an odd rational prime. The Legendre symbol, denotedby(ap

), equals 1 if a is a quadratic residue mod p, −1 if a is a quadratic nonresidue

mod p, and 0 if p divides a.

The following proposition summarizes some properties of the Legendre symbol.

Proposition 2.18. Let a, b ∈ Z, and p be an odd rational prime. Then(a)

(ap

)≡ a(p−1)/2 mod p; in particular, we have

(−1p

)= (−1)(p−1)/2.

(b) a ≡ b mod p implies(ap

)=(bp

).

(c)(abp

)=(ap

)(bp

).

Proof. (a) If p divides a, then we have a(p−1)/2 ≡ 0 =(ap

)mod p. Suppose that

p does not divide a. Then we have ap−1 ≡ 1 mod p, which gives (a(p−1)/2 +1)(a(p−1)/2 − 1) = ap−1 − 1 ≡ 0 mod p. Thus, we have a(p−1)/2 ≡ ±1 mod p. By

8 CHAOFAN CHEN

Proposition 2.8, a(p−1)/2 ≡ 1 mod p if and only if the congruence x2 ≡ a mod phas a solution, i.e. if and only if a is a quadratic residue mod p. This establishes(ap

)≡ a(p−1)/2 mod p. Letting a = −1, we have

(−1p

)= (−1)(p−1)/2.

(b) Part (b) is obvious from the definition.(c) By part (a), we have

(abp

)≡ (ab)(p−1)/2 = a(p−1)/2b(p−1)/2 ≡

(ap

)(bp

)mod

p. Thus, we have(abp

)≡(ap

)(bp

)mod p, which implies

(abp

)=(ap

)(bp

). �

Corollary 2.19. Let p be an odd rational prime. Then −1 is a quadratic residuemod p if and only if p ≡ 1 mod 4.

Proof. −1 is a quadratic residue mod p if and only if (−1)(p−1)/2 =(−1p

)= 1 if

and only if (p− 1)/2 is even if and only if p ≡ 1 mod 4. �

Corollary 2.20. Let p be an odd rational prime. Then there are (p−1)/2 quadraticresidues mod p and as many quadratic nonresidues mod p.

Proof. Proposition 2.8 implies that a(p−1)/2 ≡ 1 mod p has (p − 1)/2 solutions.Thus, there are (p−1)/2 quadratic residues mod p and (p−1)−((p−1)/2) = (p−1)/2quadratic nonresidues mod p. �

Proposition 2.18(b) allows us to regard the Legendre symbol(ap

)as a function

of the coset of a mod p, and consequently as a function on Fp. Proposition 2.18(c)then allows us to regard the Legendre symbol as a multiplicative character on Fp.

Note that for all a 6≡ 0 mod p, we have(ap

)2

= 1. This, together with Corollary2.20, implies that the Legendre symbol is a character of order 2.

Proposition 2.21. Let p be an odd rational prime. Then we have∑p−1t=0

(tp

)= 0.

Proof. This is a special case of Proposition 2.11(d). �

The law of quadratic reciprocity is stated in terms of the Legendre symbol: Letp and q be odd rational primes. Then we have

(pq

)(qp

)= (−1)((p−1)/2)((q−1)/2).

Two proofs will be given in Section 5.

3. Field Extensions and Rings of Integers

In this section, we shall solve two of the questions we have posed in the Intro-duction: (1) When does a prime number in Z stay a prime in the ring of algebraicintegers in any quadratic extension of Q? (2) Under what conditions can a rationalprime be written as the sum of squares of two integers in Z?

3.1. Field Extensions.

Definition 3.1. (1) K is an extension field of F , denoted by K/F , if K is a fieldcontaining the subfield F . (2) The degree of a field extension K/F is the dimensionof K as a vector space over F . (3) K is a quadratic extension of F if the degree ofthe field extension K/F is 2.

We shall now give a characterization of quadratic extensions of Q, as follows:

Proposition 3.2. If K is a quadratic extension of Q, then we have K = Q(√d)

for some square-free ordinary integer d.

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 9

Proof. Let β be any element of K not contained in Q. Then β is a root to apolynomial f(x) of degree at most 2 in Q[x]. Now, f(x) cannot be of degree 1, sinceβ is not an element of Q by assumption. It follows that f(x) must be of degree2, and that Q(β) is a quadratic extension of Q; since we have Q ⊂ Q(β) ⊆ K, wemust have K = Q(β).

Suppose f(x) = ax2 + bx + c (a 6= 0). Then the quadratic formula tells usβ = −b±

√b2−4ac2a . (Here b2−4ac is not a square in Q and

√b2 − 4ac denotes a root to

the polynomial x2−(b2−4ac) in K.) Consequently, we have Q(β) ⊆ Q(√b2 − 4ac).

Conversely, we have√b2 − 4ac = ±(b + 2aβ), which gives Q(

√b2 − 4ac) ⊆ Q(β).

Thus, we have Q(β) = Q(√b2 − 4ac); since

√b2 − 4ac = y

√d for some nonzero

y ∈ Q and some square-free ordinary integer d, we have Q(√b2 − 4ac) = Q(

√d).

The proof is now complete. �

For the rest of the paper, we shall define the norm N : Q(√d) → Q (where

d is a square-free ordinary integer) by N(γ) = γγ′ where γ′ = a − b√d for all

γ = a + b√d ∈ Q(

√d) (Note that γ′ = γ is the complex conjugate of γ when

d is a negative integer in Z). It is easy to check that N is multiplicative, i.e.N(αβ) = N(α)N(β).

3.2. Rings of Algebraic Integers in Extension Fields of Q. We shall nowextend the concept of ordinary integers and define algebraic integers in an extensionfield of Q. Let K be an extension field of Q.

Definition 3.3. An element α ∈ K is an algebraic integer if α is a root to somemonic polynomial with coefficients in Z.

The set of all algebraic integers in an extension field of Q forms a ring. To provethis, we need a lemma.

Lemma 3.4. Suppose that α belongs to a ring R in K that is a finitely generatedZ module. Then α is an algebraic integer.

Proof. Let R be a ring which is also the Z module generated by g1, ..., gn. Thenfor each i ∈ Z with 1 ≤ i ≤ n, we have αgi =

∑nj=1 cijgj for some cij ∈ Z. Let g

denote the column vector with entries gi. Then we have αg = Mg where M is then × n matrix with entries cij . Thus, α is an eigenvalue of M in K, and satisfiesthe characteristic polynomial of M , which is a monic polynomial with coefficientsin Z. �

Theorem 3.5. The set of all algebraic integers in K, denoted by OK , forms a ring(an integral domain, in fact).

Proof. Let α and β be algebraic integers in K. Suppose αn+an−1αn−1 + ...+a1α+

a0 = 0 and βm + bm−1βm−1 + ...+ b1β + b0 = 0 with ai, bj ∈ Z. Let R be the set

of all Z linear combinations of αiβj with i, j ∈ Z, 0 ≤ i < n and 0 ≤ j < m. ThenR is a ring in K that is a finitely generated Z module. Since α+ β and αβ belongto R, by the lemma above, we conclude that α + β and αβ are algebraic integersin K. �

We can extend the concept of congruence from Z to OK , as follows: If γ1, γ2 andλ are elements of OK with λ 6= 0, we say that γ1 is congruent to γ2 mod λ (γ1 ≡ γ2

mod λ) if we have γ1 − γ2 = δλ for some δ ∈ OK . The following proposition givesa useful property of congruences in OK .

10 CHAOFAN CHEN

Proposition 3.6. Let ω1, ω2 be any elements of OK and p be a rational prime.Then we have (ω1 + ω2)p ≡ ωp1 + ωp2 mod p.

Proof. We have

(ω1 + ω2)p = ωp1 +p−1∑k=1

(p

k

)ωp−k1 ωk2 + ωp2 .

Since p divides(pk

)for 1 ≤ k ≤ p−1 and OK is a ring, we have the desired result. �

To illustrate the usefulness of the notion of congruence in a ring of algebraicintegers, we shall compute

(2p

)where p is an odd rational prime.

Proposition 3.7. Let p be an odd rational prime. Then we have(

2p

)= (−1)(p

2−1)/8.

Proof. Let ζ = e2πi/8. Then we have (ζ4 + 1)(ζ4 − 1) = ζ8 − 1 = 0, which impliesζ4 = −1. Consequently, we have ζ2 + ζ−2 = ζ4ζ−2 + ζ−2 = −ζ−2 + ζ−2 = 0, and(ζ + ζ−1)2 = ζ2 + 2 + ζ−2 = 2.

Let τ = ζ + ζ−1. Note that both ζ and τ are algebraic integers in C. We maythus work with congruences in the ring of algebraic integers in C.

Now, since τp−1 = (τ2)(p−1)/2 = 2(p−1)/2 ≡(

2p

)mod p, we have τp ≡

(2p

)τ

mod p. By Proposition 3.6, we also have τp = (ζ + ζ−1)p ≡ ζp + ζ−p mod p. Sinceζ8 = 1, we have ζp + ζ−p = ζ + ζ−1 = τ for p ≡ ±1 mod 8 and ζp + ζ−p = ζ3 + ζ−3

for p ≡ ±3 mod 8. Note that we have ζ3 = ζ4ζ−1 = −ζ−1 and ζ−3 = −ζ, so wehave ζp + ζ−p = −(ζ + ζ−1) = −τ for p ≡ ±3 mod 8. Thus, we have ζp + ζ−p =(−1)(p

2−1)/8τ , and consequently(

2p

)τ ≡ (−1)(p

2−1)/8τ mod p; multiplying both

sides of the congruence relation by τ , we obtain(

2p

)2 ≡ (−1)(p

2−1)/82 mod p,

which implies(

2p

)= (−1)(p

2−1)/8. �

We shall now present two important properties of algebraic integers. The firstproposition establishes the existence of a minimal polynomial for each algebraicinteger (in fact, for each algebraic number, which is a root to some polynomial inQ[x]), and the second gives a simple criterion for α to be an algebraic integer interms of the minimal polynomial for α.

