Fermat's theorem on sums of two squares explained

In additive number theory, Fermat's theorem on sums of two squares states that an odd prime p can be expressed as:

p=x2+y2,

with x and y integers, if and only if

p\equiv1\pmod{4}.

The prime numbers for which this is true are called Pythagorean primes.For example, the primes 5, 13, 17, 29, 37 and 41 are all congruent to 1 modulo 4, and they can be expressed as sums of two squares in the following ways:

5=12+22,13=22+32,17=12+42,29=22+52,37=12+62,41=42+52.

On the other hand, the primes 3, 7, 11, 19, 23 and 31 are all congruent to 3 modulo 4, and none of them can be expressed as the sum of two squares. This is the easier part of the theorem, and follows immediately from the observation that all squares are congruent to 0 (if number squared is even) or 1 (if number squared is odd) modulo 4.

Since the Diophantus identity implies that the product of two integers each of which can be written as the sum of two squares is itself expressible as the sum of two squares, by applying Fermat's theorem to the prime factorization of any positive integer n, we see that if all the prime factors of n congruent to 3 modulo 4 occur to an even exponent, then n is expressible as a sum of two squares. The converse also holds.[1] This generalization of Fermat's theorem is known as the sum of two squares theorem.

History

Albert Girard was the first to make the observation, characterizing the positive integers (not necessarily primes) that are expressible as the sum of two squares of positive integers; this was published in 1625.[2] [3] The statement that every prime p of the form 4n+1 is the sum of two squares is sometimes called Girard's theorem.[4] For his part, Fermat wrote an elaborate version of the statement (in which he also gave the number of possible expressions of the powers of p as a sum of two squares) in a letter to Marin Mersenne dated December 25, 1640: for this reason this version of the theorem is sometimes called Fermat's Christmas theorem.

Gaussian primes

Fermat's theorem on sums of two squares is strongly related with the theory of Gaussian primes.

a+ib

such that and are integers. The norm

N(a+ib)=a2+b2

of a Gaussian integer is an integer equal to the square of the absolute value of the Gaussian integer. The norm of a product of Gaussian integers is the product of their norms. This is the Diophantus identity, which results immediately from the similar property of the absolute value.

Gaussian integers form a principal ideal domain. This implies that Gaussian primes can be defined similarly as primes numbers, that is as those Gaussian integers that are not the product of two non-units (here the units are and).

The multiplicative property of the norm implies that a prime number is either a Gaussian prime or the norm of a Gaussian prime. Fermat's theorem asserts that the first case occurs when

p=4k+3,

and that the second case occurs when

p=4k+1

and

p=2.

The last case is not considered in Fermat's statement, but is trivial, as

2=12+12=N(1+i).

Related results

The above point of view on Fermat's theorem is a special case of the theory of factorization of ideals in rings of quadratic integers. In summary, if

lO\sqrt{d}

is the ring of algebraic integers in the quadratic field, then an odd prime number, not dividing, is either a prime element in

lO\sqrt{d},

or the ideal norm of an ideal of

lO\sqrt{d},

which is necessarily prime. Moreover, the law of quadratic reciprocity allows distinguishing the two cases in terms of congruences. If

lO\sqrt{d}

is a principal ideal domain, then is an ideal norm if and only

4p=a2-db2,

with and both integers.

In a letter to Blaise Pascal dated September 25, 1654 Fermat announced the following two results that are essentially the special cases

d=-2

and

d=-3.

If is an odd prime, then

p=x2+2y2\iffp\equiv1orp\equiv3\pmod{8},

p=x2+3y2\iffp\equiv1\pmod{3}.

Fermat wrote also:

If two primes which end in 3 or 7 and surpass by 3 a multiple of 4 are multiplied, then their product will be composed of a square and the quintuple of another square.In other words, if are of the form or, then . Euler later extended this to the conjecture that

p=x2+5y2\iffp\equiv1orp\equiv9\pmod{20},

2p=x2+5y2\iffp\equiv3orp\equiv7\pmod{20}.

Both Fermat's assertion and Euler's conjecture were established by Joseph-Louis Lagrange. This more complicated formulation relies on the fact that

lO\sqrt{-5}

is not a principal ideal domain, unlike

lO\sqrt{-2}

and

lO\sqrt{-3}.

Algorithm

There is a trivial algorithm for decomposing a prime of the form

p=4k+1

into a sum of two squares: For all such

1\len<\sqrtp

, test whether the square root of

p-n2

is an integer. If this is the case, one has got the decomposition.