Proposition 3.8. If α is an algebraic number then α is a root to a unique monicirreducible polynomial f(x) ∈ Q[x]. Furthermore, if we have g(x) ∈ Q[x], g(α) = 0,then f(x) divides g(x).

Proof. Let f(x) be a monic polynomial in Q[x] of the smallest degree for whichα is a root. Then f(x) is irreducible in Q[x]. For any g(x) ∈ Q[x] with g(α) =0, if f(x) does not divide g(x), then we have (f(x), g(x)) = 1 and consequentlyf(x)s(x) + g(x)t(x) = 1 for some polynomials s(x), t(x) ∈ Q[x]. However, we alsohave f(α)s(α) + g(α)t(α) = 0 6= 1. Thus, we must have f(x) | g(x). Uniqueness off(x) now follows immediately. �

The polynomial f(x) defined in the above proposition is called the minimalpolynomial of α. Thus, a minimal polynomial for an algebraic number α is a monicpolynomial in Q[x] of the smallest degree for which α is a root; it is irreduciblein Q[x], is unique and has the property that if g(x) is a polynomial in Q[x] withg(α) = 0, then f(x) divides g(x).

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 11

Proposition 3.9. An element α in some field extension K of Q is an algebraicinteger if and only if α is a root of some nonzero polynomial in Q[x] and its minimalpolynomial has coefficients in Z. In particular, the algebraic integers in Q are theordinary integers Z.

Proof. If α is a root of some nonzero polynomial in Q[x] and its minimal polynomialhas coefficients in Z, then α is an algebraic integer by definition. Conversely,suppose that α is an algebraic integer. Let f(x) be a monic polynomial in Z[x]of the smallest degree having α as a root. If f(x) were reducible in Q[x], then f(x)would be reducible in Z[x] and we would have f(x) = g(x)h(x) for some monicpolynomials g(x), h(x) ∈ Z[x] of degree at least one but smaller than the degree off(x) (This is a special case of a result known as Gauss’ Lemma, which states thatif R is a unique factorization domain with field of fractions F and f(x) ∈ R[x] isreducible in F [x], then f(x) is reducible in R[x]; for a proof of Gauss’ Lemma, see [2]pp. 303-304). Consequently, α would be a root of either g(x) or h(x), contradictingthe minimality of the degree of f(x). Hence, f(x) is irreducible in Q[x], and it isthe minimal polynomial of α. It then follows that the minimal polynomial of α hascoefficients in Z. Finally, the minimal polynomial of α = a/b ∈ Q (a/b reduced tothe lowest terms and b > 0) is x − (a/b). Hence, α is an algebraic integer if andonly if b = 1. This shows that the algebraic integers in Q are the ordinary integersZ. �

We shall now determine the ring of algebraic integers in any quadratic extensionQ(√d) (where d ∈ Z is square-free) of Q.

Proposition 3.10. Let d ∈ Z be a square-free integer. The ring of algebraicintegers in Q(

√d) (known as the quadratic integer ring) is Z[α] where α =

√d if

d ≡ 2 or 3 mod 4, and α = 1+√d

2 if d ≡ 1 mod 4.

Proof. Since α satisfies α2− d = 0 for d ≡ 2 or 3 mod 4 and α2−α+ (1− d)/4 = 0for d ≡ 1 mod 4, it follows that α is an algebraic integer, so Z[α] is containedin the ring of algebraic integers in Q(

√d). To show that Z[α] is the full ring of

algebraic integers in Q(√d), we let γ = a + b

√d with a, b ∈ Q, and suppose that

γ is an algebraic integer. If b = 0, then we have γ = a ∈ Q and consequentlyγ ∈ Z ⊆ Z[α]. If b 6= 0, the minimal polynomial of γ is x2− 2ax+ (a2− b2d). Thenthe proposition above tells us that 2a and a2 − b2d are both elements of Z. Thenwe have 4(a2 − b2d) = (2a)2 − (2b)2d ∈ Z, which implies (2b)2d ∈ Z. Since d ∈ Z issquare-free, we must have 2b ∈ Z. Write a = x/2 and b = y/2 for some x, y ∈ Z.Since we have a2 − b2d ∈ Z, we must have x2 − y2d ≡ 0 mod 4. Since 0 and 1 arethe only squares mod 4 and d is not divisible by 4, the only possibilities are thefollowing:

(1) d ≡ 2 or 3 mod 4 and x, y are both even, or(2) d ≡ 1 mod 4 and x, y are both even or both odd.In case (1), we have a, b ∈ Z and γ ∈ Z[

√d] = Z[α]. In case (2), we have

γ = a + b√d = r + sα with r = (x − y)/2 ∈ Z and s = y ∈ Z, so again γ ∈ Z[α].

Thus, we conclude that the ring of algebraic integers in Q(√d) is Z[α]. �

For the rest of the paper, let Z[α] denote the quadratic integer ring as in theproposition above. Recall that a prime element p in an integral domain R is onewhich satisfies the property that if p divides ab for a, b ∈ R, then p divides a or

12 CHAOFAN CHEN

p divides b. In the language of ideals, p is a prime element of R if it satisfies theproperty that ab ∈ (p) implies a ∈ (p) or b ∈ (p). We have seen that a rationalprime needs not be a prime in Z[α]. To answer the question when a rational primestays a prime in Z[α], we shall give a simple criterion in terms of the Legendresymbol.

Proposition 3.11. Let p be an odd rational prime. For any prime ideal P in Z[α],define P ′ = {γ′ : γ ∈ P}.(a) If

(dp

)= −1, then we have (p) = P for some prime ideal P in Z[α] (In this

case, we say that p is inert).(b) If

(dp

)= 1, then we have (p) = PP ′ and P 6= P ′ for some prime ideal P in

Z[α] (In this case, we say that p splits).(c) If

(dp

)= 0, then we have (p) = P 2 for some prime ideal P in Z[α] (In this

case, we say that p ramifies).

Proof. (a) Suppose(dp

)= −1. Let f(x) be the minimal polynomial of α. Note

that we have f(x) = x2− d for d ≡ 2 or 3 mod 4, and f(x) = x2−x+ (1− d)/4 ford ≡ 1 mod 4, and f(x) is reducible in Fp[x] if and only if d is a quadratic residuemod p. Thus, f(x) is irreducible in Fp[x], which means that (f(x)) is a prime idealin Fp[x]. It then follows that Z[α]/(p) ∼= Fp[x]/(f(x)) is an integral domain, andconsequently, (p) is a prime ideal in Z[α].

(b) Suppose(dp

)= 1. Then we have a2 ≡ d mod p for some a ∈ Z. Note

that we have (p, a +√d)(p, a −

√d) = (p)(p, a +

√d, a −

√d, (a2 − d)/p). Since

(p, a +√d, a −

√d, (a2 − d)/p) contains p and 2a which are relatively prime in

Z, (p, a +√d, a −

√d, (a2 − d)/p) contains 1 and is consequently the whole ring

Z[α]. Thus, we have (p, a+√d)(p, a−

√d) = (p). If (p, a+

√d) = (p, a−

√d), then

(p, a+√d) would contain p and 2a, and would be the whole ring Z[α]. Consequently,

(p) would be the whole ring Z[α], which is impossible. Setting P = (p, a+√d), we

have the desired result.(c) Suppose

(dp

)= 0. Note that we have (p,

√d)2 = (p)(p,

√d, d/p). Since

(p,√d, d/p) contains p and d/p which are relatively prime in Z (because d ∈ Z is

square-free), (p,√d, d/p) contains 1 and is consequently the whole ring Z[α]. Thus,

we have (p,√d)2 = (p). Setting P = (p,

√d), we have the desired result. �

The case where p = 2 requires separate treatment.

Proposition 3.12. Let p = 2. For any prime ideal P in Z[α], define P ′ in thesame way as in the proposition above.(a) If d ≡ 5 mod 8, then we have (2) = P for some prime ideal P in Z[α].(b) If d ≡ 1 mod 8, then we have (2) = PP ′ and P 6= P ′ for some prime ideal P inZ[α].(c) If d ≡ 2 or 3 mod 4, then we have (2) = P 2 for some prime ideal P in Z[α].

Proof. (a) Suppose d ≡ 5 mod 8. Then we have d ≡ 1 mod 4. Let f(x) be theminimal polynomial of α = (1 +

√d)/2. Then we have f(x) = x2− x+ (1− d)/4 =

x2−x+1 in F2[x]. Note that f(x) = x2−x+1 is irreducible in F2[x], which meansthat (f(x)) is a prime ideal in F2[x]. It then follows that Z[α]/(2) ∼= F2[x]/(f(x))is an integral domain, and consequently, (2) is a prime ideal in Z[α].

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 13

(b) If d ≡ 1 mod 8, we have d ≡ 1 mod 4 and (2, (1 +√d)/2)(2, (1 −

√d)/2) =

(2)(2, (1 +√d)/2, (1−

√d)/2, (1− d)/8). Note that (2, (1 +

√d)/2, (1−

√d)/2, (1−

d)/8) contains 1 = (1 +√d)/2 + (1 −

√d)/2, and is consequently the whole ring

Z[α]. Thus, we have (2, (1 +√d)/2)(2, (1 −

√d)/2) = (2). If (2, (1 +

√d)/2) =

(2, (1−√d)/2), then (2, (1+

√d)/2) would contain 1, and we would have (2) = Z[α],

which is impossible. Setting P = (2, (1 +√d)/2), we have the desired result.

(c) Suppose d ≡ 2 mod 4. Note that we have (2,√d)2 = (2)(2,

√d, d/2). Since

(2,√d, d/2) contains 2 and d/2 which are relatively prime in Z, (2,

√d, d/2) contains

1 and is consequently the whole ring Z[α]. Thus, we have (2,√d)2 = (2). Setting

P = (2,√d), we have the desired result.

Suppose d ≡ 3 mod 4. Note that we have (2, 1+√d)2 = (2)(2, 1+

√d, (1+

√d)2

2 ) =(2)(2, 1 +

√d, 1+d

2 +√d). Since (2, 1 +

√d, 1+d

2 +√d) contains 2 and 1−d

2 = (1 +√d)− ( 1+d

2 +√d), which are relatively prime in Z, (2, 1 +

√d, 1+d

2 +√d) contains 1

and is consequently the whole ring Z[α]. Thus, we have (2, 1 +√d)2 = (2). Setting

P = (2, 1 +√d), we have the desired result. �

To conclude our discussion on quadratic integer rings, we shall use the normdefined on quadratic extensions of Q to characterize the units in quadratic integerrings.

Proposition 3.13. The element γ is a unit in Z[α] if and only if N(γ) = ±1.

Proof. Suppose N(γ) = ±1. Then we have γγ′ = ±1, so ±γ′ = γ−1. Since ±γ′ liesin Z[α], we see that γ is a unit in Z[α].

Suppose that γ is a unit in Z[α]. Then there exists a δ ∈ Z[α] satisfying γδ = 1.Thus, we have N(γ)N(δ) = 1. Since N(γ) and N(δ) are ordinary integers, we musthave N(γ) = ±1. �

3.3. The Ring of Gaussian Integers Z[i]. Let i =√−1. The ring of Gaussian

integers Z[i] is the ring of algebraic integers in the quadratic extension Q(√−1) of

Q. The elements of Z[i] are complex numbers of the form a + bi with a, b ∈ Z. Ifγ = a+ bi is an element of Z[i], then the complex conjugate of γ is γ = a− bi, andthe norm of γ (defined on Q(

√−1) as in Section 3.1) is N(γ) = γγ = a2 + b2. We

shall now use Propositions 3.11, 3.12 and 3.13 to characterize the prime elementsand the units in Z[i].

Proposition 3.14. Let p be a rational prime. If p ≡ 3 mod 4, then p is inert inZ[i]. If p ≡ 1 mod 4, then p splits in Z[i]. Finally, 2 ramifies in Z[i].

Proof. If p ≡ 3 mod 4, we have(−1p

)= (−1)(p−1)/2 = −1; consequently, by

Proposition 3.11, p is inert in Z[i].If p ≡ 1 mod 4, we have

(−1p

)= (−1)(p−1)/2 = 1; consequently, by Proposition

3.11, p splits in Z[i].Finally, we have −1 ≡ 3 mod 4; consequently, by Proposition 3.12, 2 ramifies in

Z[i]. �

Proposition 3.15. The element γ ∈ Z[i] is a unit if and only if N(γ) = 1. Theunits in Z[i] are 1, −1, i, and −i.

14 CHAOFAN CHEN

Proof. The first assertion follows from Proposition 3.13 and the observation thatN(γ) is a nonnegative integer for all γ ∈ Z[i].

Now suppose that γ = a+ bi is a unit in Z[i]. Then we have N(γ) = a2 + b2 = 1.The only possibilities are a = ±1 and b = 0, or a = 0 and b = ±1. It then followsthat the units in Z[i] are 1, −1, i, and −i. �

Recall that a Euclidean domain R is an integral domain with the property thatthere is a function η : R − {0} → Z≥0 such that if a and b are two elements of Rwith b 6= 0, then there exist q, r ∈ R satisfying a = qb + r and either r = 0 orη(r) < η(b). We shall now prove that Z[i] is a Euclidean domain, and make use ofthe fact that Euclidean domains are principal ideal domains (PIDs).

Proposition 3.16. The ring of Gaussian integers Z[i] is a Euclidean domain.

Proof. Let N denote the norm on Q(√−1). Let γ = a + bi and δ = c + di be two

elements of Z[i] with δ 6= 0.Then we have γ

δ = r+ si for some r, s ∈ Q. Choose integers m and n satisfying|r −m| ≤ 1

2 and |s− n| ≤ 12 . Set ρ = m + ni. Then we have ρ ∈ Z[i] and

N(γδ − ρ) = (r −m)2 + (s− n)2 ≤(

12

)2 +(

12

)2 = 12 .

Set τ = γ−ρδ. Then we have τ ∈ Z[i] and either τ = 0 or N(τ) = N(δ(γδ −ρ)) =N(δ)N(γδ −ρ) ≤ 1

2N(δ) < N(δ). Thus, N makes Z[i] into a Euclidean domain. �

Theorem 3.17. (Fermat’s Theorem on sums of squares) A rational prime p is thesum of the squares of two integers in Z, i.e. p = a2 + b2 for some a, b ∈ Z, if andonly if p = 2 or p ≡ 1 mod 4.

Proof. Note that p = 2 or p ≡ 1 mod 4 if and only if p ramifies or splits in Z[i](Proposition 3.14), if and only if p = γδ for some nonunits γ, δ ∈ Z[i] (Here, weuses the fact that Z[i] is a PID). If p = γδ for some nonunits γ, δ ∈ Z[i], thenwe have p2 = N(p) = N(γ)N(δ); since N(γ) 6= 1 and N(δ) 6= 1, we must havep = N(γ) = a2 + b2 for some a, b ∈ Z. Conversely, if p = a2 + b2 for some a, b ∈ Z,then we have p = (a+ bi)(a− bi), and both a+ bi and a− bi are nonunits in Z[i].The desired result now follows. �

The same reasoning can be used to characterize the rational primes p which canbe written as p = a2 + 2b2 for some a, b ∈ Z. Instead of Z[i], we shall now workwith Z[

√−2]. Like Z[i], Z[

√−2] is also a Euclidean domain, and consequently a

PID. We shall now prove that a rational prime p can be written as p = a2 + 2b2 forsome a, b ∈ Z if and only if p = 2, or p ≡ 1 mod 8, or p ≡ 3 mod 8, or p ≡ 1 mod16, or p ≡ 11 mod 16, as follows:

Note that p = 2, or p ≡ 1 mod 8, or p ≡ 3 mod 8, or p ≡ 1 mod 16, or p ≡ 11mod 16 if and only if p = 2, or p−1

2 + p2−18 = (p−1)(p+5)

8 is an even integer in Z,

if and only if p = 2, or(−2p

)=(−1p

)(2p

)= (−1)

p−12 + p2−1

8 = 1, if and only if p

ramifies or splits in Z[√−2], if and only if p = γδ for some nonunits γ, δ ∈ Z[

√−2].

If p = γδ for some nonunits γ, δ ∈ Z[√−2], then we have p2 = N(p) = N(γ)N(δ);

since N(γ) 6= 1 and N(δ) 6= 1, we must have p = N(γ) = a2 +2b2 for some a, b ∈ Z.Conversely, if p = a2+2b2 for some a, b ∈ Z, then we have p = (a+b

√−2)(a−b

√−2),

and both a+ b√−2 and a− b

√−2 are nonunits in Z[

√−2]. The desired result now

follows.

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 15

In general, the question whether a rational prime p can be written as p = a2+nb2

for some a, b ∈ Z is much more difficult to answer, and the technique used above tocharacterize the rational primes p which can be written as p = a2+b2 or p = a2+2b2

for some a, b ∈ Z cannot be generalized for an arbitrary ordinary integer n, becauseit relies on the fact that Z[i] = Z[

√−1] and Z[

√−2] are PIDs, but Z[

√−n] is, in

general, not necessarily a PID. For example, Z[√−5] is not a PID, and the above

technique cannot be used to characterize the rational primes p which can be writtenas p = a2 + 5b2.

3.4. The Ring Z[ω]. Let ω = −1+√−3

2 . Note that we have ω2 = −1−√−3

2 = ω

and 1 + ω + ω2 = 0, and 1, ω and ω2 are the three cubic roots of unity. Thering Z[ω] = Z[ 1+

√−3

2 ] is the ring of algebraic integers in the quadratic extensionQ(√−3) of Q. The elements of Z[ω] are complex numbers of the form a+ bω with

a, b ∈ Z. Let γ = a + bω ∈ Z[ω], and γ denote the complex conjugate of γ. Thenthe norm of γ (defined on Q(

√−3) as in Section 3.1) is N(γ) = γγ = a2 − ab+ b2.

We shall prove that Z[ω] is also a Euclidean domain, and use Propositions 3.11,3.12 and 3.13 again to investigate the units and the prime elements in Z[ω]. Fornotational convenience we shall set D = Z[ω].

Proposition 3.18. D is a Euclidean domain.

Proof. Let N denote the norm on Q(√−3). Let γ and δ be two elements of D with

δ 6= 0. Then we have γδ = γδ

δδ= r + sω for some r, s ∈ Q. We have used the facts

that δδ = N(δ) is a positive integer and that γδ lies in D since both γ and δ areelements of D and D is a ring.