However the input size of the algorithm is

logp,

the number of digits of (up to a constant factor that depends on the numeral base). The number of needed tests is of the order of

\sqrtp=\exp\left(

logp
2\right),
and thus exponential in the input size. So the computational complexity of this algorithm is exponential.

A Las Vegas algorithm with a probabilistically polynomial complexity has been described byStan Wagon in 1990, based on work by Serret and Hermite (1848), and Cornacchia (1908).[5] The probabilistic part consists in finding a quadratic non-residue, which can be done with success probability

1
2
and then iterated if not successful. Conditionally this can also be done in deterministic polynomial time if the generalized Riemann hypothesis holds as explained for the Tonelli–Shanks algorithm.

Description

Given an odd prime

p

in the form

4k+1

, first find

x

such that

x2\equiv-1\pmod{p}

.This can be done by finding a quadratic non-residue modulo

p

, say

q

, and letting
p-1
4
x=q

\pmod{p}

.

Such an

x

will satisfy the condition since quadratic non-residues satisfy
p-1
2
q

\equiv-1\pmod{p}

.

Once

x

is determined, one can apply the Euclidean algorithm with

p

and

x

. Denote the first two remainders that are less than the square root of

p

as

a

and

b

. Then it will be the case that

a2+b2=p

.

Example

Take

p=97

. A possible quadratic non-residue for 97 is 13, since
97-1
2
13

\equiv-1\pmod{97}

. so we let
97-1
4
x=13

=22\pmod{97}

.The Euclidean algorithm applied to 97 and 22 yields:97 = 22(4) + 9, 22 = 9(2) + 4,9 = 4(2) + 1,4 = 1(4).The first two remainders smaller than the square root of 97 are 9 and 4; and indeed we have

97=92+42

, as expected.

Proofs

Fermat usually did not write down proofs of his claims, and he did not provide a proof of this statement. The first proof was found by Euler after much effort and is based on infinite descent. He announced it in two letters to Goldbach, on May 6, 1747 and on April 12, 1749; he published the detailed proof in two articles (between 1752 and 1755).[6] [7] Lagrange gave a proof in 1775 that was based on his study of quadratic forms. This proof was simplified by Gauss in his Disquisitiones Arithmeticae (art. 182). Dedekind gave at least two proofs based on the arithmetic of the Gaussian integers. There is an elegant proof using Minkowski's theorem about convex sets. Simplifying an earlier short proof due to Heath-Brown (who was inspired by Liouville's idea), Zagier presented a non-constructive one-sentence proof in 1990.[8] And more recently Christopher gave a partition-theoretic proof.[9]

Euler's proof by infinite descent

Euler succeeded in proving Fermat's theorem on sums of two squares in 1749, when he was forty-two years old. He communicated this in a letter to Goldbach dated 12 April 1749.[10] The proof relies on infinite descent, and is only briefly sketched in the letter. The full proof consists in five steps and is published in two papers. The first four steps are Propositions 1 to 4 of the first paper[11] and do not correspond exactly to the four steps below. The fifth step below is from the second paper.[12] [13]

For the avoidance of ambiguity, zero will always be a valid possible constituent of "sums of two squares", so for example every square of an integer is trivially expressible as the sum of two squares by setting one of them to be zero.

1. The product of two numbers, each of which is a sum of two squares, is itself a sum of two squares.

This is a well-known property, based on the identity

(a2+b2)(p2+q2)=(ap+bq)2+(aq-bp)2

due to Diophantus.

2. If a number which is a sum of two squares is divisible by a prime which is a sum of two squares, then the quotient is a sum of two squares.(This is Euler's first Proposition).

Indeed, suppose for example that

a2+b2

is divisible by

p2+q2

and that this latter is a prime. Then

p2+q2

divides

(pb-aq)(pb+aq)=p2b2-a2q2=p2(a2+b2)-a2(p2+q2).

Since

p2+q2

is a prime, it divides one of the two factors. Suppose that it divides

pb-aq

. Since

(a2+b2)(p2+q2)=(ap+bq)2+(aq-bp)2

(Diophantus's identity) it follows that

p2+q2

must divide

(ap+bq)2

. So the equation can be divided by the square of

p2+q2

. Dividing the expression by

(p2+q2)2

yields:
a2+b2
p2+q2

=\left(

ap+bq
p2+q2

\right)2+\left(

aq-bp
p2+q2

\right)2

and thus expresses the quotient as a sum of two squares, as claimed.

On the other hand if

p2+q2

divides

pb+aq

, a similar argument holds by using the following variant of Diophantus's identity:

(a2+b2)(q2+p2)=(aq+bp)2+(ap-bq)2.