Choose m, n ∈ Z with |r −m| ≤ 12 and |s− n| ≤ 1

2 . Set ρ = m+ nω. Then wehave ρ ∈ D andN(γδ−ρ) = (r−m)2−(r−m)(s−n)+(s−n)2 ≤

(12

)2+ 12

12+(

12

)2 = 34 .

Set τ = γ− ρδ. Then we have τ ∈ D and either τ = 0 or N(τ) = N(δ(γδ − ρ)) =N(δ)N(γδ − ρ) ≤ 3

4N(δ) < N(δ). Thus, N makes D into a Euclidean domain. �

Proposition 3.19. The element γ ∈ D is a unit if and only if N(γ) = 1. Theunits in D are 1, −1, ω, −ω, ω2, and −ω2.

Proof. The first assertion follows from Proposition 3.13 and the observation thatN(γ) is a nonnegative integer for all γ ∈ D.

Now suppose that γ = a+bω is a unit in D. Then we have N(γ) = a2−ab+b2 = 1and consequently (2a− b)2 + 3b2 = 4. There are two possibilities:

(1) 2a− b = ±1 and b = ±1, or(2) 2a− b = ±2 and b = 0.Solving the six pairs of equations, we see γ = 1, −1, ω, −ω, −1 − ω = ω2 or

1+ω = −ω2. It then follows that the units in D are 1, −1, ω, −ω, ω2, and −ω2. �

The following propositions characterize the prime elements of Z[ω].

Proposition 3.20. If π is a prime in D, then there is a rational prime p such thatN(π) = p or p2. In the former case, π is not an associate to a rational prime; inthe latter case π is associate to p.

Proof. Since π is a prime in D, we have N(π) = ππ = n for some n ∈ Z withn > 1. Since n is a product of rational primes, π divides p for some rational primep. Suppose p = πγ for some γ ∈ D. Then we have N(π)N(γ) = N(p) = p2. Thus,

16 CHAOFAN CHEN

we must have N(π) = p, or N(π) = p2 and N(γ) = 1. In the former case, if wehad π = uq for some unit u ∈ D and some rational prime q, then we would havep = N(π) = N(u)N(q) = q2, which is impossible. Thus, π is not an associate to arational prime. In the latter case, since γ is a unit, π is associate to p. �

Proposition 3.21. If π ∈ D satisfies N(π) = p where p is a rational prime, thenπ is a prime element of D.

Proof. If π were not prime in D, π would be reducible in D (since D is a Euclideandomain), so we could write π = ργ for some ρ, γ ∈ D with N(ρ) > 1 and N(γ) > 1.Then we would have p = N(π) = N(ρ)N(γ), which is impossible since p is a rationalprime. Thus, π is a prime element of D. �

Proposition 3.22. Let p be a rational prime. If p ≡ 2 mod 3, then p is a primeelement of D. If p ≡ 1 mod 3, then we have p = ππ, where π is prime in D. Finallywe have 3 = −ω2(1− ω)2, and 1− ω is prime in D.

Proof. Suppose p ≡ 2 mod 3. If p is odd, then by the law of quadratic reciprocity(which is stated in Section 2 and will be proved in Section 5), we have(

−3p

)=(−1p

)(3p

)= (−1)(p−1)/2(−1)((p−1)/2)((3−1)/2)

(p3

)=(p

3

)=(

23

)= −1,

and consequently, by Proposition 3.11, p is a prime element of D. If p = 2, since−3 ≡ 1 mod 4 and −3 ≡ 5 mod 8, by Proposition 3.12, 2 is a prime element of D.

Suppose p ≡ 1 mod 3. A similar calculation shows(−3p

)=(p3

)=(

13

)= 1.

By Proposition 3.11, we have (p) = PP ′; since D is a PID, we have P = (π) andP ′ = (γ) for some π, γ ∈ D with N(π) > 1 and N(γ) > 1. Consequently, wehave p = uπγ for some unit u ∈ D, and p2 = N(p) = N(π)N(γ), which impliesp = N(π) = ππ.

Finally, since x2 +x+1 = (x−ω)(x−ω2), setting x = 1, we have 3 = (1−ω)(1−ω2) = (1 + ω)(1 − ω)2 = −ω2(1 − ω)2. Since 32 = N(3) = N(−ω2)N((1 − ω)2) =(N(1 − ω))2, we must have N(1 − ω) = 3. By Proposition 3.21, 1 − ω is prime inD. �

We need a notion of primary primes to eliminate the ambiguity caused by thefact that every nonzero element of D has six associates.

Definition 3.23. If π is a prime element of D, we say that π is primary if π ≡ 2mod 3.

If π = a+ bω is a complex prime, the definition above is equivalent to a ≡ 2 mod3 and b ≡ 0 mod 3.

Proposition 3.24. Let π be a prime element of D with N(π) = p ≡ 1 mod 3.Among the associates of π exactly one is primary.

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 17

Proof. Let π = a + bω. The associates of π are π, −π, ωπ, −ωπ, ω2π and −ω2π,which, in terms of a and b, are(a) a+ bω,(b) −a− bω,(c) −b+ (a− b)ω,(d) b+ (b− a)ω,(e) (b− a)− aω, and(f) (a− b) + aω.

Since we have p = a2−ab+b2, not both a and b are divisible by 3. By comparing(a) and (d), we may assume that 3 does not divide a. By considering (a) and (b),we may assume a ≡ 2 mod 3. Under these assumptions, p = a2 − ab + b2 implies1 ≡ 4− 2b+ b2 mod 3, which gives b(b− 2) ≡ 0 mod 3. If b ≡ 0 mod 3, then a+ bωis primary. If b ≡ 2 mod 3, then b+ (b− a)ω is primary.

To show the uniqueness of a primary prime among its associates, suppose thata + bω is primary. Then we have a ≡ 2 mod 3 and b ≡ 0 mod 3. Since we have−a ≡ 1 mod 3, −b ≡ 0 mod 3 and b ≡ 0 mod 3, (b), (c) and (d) are not primary.Since we have −a ≡ 1 mod 3 and a ≡ 2 mod 3, (e) and (f) are not primary. �

Let λ 6= 0 be a nonunit in D. Just as in Z, the congruence classes mod λ in Dcan be made into a ring D/λD, called the residue class ring mod λ.

Proposition 3.25. Let π ∈ D be a prime. Then D/πD is a finite field with N(π)elements.

Proof. We shall first prove that D/πD is a field. Note that D/πD is an integraldomain. Let γ be an element of D with γ 6≡ 0 mod π. Since D is a Euclideandomain, there exist δ, ρ ∈ D with γδ + πρ = 1, which gives γδ ≡ 1 mod π. Thisshows that every nonzero element of D/πD is a unit. Thus, D/πD is a field.

To show that D/πD has N(π) elements, we shall consider three cases:(1) Suppose that π = q is a rational prime congruent to 2 mod 3. We claim that

{a+ bω : a, b ∈ Z, 0 ≤ a < q, 0 ≤ b < q} gives a complete set of representatives modq. This will establish that D/qD has q2 = N(q) elements. Let µ = m + nω ∈ D.Then we have m = qs+a and n = qt+b for some s, a, t, b ∈ Z with 0 ≤ a, b < q, andµ ≡ a+ bω mod q. Now, suppose a+ bω ≡ a′ + b′ω mod q with 0 ≤ a, b, a′, b′ < q.Then we have ((a − a′)/q) + ((b − b′)/q)ω ∈ D, implying (a − a′)/q ∈ Z and(b− b′)/q ∈ Z. This is possible only if we have a = a′ and b = b′.

(2) Suppose that π is a prime element of D with ππ = N(π) = p, where pis a rational prime congruent to 1 mod 3. We claim that {0, 1, ..., p− 1} gives acomplete set of representatives mod π. This will establish that D/πD has p = N(π)elements. Let π = a + bω. Since p = N(π) = a2 − ab + b2, p does divide b (forotherwise p would divide π and π, and p would be a unit in D, which is impossible).Let µ = m + nω. Then there exists some c ∈ Z with cb ≡ n mod p, and we haveµ − cπ ≡ m − ca mod p, so µ ≡ m − ca mod π. Thus, every element of D iscongruent to an ordinary integer mod π. For each l ∈ Z, we have l = ps + r forsome s, r ∈ Z with 0 ≤ r < p. Thus, we have l ≡ r mod p, so l ≡ r mod π. Wehave shown that every element of D is congruent to an element of {0, 1, ..., p− 1}mod π. Now, suppose r ≡ r′ mod π with r, r′ ∈ Z and 0 ≤ r, r′ < p. Then we haver − r′ = πγ for some γ ∈ D, and (r − r′)2 = pN(γ), which implies that p dividesr − r′, i.e. r ≡ r′ mod p. Consequently, we must have r = r′.

18 CHAOFAN CHEN

(3) Suppose π = 1− ω. Then we have N(π) = 3. We claim that {0, 1, 2} gives acomplete set of representatives mod π. This will establish that D/πD has 3 = N(π)elements. Let µ = m + nω. Then we have µ + nπ = m + n, so µ ≡ m + n modπ. Thus, every element of D is congruent to an ordinary integer mod π. To showthat every element of D is congruent to an element of {0, 1, 2} mod π, and that 0,1 and 2 are distinct residues mod π, we use the same technique as in case (2), withp replaced by 3. �

Corollary 3.26. Let π be a prime element of D. The multiplicative group (D/πD)×

of D/πD is cyclic with order N(π)− 1. Consequently, if π does not divide γ ∈ D,then we have γN(π)−1 ≡ 1 mod π.

Corollary 3.27. Let π be a prime element of D with N(π) 6= 3, and γ be anelement of D such that π does not divide γ. Then the residue classes of 1, ω,ω2 are distinct in D/πD, and there is a unique integer m = 0, 1 or 2 such thatγ(N(π)−1)/3 ≡ ωm mod π.

Proof. To see that the residue classes of 1, ω, ω2 are distinct in D/πD, suppose,first, ω ≡ 1 mod π. Then π would divide 1−ω, and since 1−ω is prime in D, π and1−ω would be associate, and we would have N(π) = N(1−ω) = 3, a contradiction.Suppose ω2 ≡ 1 mod π. Then π would divide 1 − ω2 = (1 + ω)(1 − ω). Since πis prime in D and π does not divide 1 − ω, π would have to divide 1 + ω = −ω2,but this is impossible since −ω2 is a unit. Finally, suppose ω2 ≡ ω mod π. Thenπ would divide ω − ω2 = ω(1− ω). Since π is a prime in D and π does not divide1− ω, π would have to divide ω, but this is again impossible since ω is a unit.

We know that π divides γN(π)−1−1 = (γ(N(π)−1)/3−1)(γ(N(π)−1)/3−ω)(γ(N(π)−1)/3−ω2). Since π is prime in D, it must divide at least one of the three factors; on theother hand, π can divide at most one of the three factors, since if it divided twofactors, it would divide the difference. Thus, π divides exactly one of the threefactors. The desired result now follows. �

On the basis of Corollary 3.27 we can define the cubic residue character as follows:

Definition 3.28. Let π be a prime element of D with N(π) 6= 3. For all γ ∈ D,the cubic residue character of γ mod π,

(γπ

)3, is given by

(a)(γπ

)3

= 0 if π divides γ.(b)

(γπ

)3≡ γ(N(π)−1)/3 mod π, with

(γπ

)3

= 1, ω or ω2, if π does not divide γ.

The cubic residue character plays an analogous role in the theory of cubic residuesas the Legendre symbol plays in the theory of quadratic residues. For the rest ofthis paper, let χπ(γ) =

(γπ

)3

denote the cubic residue character of γ mod π for allγ ∈ D. The following proposition summarizes some of the properties of the cubicresidue character.

Proposition 3.29. Let π be a prime element of D with N(π) 6= 3. Then for all γ,δ ∈ D, we have(a) χπ(γ) = 1 if and only if x3 ≡ γ mod π is solvable, i.e. if and only if γ is acubic residue mod π.(b) χπ(γ) ≡ γ(N(π)−1)/3 mod π.(c) χπ(γ) = χπ(δ) if γ ≡ δ mod π.(d) χπ(γδ) = χπ(γ)χπ(δ).

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 19

(e) χπ(γ) = χπ(γ)2 = χπ(γ2).(f) χπ(γ) = χπ(γ).

Proof. (a) This is a special case of Proposition 2.8 with F = D/πD, q = N(π),a = γ, and n = 3.

(b) This is immediate from the definition.(c) If γ ≡ δ mod π, we have χπ(γ) ≡ γ(N(π)−1)/3 ≡ δ(N(π)−1)/3 ≡ χπ(δ) mod π,

which implies χπ(γ) = χπ(δ).(d) Since we have χπ(γδ) ≡ (γδ)(N(π)−1)/3 ≡ γ(N(π)−1)/3δ(N(π)−1)/3 ≡ χπ(γ)χπ(δ)

mod π, we must have χπ(γδ) = χπ(γ)χπ(δ).(e) χπ(γ) is by definition 0, 1, ω, or ω2, and each of these squared is equal to its

complex conjugate.(f) Since we have χπ(γ) ≡ γ(N(π)−1)/3 mod π, we must also have χπ(γ) ≡

γ(N(π)−1)/3 = γ(N(π)−1)/3 ≡ χπ(γ) mod π, which implies χπ(γ) = χπ(γ). �

Proposition 3.29 allows us to regard the cubic residue character as a multiplica-tive character of order 3 on D/πD.

Corollary 3.30. Let q be a rational prime with q ≡ 2 mod 3. Then we haveχq(γ) = χq(γ2) and χq(n) = 1 if n ∈ Z is relatively prime to q. In particular, ifq1 6= q2 are two rational primes congruent to 2 mod 3, then q1 and q2 are primeelements of D and we have χq1(q2) = χq2(q1).

Proof. Since q is a rational prime with q ≡ 2 mod 3, q is prime in D and we haveq = q. Consequently, we must have χq(γ) = χq(γ) = χq(γ) = χq(γ2). Since wehave n = n, we must have χq(n) = χq(n) = χq(n)2; if n ∈ Z is relatively prime toq, we have χq(n) 6= 0, which implies χq(n) = 1.

If q1 6= q2 are two rational primes congruent to 2 mod 3, then q1 and q2 are primeelements of D and they are relatively prime to each other in Z; consequently, wemust have χq1(q2) = 1 and χq2(q1) = 1, and the desired result follows immediately.

�

Corollary 3.30 gives a special case of the law of cubic reciprocity. We shall nowstate the general law:

Let π1, π2 ∈ D be primary primes with N(π1), N(π2) 6= 3 and N(π1) 6= N(π2).Then we have χπ1(π2) = χπ2(π1).

A proof will be given in Section 6.

4. Gauss and Jacobi Sums

In this section, we shall develop the concepts of Gauss and Jacobi sums, whichwill be used later to find the number of solutions to congruence equations of theform xn + yn ≡ 1 mod p when n = 2 or 3, and to prove the laws of quadratic andcubic reciprocity.

4.1. Gauss Sums.

Definition 4.1. Let ζ = e2πi/p be a pth root of unity, χ be a multiplicativecharacter on Fp, and a be any element of Fp. Define ga(χ) =

∑t∈Fp

χ(t)ζat. Thenga(χ) is called a Gauss sum on Fp belonging to the character χ.

20 CHAOFAN CHEN

When χ is the Legendre symbol, ga(χ) is called a quadratic Gauss sum, and willbe denoted simply as ga. Thus, we have ga =

∑t∈Fp

(tp

)ζat.

To prove some of the properties of Gauss sums, we need a lemma.

Lemma 4.2.∑p−1t=0 ζ

at is equal to p if a ≡ 0 mod p; otherwise it is zero.

Proof. If a ≡ 0 mod p, we have ζa = 1, so∑p−1t=0 ζ

at =∑p−1t=0 1 = p. If a 6≡ 0 mod

p, we have ζa 6= 1 and∑p−1t=0 ζ

at = (ζap − 1)/(ζa − 1) = 0. �

Corollary 4.3. p−1∑p−1t=0 ζ

t(x−y) = δ(x, y), where δ(x, y) = 1 if x ≡ y mod p andδ(x, y) = 0 if x 6≡ y mod p.

The following propositions summarize the properties of Gauss sums. Again, εdenotes the trivial character on Fp.

Proposition 4.4. If a 6= 0 and χ 6= ε, we have ga(χ) = χ(a−1)g1(χ). If a 6= 0 andχ = ε, we have ga(ε) = 0. If a = 0 and χ 6= ε, we have g0(χ) = 0. If a = 0 andχ = ε, we have g0(ε) = p.

Proof. Suppose a 6= 0 and χ 6= ε. Then we have χ(a)ga(χ) = χ(a)∑t∈Fp

χ(t)ζat =∑t∈Fp

χ(at)ζat = g1(χ), so ga(χ) = χ(a)−1g1(χ) = χ(a−1)g1(χ).If a 6= 0, we have ga(ε) =

∑t∈Fp

ε(t)ζat =∑t∈Fp

ζat = 0, by Lemma 4.2.Now, for all characters χ on Fp, we have g0(χ) =

∑t∈Fp

χ(t)ζ0t =∑t∈Fp

χ(t),which is equal to 0 if χ 6= ε, and is equal to p if χ = ε, by Proposition 2.11(d). �

Corollary 4.5. ga =(ap

)g1.

From now on we shall denote g1(χ) simply as g(χ) and g1 simply as g.

Proposition 4.6. If χ 6= ε, we have |g(χ)| = √p.

Proof. We shall evaluate∑a∈Fp

ga(χ)ga(χ) in two ways.

If a 6= 0, then by Proposition 4.4, we have ga(χ) = χ(a−1)g(χ) and ga(χ) =χ(a−1)g(χ) = χ(a)g(χ), so ga(χ)ga(χ) = χ(a−1)χ(a)g(χ)g(χ) = g(χ)g(χ) = |g(χ)|2.Since g0(χ) = 0, we have

∑a∈Fp

ga(χ)ga(χ) = (p− 1) |g(χ)|2.On the other hand, we have

ga(χ)ga(χ) =∑x∈Fp

∑y∈Fp

χ(x)χ(y)ζa(x−y).

By Corollary 4.3, we have∑a∈Fp

ga(χ)ga(χ) =∑x∈Fp

∑y∈Fp

χ(x)χ(y)δ(x, y)p = (p− 1)p.

Thus, we have (p− 1) |g(χ)|2 = (p− 1)p, which gives the desired result. �

Corollary 4.7. g(χ)g(χ) = χ(−1)p; in particular, g2 = (−1)(p−1)/2p.

Proof. Since g(χ) =∑t∈Fp

χ(t)ζ−t = χ(−1)∑t∈Fp

χ(−t)ζ−t = χ(−1)g(χ), we

have g(χ) = χ(−1)g(χ), so g(χ)g(χ) = χ(−1)g(χ)g(χ) = χ(−1)p. Letting χ be theLegendre symbol, we have g2 = (−1)(p−1)/2p. �

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 21

4.2. Jacobi Sums.

Definition 4.8. Let χ1, χ2, ..., χr be characters on Fp. A Jacobi sum is definedby the formula

J(χ1, χ2, ..., χr) =∑

t1+...+tr=1

χ1(t1)χ2(t2)...χr(tr).

It is useful to define another sum

J0(χ1, χ2, ..., χr) =∑

t1+...+tr=0

χ1(t1)χ2(t2)...χr(tr).

Some properties of Jacobi sums are given in the following propositions.

Proposition 4.9. Let χ1, χ2, ..., χr, χ be characters on Fp, and ε denote the trivialcharacter.(a) J0(ε, ε, ..., ε) = J(ε, ε, ..., ε) = pr−1.(b) J0(χ1, χ2, ..., χr) = J(χ1, χ2, ..., χr) = 0, if some but not all of the χi are trivial.(c) J(χ, χ−1) = −χ(−1), if χ is nontrivial.(d) Suppose χr 6= ε. Then J0(χ1, χ2, ..., χr) is equal to 0 if χ1χ2...χr is nontrivial,and is equal to χr(−1)(p− 1)J(χ1, χ2, ..., χr−1) if χ1χ2...χr is trivial.

Proof. (a) Note that there are pr−1 distinct r-tuples (t1, t2, ..., tr) satisfying t1 +t2 + ... + tr = 0. Thus, we have J0(ε, ε, ..., ε) =

∑t1+...+tr=0

1 = pr−1. The same

reasoning shows J(ε, ε, ..., ε) = pr−1.(b) Suppose that χ1, χ2, ..., χs are nontrivial and χs+1, χs+2, ..., χr are trivial.

Then we have

J0(χ1, χ2, ..., χr) =∑

t1+...+tr=0

χ1(t1)χ2(t2)...χr(tr)

=∑

t1,t2...,tr−1

χ1(t1)χ2(t2)...χs(ts)

= pr−s−1

(∑t1

χ1(t1)

)(∑t2

χ2(t2)

)...

(∑ts

χs(ts)

)= 0.

The same reasoning shows J(χ1, χ2, ..., χr) = 0.(c) Note that we have

J(χ, χ−1) =∑a+b=1

χ(a)χ−1(b) =∑

a+b=1,b 6=0

χ(ab

)=∑a 6=1

χ

(a

1− a

).

Setting c = a1−a , we have

J(χ, χ−1) =∑c6=−1

χ(c) = −χ(−1).

(d) Note that we have

J0(χ1, χ2, ..., χr) =∑s

∑t1+...+tr−1=−s

χ1(t1)...χr−1(tr−1)

χr(s).

22 CHAOFAN CHEN

Since χr is nontrivial, we have χr(0) = 0, and we may assume s 6= 0 in the abovesum. For s 6= 0, define t′i by ti = −st′i. Then we have∑t1+...+tr−1=−s

χ1(t1)...χr−1(tr−1) = χ1χ2...χr−1(−s)∑

t′1+...+t′r−1=1

χ1(t′1)...χr−1(t′r−1)

= χ1χ2...χr−1(−s)J(χ1, ..., χr−1).

Combining these results, we have

J0(χ1, χ2, ..., χr) = χ1χ2...χr−1(−1)J(χ1, ..., χr−1)∑s 6=0

χ1χ2...χr(s).

The desired result follows since∑s 6=0 χ1χ2...χr(s) is equal to 0 if χ1χ2...χr is non-

trivial, and is equal to p− 1 if χ1χ2...χr is trivial. �

Corollary 4.10. Let χ be a nontrivial character. Then we have(a) J(ε, ε) = p.(b) J(ε, χ) = 0.

Proposition 4.11. Suppose that χ1, χ2, ..., χr are nontrivial characters on Fp andχ1χ2...χr is also nontrivial. Then we have

g(χ1)g(χ2)...g(χr) = J(χ1, χ2, ..., χr)g(χ1χ2...χr).

Proof. For t ∈ Fp, define ψ(t) = ζt. Then we have ψ(x + y) = ψ(x)ψ(y) andg(χ) =

∑t∈Fp

χ(t)ψ(t). Now,

g(χ1)g(χ2)...g(χr) =

(∑t1

χ1(t1)ψ(t1)

)...

(∑tr

χr(tr)ψ(tr)

)

=∑s

( ∑t1+...+tr=s

χ1(t1)χ2(t2)...χr(tr)

)ψ(s).

If s = 0, then by Proposition 4.9(d), we have∑t1+...+tr=s

χ1(t1)χ2(t2)...χr(tr) = 0.

For s 6= 0, define t′i by ti = st′i, and then we have∑t1+...+tr=s

χ1(t1)χ2(t2)...χr(tr) = χ1χ2...χr(s)∑

t′1+...+t′r=1

χ1(t′1)χ2(t′2)...χr(t′r)

= χ1χ2...χr(s)J(χ1, χ2, ..., χr).

Combining these results, we have

g(χ1)g(χ2)...g(χr) = J(χ1, χ2, ..., χr)∑s6=0

χ1χ2...χr(s)ψ(s)

= J(χ1, χ2, ..., χr)g(χ1χ2...χr).

�

Corollary 4.12. Suppose that χ1, χ2, ..., χr are nontrivial characters on Fp butχ1χ2...χr is trivial. Then we have

g(χ1)g(χ2)...g(χr) = χr(−1)pJ(χ1, χ2, ..., χr−1)

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 23

andJ(χ1, χ2, ..., χr) = −χr(−1)J(χ1, χ2, ..., χr−1).

If r = 2, set J(χ1) = 1.

Proof. By Proposition 4.11, we have

g(χ1)g(χ2)...g(χr−1) = J(χ1, χ2, ..., χr−1)g(χ1χ2...χr−1).

Multiply both sides of the equation by g(χr). The desired result follows since wehave g(χ1χ2...χr−1)g(χr) = g(χ−1

r )g(χr) = g(χr)g(χr) = χr(−1)p.Note that when r = 2, the second equation is equivalent to Proposition 4.9(c).Suppose r > 2. Using the same reasoning as in the proof of Proposition 4.11

with the hypothesis that χ1χ2...χr is trivial, we have

g(χ1)g(χ2)...g(χr) = J0(χ1, χ2, ..., χr) + J(χ1, χ2, ..., χr)∑s6=0

ψ(s).

Note that we have∑s ψ(s) = 0, so

∑s 6=0 ψ(s) = 0 − ψ(0) = −1. By Proposition

4.9(d), we have J0(χ1, χ2, ..., χr) = χr(−1)(p− 1)J(χ1, χ2, ..., χr−1). Also, we haveg(χ1)g(χ2)...g(χr) = χr(−1)pJ(χ1, χ2, ..., χr−1). Combining these results, we have

J(χ1, χ2, ..., χr) = J0(χ1, χ2, ..., χr)− g(χ1)g(χ2)...g(χr)

= −χr(−1)J(χ1, χ2, ..., χr−1).

�

Corollary 4.13. If χ, λ, and χλ are nontrivial characters, then we have

J(χ, λ) =g(χ)g(λ)g(χλ)

.

Proposition 4.14. Suppose that χ1, χ2, ..., χr are nontrivial.If χ1χ2...χr is nontrivial, then we have

|J(χ1, χ2, ..., χr)| = p(r−1)/2.

If χ1χ2...χr is trivial, then we have

|J0(χ1, χ2, ..., χr)| = (p− 1)p(r/2)−1

and|J(χ1, χ2, ..., χr)| = p(r/2)−1.

Proof. We know |g(χ)| =√p for any nontrivial character χ. Thus, if χ1χ2...χr is

nontrivial, by Proposition 4.11, we have

|J(χ1, χ2, ..., χr)| =|g(χ1)| ... |g(χr)||g(χ1...χr)|

= (√p)r−1 = p(r−1)/2.

If χ1χ2...χr is trivial, by Proposition 4.9(d) and Corollary 4.12, we have

|J0(χ1, χ2, ..., χr)| = (p− 1) |J(χ1, χ2, ..., χr−1)| = (p− 1)p(r−2)/2 = (p− 1)p(r/2)−1,

and|J(χ1, χ2, ..., χr)| = |J(χ1, χ2, ..., χr−1)| = p(r−2)/2 = p(r/2)−1.

�

Corollary 4.15. If χ, λ, and χλ are nontrivial characters, then we have |J(χ, λ)| =√p.

24 CHAOFAN CHEN

Proposition 4.16. Suppose that n ∈ Z is an ordinary integer with n > 2, and thatp is a rational prime with p ≡ 1 mod n. Then there is a character of order n onFp. Let χ be a character of order n on Fp. Then we have

g(χ)n = χ(−1)pJ(χ, χ)J(χ, χ2)...J(χ, χn−2).

Proof. We know that the group of multiplicative characters on Fp is cyclic withorder p− 1. Let λ be a generator of the group. Since n divides p− 1, the characterλ(p−1)/n has order n. This proves existence.

Let χ be a character of order n on Fp. By Corollary 4.13, we have g(χ)2 =J(χ, χ)g(χ2). Multiplying both sides of the equation by g(χ), we have g(χ)3 =J(χ, χ)g(χ2)g(χ) = J(χ, χ)J(χ, χ2)g(χ3). Continuing in this way, we shall obtain

g(χ)n−1 = J(χ, χ)J(χ, χ2)...J(χ, χn−2)g(χn−1).

The desired result follows from multiplying both sides of the equation above byg(χ), since we have g(χn−1)g(χ) = g(χ−1)g(χ) = g(χ)g(χ) = χ(−1)p. �

Corollary 4.17. If p is a rational prime with p ≡ 1 mod 3, then there is a cubiccharacter on Fp. Let χ be a cubic character on Fp. Then we have g(χ)3 = pJ(χ, χ).

Proof. Set n = 3 in the proposition above. The desired result follows since we haveχ(−1) = χ((−1)3) = χ3(−1) = 1. �

The following proposition characterizes the Jacobi sum J(χ, χ) when χ is a cubiccharacter.

Proposition 4.18. Suppose that p is a rational prime with p ≡ 1 mod 3, and thatχ is a cubic character on Fp. Then we have J(χ, χ) = a+ bω, where ω = −1+

√−3

2 ,for some a, b ∈ Z with a ≡ −1 mod 3 and b ≡ 0 mod 3.

Proof. Since χ is a cubic character, the values of χ must be cubic roots of unity, i.e.the values of χ are in the set

{1, ω, ω2

}. By the definition of Jacobi sums, we have

J(χ, χ) =∑x+y=1 χ(x)χ(y), which is a Z linear combination of 1, ω, ω2 = −1−ω,

ω3 = 1 and ω4 = ω. Thus, we have J(χ, χ) = a+ bω for some a, b ∈ Z.Note that we have

g(χ)3 =

(∑t

χ(t)ζt)3

≡∑t

χ(t)3ζ3tmod 3.

Since χ(0) = 0 and χ(t)3 = 1 for t 6= 0, we have∑t χ(t)3ζ3t =

∑t 6=0 ζ

3t = −1.Thus, we have

g(χ)3 = pJ(χ, χ) ≡ a+ bω ≡ −1mod 3.

Since g(χ) = g(χ), we also have

g(χ)3 = pJ(χ, χ) ≡ a+ bω ≡ −1mod 3.

Consequently, we have b(ω − ω) ≡ 0 mod 3, or b√−3 ≡ 0 mod 3. It then follows

that 9 divides −3b2, so 3 divides b. Since 3 divides b and we have a+ bω ≡ −1 mod3, we must have a ≡ −1 mod 3. �

Corollary 4.19. Suppose that p is a rational prime with p ≡ 1 mod 3. There existA, B ∈ Z such that 4p = A2 + 27B2 and A ≡ 1 mod 3.

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 25

Proof. Since p is a rational prime with p ≡ 1 mod 3, there is a cubic character onFp. Let χ be a cubic character on Fp. Then we have shown that J(χ, χ) = a+ bωfor some a, b ∈ Z with a ≡ −1 mod 3 and b ≡ 0 mod 3. Set A = 2a − b andB = b/3. Note that we have A = 2a− b ≡ −2 ≡ 1 mod 3.

Since p = |J(χ, χ)|2 = |a+ bω|2, we have p = a2 − ab + b2. Thus, we have4p = (2a− b)2 + 3b2 = A2 + 27B2. �

4.3. The Equations of the Form xn + yn = 1 in Fp for n = 2 or 3. LetN(xn+yn = 1) denote the number of solutions to equations of the form xn+yn = 1in Fp. To illustrate the usefulness of Gauss and Jacobi sums, we shall use them todetermine N(xn + yn = 1) when n = 2 or 3.

Lemma 4.20. Let p be an odd rational prime, and let N(xn = a) denote the numberof solutions to the equation xn = a in Fp. Then we have N(x2 = a) = 1 +

(ap

).

Proof. This is a special case of Proposition 2.15. �

Proposition 4.21. Let p be an odd rational prime. We have N(x2 + y2 = 1) =p− (−1)(p−1)/2.

Proof. Let χ denote the Legendre symbol mod p. Then we have χ−1 = χ, and

N(x2 + y2 = 1) =∑a+b=1

N(x2 = a)N(y2 = b)

=∑a+b=1

(1 +

(a

p

))(1 +

(b

p

))= p+

∑a

(a

p

)+∑b

(b

p

)+∑a+b=1

(a

p

)(b

p

)= p+ 0 + 0 +

∑a+b=1

χ(a)χ(b)

= p+∑a+b=1

χ(a)χ−1(b)

= p+ J(χ, χ−1)

= p− χ(−1)

= p− (−1)(p−1)/2.

�

Proposition 4.22. Suppose that p is a rational prime with p ≡ 2 mod 3. Then wehave N(x3 + y3 = 1) = p.

Proof. It is clear that x3 = 0 has exactly one solution in Fp, namely, x = 0. Foreach a ∈ F×p , since (3, p − 1) = 1 and a(p−1)/1 = ap−1 = 1, by Proposition 2.8,x3 = a has exactly one solution in Fp. Thus, we have N(x3 = a) = 1 for all a ∈ Fp,and

N(x3 + y3 = 1) =∑a+b=1

N(x3 = a)N(y3 = b) =p−1∑a=0

1 = p.

�

26 CHAOFAN CHEN

Proposition 4.23. Suppose that p is a rational prime with p ≡ 1 mod 3. Thenthere are A, B ∈ Z with 4p = A2 + 27B2. If we require A ≡ 1 mod 3, then A isuniquely determined, and we have N(x3 + y3 = 1) = p− 2 +A.

Proof. We have proved the existence of A, B ∈ Z satisfying 4p = A2 + 27B2

(Corollary 4.19). To show that A is uniquely determined if we require A ≡ 1 mod3, we shall write

4p = A2 + 27B2

= (A+ 3B√−3)(A− 3B

√−3)

= (A+ 3B(2ω + 1))(A− 3B(2ω + 1))

= (A+ 3B + 6Bω)(A− 3B − 6Bω)

= (A+ 3B + 6Bω)(A+ 3B + 6Bω).

Since p is a rational prime with p ≡ 1 mod 3, by Proposition 3.22, we have p = ππ forsome prime element π of Z[ω], and consequently, 4p = 2π2π. Note that there are 12choices of π, because π and π each has six associates, and we can interchange π andπ. Since Z[ω] is a UFD, there is at least one choice of π such that A+3B+6Bω = 2π.Let such a π be equal to x + yω. Then we have A + 3B + 6Bω = 2x + 2yω, i.e.A+3B = 2x and 6B = 2y (or equivalently, 3B = y). Consequently, we have A ≡ 2xmod 3 and y ≡ 0 mod 3. If we require A ≡ 1 mod 3, then we have 2x ≡ 1 mod 3,i.e. x ≡ 2 mod 3. It then follows that π = x+ yω must be a primary prime. Thereare only two primary primes among the 12 choices of π, and they are conjugate toeach other. Suppose that a+bω and a+ bω = a−b−bω are the two primary primessuch that p = (a + bω)(a − b − bω). If A + 3B + 6Bω = 2(a + bω), then we haveA+ 3B = 2a and 6B = 2b, which give A = 2a− b; if A+ 3B+ 6Bω = 2(a− b− bω),then we have A+ 3B = 2a− 2b and 6B = −2b, which again give A = 2a− b. Thisshows that A is uniquely determined.

Since 3 divides p− 1, the proof of Proposition 2.15 shows that there are exactly3 distinct characters ε, χ and χ2 of order dividing 3, where ε is the trivial characterand χ and χ2 both have order 3, and the proposition itself tells us N(x3 = a) =1 + χ(a) + χ2(a). Note that we have χ(−1) = χ((−1)3) = χ3(−1) = 1 and χ2 =χ−1 = χ. We are now ready to compute N(x3 + y3 = 1):

N(x3 + y3 = 1) =∑a+b=1

N(x3 = a)N(y3 = b)

=∑a+b=1

2∑i=0

χi(a)2∑j=0

χj(b)

=2∑i=0

2∑j=0

( ∑a+b=1

χi(a)χj(b)

)= p+ J(χ, χ) + J(χ2, χ2) + J(χ, χ2) + J(χ2, χ)

= p+ J(χ, χ) + J(χ, χ) + 2J(χ, χ−1)

= p+ J(χ, χ) + J(χ, χ)− 2χ(−1)

= p− 2 + 2ReJ(χ, χ).

We have shown that J(χ, χ) = a + bω for some a, b ∈ Z with a ≡ −1 mod 3 andb ≡ 0 mod 3. As in the proof of Corollary 4.19, set A = 2a−b and B = b/3, and we

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 27

have 4p = A2 + 27B2 and A ≡ 1 mod 3. Furthermore, we have shown that this Ais unique. Now, since ReJ(χ, χ) = (2a− b)/2, we have 2ReJ(χ, χ) = 2a− b = A.The proof is now complete. �

5. Law of Quadratic Reciprocity

In this section, we shall work with congruences in the ring of algebraic integers inC, and also with Gauss and Jacobi sums, to give two proofs of the law of quadraticreciprocity.

Theorem 5.1. Let p and q be odd rational primes. Then we have(p

q

)(q

p

)= (−1)((p−1)/2)((q−1)/2).

Proof. The first proof uses quadratic Gauss sums:Let g =

∑t∈Fp

(tp

)ζt and p∗ = (−1)(p−1)/2p. Then we have g2 = p∗, by

Corollary 4.7. Let q 6= p be another odd rational prime. Then we have

gq−1 = (g2)(q−1)/2 = p∗(q−1)/2 ≡(p∗q

)mod q,

which gives

gq ≡(p∗q

)gmod q.

We also have

gq =

∑t∈Fp

(t

p

)ζt

q

≡∑t∈Fp

(t

p

)qζqt = gq =

(q

p

)gmod q.

Thus, we have (q

p

)g ≡

(p∗q

)gmod q.

Multiplying both sides of the congruence equation by g, we have(q

p

)p∗ ≡

(p∗q

)p ∗ mod q,

which implies (q

p

)≡(p∗q

)mod q,

so (q

p

)=(p∗q

)=(−1q

)(p−1)/2(p

q

)= (−1)((q−1)/2)((p−1)/2)

(p

q

).

The second proof uses Gauss and Jacobi sums:Let q be an odd rational prime not equal to p, and χ be the Legendre symbol

mod p (i.e. χ(a) =(ap

). Then χ is a character of order 2 on Fp, and Corollary

4.12 implies

g(χ)q+1 = χ(−1)pJ(χ, χ, ..., χ) = (−1)(p−1)/2pJ(χ, χ, ..., χ),

28 CHAOFAN CHEN

where there are q components in the Jacobi sum. Since q + 1 is even and χ = χ,we also have

g(χ)q+1 = (g(χ)2)(q+1)/2 = (g(χ)g(χ))(q+1)/2 = (χ(−1)p)(q+1)/2

= (−1)((p−1)/2)((q+1)/2)p(q+1)/2.

Thus, we have

(−1)((p−1)/2)((q−1)/2)p(q−1)/2 = J(χ, χ, ..., χ).

Now, J(χ, χ, ..., χ) =∑

t1+t2+...+tq=1

χ(t1)χ(t2)...χ(tq). If t = t1 = t2 = ... = tq, then

we have t = q−1 and χ(t1)χ(t2)...χ(tq) = χ(q−1)q = χ(q−1) = χ(q). If not allthe ti’s are equal, then there are q different q-tuples obtained from (t1, t2, ..., tq) bycyclic permutation, and the corresponding terms χ(t1)χ(t2)...χ(tq) of the sum allhave the same value. Thus, we have

(−1)((p−1)/2)((q−1)/2)p(q−1)/2 ≡ χ(q)mod q.

Since p(q−1)/2 ≡(pq

)mod q and χ(q) =

(qp

), we have

(−1)((p−1)/2)((q−1)/2)

(p

q

)≡(q

p

)mod q,

which gives

(−1)((p−1)/2)((q−1)/2)

(p

q

)=(q

p

).

�

6. Law of Cubic Reciprocity

Set D = Z[ω]. Let π be a complex prime with N(π) = p ≡ 1 mod 3 for somerational prime p. Since D/πD is a finite field with N(π) = p elements, we haveD/πD ∼= Fp and we may identify the two fields. This identification allows us toconsider the cubic residue character mod π, χπ, as a cubic character on Fp. Thus,we may work with the Gauss sums ga(χπ) and the Jacobi sum J(χπ, χπ).

If χ is any cubic character on Fp, we have proved g(χ)3 = pJ(χ, χ) and J(χ, χ) =a + bω for some a, b ∈ Z with a ≡ −1 mod 3 and b ≡ 0 mod 3, which, since wehave J(χ, χ)J(χ, χ) = |J(χ, χ)|2 = p, implies that J(χ, χ) is a primary prime in Dof norm p.

To prove the law of cubic reciprocity, we need the following lemma. Let p be arational prime, and π be a primary prime with N(π) = p ≡ 1 mod 3. Then we have

Lemma 6.1. J(χπ, χπ) = π.

Proof. Let J(χπ, χπ) = π′, where π′ is a primary prime in D of norm p. Sinceππ = p = π′π′, we have π | π′ or π | π′. Since all the primes involved are primary,we must have π = π′ or π = π′. By the definition of Jacobi sums, we have

J(χπ, χπ) =∑x∈Fp

χπ(x)χπ(1− x) ≡∑x∈Fp

x(p−1)/3(1− x)(p−1)/3modπ.

RINGS OF INTEGERS, GAUSS-JACOBI SUMS, AND THEIR APPLICATIONS 29

Now, Proposition 2.9 implies

∑x∈Fp

x(p−1)/3(1−x)(p−1)/3 =(p−1)/3∑k=0

(−1)k(

(p− 1)/3k

)(p−1∑x=1

x((p−1)/3)+k

)≡ 0mod p.

Thus, we have J(χπ, χπ) ≡ 0 mod π, i.e. π | π′, so π = π′. �

Corollary 6.2. g(χπ)3 = pπ.

Proof. g(χπ)3 = pJ(χπ, χπ) = pπ. �

We are now ready to prove the law of cubic reciprocity.

Theorem 6.3. Let π1, π2 ∈ D be primary primes with N(π1), N(π2) 6= 3 andN(π1) 6= N(π2). Then we have χπ1(π2) = χπ2(π1).

Proof. We have shown that if q1 6= q2 are two rational primes congruent to 2 mod3, then q1 and q2 are prime elements in D and we have χq1(q2) = χq2(q1) (Corollary3.30). We shall now consider the case in which we have π1 = q ≡ 2 mod 3 andπ2 = π with N(π) = p ≡ 1 mod 3, where p and q are rational primes.

Since g(χπ)3 = pπ, we have g(χπ)q2−1 = (pπ)(q

2−1)/3 ≡ χq(pπ) mod q. Sinceχq(p) = 1 (Corollary 3.30), we have

g(χπ)q2≡ χq(π)g(χπ)mod q.

On the other hand, we have

g(χπ)q2

=

(∑t

χπ(t)ζt)q2≡∑t

χπ(t)q2ζq

2t =∑t

χπ(t)ζq2t = gq2(χπ)mod q,

where we have used q2 ≡ 1 mod 3 and the fact that χπ is a cubic character. ByProposition 4.4, we have gq2(χπ) = χπ(q−2)g(χπ) = χπ(q)g(χπ). Combining theseresults, we have

χπ(q)g(χπ) ≡ χq(π)g(χπ)mod q.

Multiplying both sides of the congruence equation by g(χπ), we have

χπ(q)p ≡ χq(π)pmod q,

where we have used g(χπ)g(χπ) = p. Thus, we have

χπ(q) ≡ χq(π)mod q,

which impliesχπ(q) = χq(π).

It remains to consider the case in which we have two complex primes π1 andπ2 with N(π1) = p1 ≡ 1 mod 3 and N(π2) = p2 ≡ 1 mod 3, where p1 and p2 arerational primes. Let γ1 = π1 and γ2 = π2. Then γ1 and γ2 are primary primes,and we have p1 = π1γ1 and p2 = π2γ2.

Since g(χγ1)3 = p1γ1, we have g(χγ1)p2−1 = (p1γ1)(p2−1)/3, and consequently,

g(χγ1)p2−1 ≡ χπ2(p1γ1)modπ2,

or equivalently,g(χγ1)p2 ≡ χπ2(p1γ1)g(χγ1)modπ2,

30 CHAOFAN CHEN

On the other hand, we have

g(χγ1)p2 =

(∑t

χγ1(t)ζt)p2≡∑t

χγ1(t)p2ζp2t =∑t

χγ1(t)ζp2t = gp2(χγ1)modπ2,

where we have used p2 ≡ 1 mod 3 and the fact that χγ1 is a cubic character. ByProposition 4.4, we have gp2(χγ1) = χγ1(p−1

2 )g(χγ1) = χγ1(p22)g(χγ1). Combining

these results, we have

χγ1(p22)g(χγ1) ≡ χπ2(p1γ1)g(χγ1)modπ2.

Multiplying both sides of the congruence equation by g(χγ1), we have

χγ1(p22)p1 ≡ χπ2(p1γ1)p1modπ2,

where we have used g(χγ1)g(χγ1) = p1. Thus, we have

χγ1(p22) ≡ χπ2(p1γ1)modπ2,

which impliesχγ1(p2

2) = χπ2(p1γ1).The same reasoning, beginning with g(χπ2)3 = p2π2, and then raising both sides ofthe equation to the power (p1 − 1)/3 and taking congruences mod π1, shows

χπ2(p21) = χπ1(p2π2).

We also need the relation χγ1(p22) = χπ1(p2

2) = χπ1(p22) = χπ1(p2

2)2 = χπ1(p2),which follows from Proposition 3.29(e), (f). Since we have

χπ1(π2)χπ2(p1γ1) = χπ1(π2)χγ1(p22)

= χπ1(π2)χπ1(p2)

= χπ1(p2π2)

= χπ2(p21)

= χπ2(p1π1γ1)

= χπ2(π1)χπ2(p1γ1)

and χπ2(p1γ1) 6= 0, we have the desired result. �

7. Conclusion

As we can see, the concepts of algebraic integers and of Gauss and Jacobi sumsare extremely powerful; indeed, they can be used to solve a wide range of problemsin number theory.

Acknowledgments. It is a pleasure to thank my mentor, Daniel Le, for his guid-ance and support.

References

[1] K. Ireland and M. Rosen. A Classical Introduction to Modern Number Theory. Second Edition.Springer-Verlag New York, Inc. 1972. 1982. 1990.

[2] D. Dummit and R. Foote. Abstract Algebra. Third Edition. John Wiley and Sons, Inc. 2004.

[3] S. Rankin. A finite subgroup of the multiplicative group of a field is cyclic.

http://www.math.uwo.ca/~srankin/courses/4123/2011/finite_subgroup_field_cyclic.pdf.