3. If a number which can be written as a sum of two squares is divisible by a number which is not a sum of two squares, then the quotient has a factor which is not a sum of two squares. (This is Euler's second Proposition).

Suppose

q

is a number not expressible as a sum of two squares, which divides

a2+b2

. Write the quotient, factored into its (possibly repeated) prime factors, as

p1p2 … pn

so that

a2+b2=qp1p2 … pn

. If all factors

pi

can be written as sums of two squares, then we can divide

a2+b2

successively by

p1

,

p2

, etc., and applying step (2.) above we deduce that each successive, smaller, quotient is a sum of two squares. If we get all the way down to

q

then

q

itself would have to be equal to the sum of two squares, which is a contradiction. So at least one of the primes

pi

is not the sum of two squares.

4. If

a

and

b

are relatively prime positive integers then every factor of

a2+b2

is a sum of two squares.(This is the step that uses step (3.) to produce an 'infinite descent' and was Euler's Proposition 4. The proof sketched below also includes the proof of his Proposition 3).

Let

a,b

be relatively prime positive integers: without loss of generality

a2+b2

is not itself prime, otherwise there is nothing to prove. Let

q

therefore be a proper factor of

a2+b2

, not necessarily prime: we wish to show that

q

is a sum of two squares. Again, we lose nothing by assuming

q>2

since the case

q=2=12+12

is obvious.

Let

m,n

be non-negative integers such that

mq,nq

are the closest multiples of

q

(in absolute value) to

a,b

respectively. Notice that the differences

c=a-mq

and

d=b-nq

are integers of absolute value strictly less than

q/2

: indeed, when

q>2

is even, gcd

(a,q/2)=1

; otherwise since gcd

(a,q/2)\midq/2\midq\mida2+b2

, we would also have gcd

(a,q/2)\midb

.

Multiplying out we obtain

a2+b2=m2q2+2mqc+c2+n2q2+2nqd+d2=Aq+(c2+d2)

uniquely defining a non-negative integer

A

. Since

q

divides both ends of this equation sequence it follows that

c2+d2

must also be divisible by

q

: say

c2+d2=qr

. Let

g

be the gcd of

c

and

d

which by the co-primeness of

a,b

is relatively prime to

q

. Thus

g2

divides

r

, so writing

e=c/g

,

f=d/g

and

s=r/g2

, we obtain the expression

e2+f2=qs

for relatively prime

e

and

f

, and with

s<q/2

, since

qs=e2+f2\leqc2+d2<\left(

q
2

\right)2+\left(

q
2

\right)2=q2/2.

Now finally, the descent step: if

q

is not the sum of two squares, then by step (3.) there must be a factor

q1

say of

s

which is not the sum of two squares. But

q1\leqs<q/2<q

and so repeating these steps (initially with

e,f;q1

in place of

a,b;q

, and so on ad infinitum) we shall be able to find a strictly decreasing infinite sequence

q,q1,q2,\ldots

of positive integers which are not themselves the sums of two squares but which divide into a sum of two relatively prime squares. Since such an infinite descent is impossible, we conclude that

q

must be expressible as a sum of two squares, as claimed.

5. Every prime of the form

4n+1

is a sum of two squares.(This is the main result of Euler's second paper).

If

p=4n+1

, then by Fermat's Little Theorem each of the numbers

1,24n,34n,...,(4n)4n

is congruent to one modulo

p

. The differences

24n-1,34n-24n,...,(4n)4n-(4n-1)4n

are therefore all divisible by

p

. Each of these differences can be factored as

a4n-b4n=\left(a2n+b2n\right)\left(a2n-b2n\right).

Since

p

is prime, it must divide one of the two factors. If in any of the

4n-1

cases it divides the first factor, then by the previous step we conclude that

p

is itself a sum of two squares (since

a

and

b

differ by

1

, they are relatively prime). So it is enough to show that

p

cannot always divide the second factor. If it divides all

4n-1

differences

22n-1,32n-22n,...,(4n)2n-(4n-1)2n

, then it would divide all

4n-2

differences of successive terms, all

4n-3

differences of the differences, and so forth. Since the

k

th differences of the sequence

1k,2k,3k,...

are all equal to

k!

(Finite difference), the

2n

th differences would all be constant and equal to

(2n)!

, which is certainly not divisible by

p

. Therefore,

p

cannot divide all the second factors which proves that

p

is indeed the sum of two squares.

Lagrange's proof through quadratic forms

Lagrange completed a proof in 1775[14] based on his general theory of integral quadratic forms. The following presentation incorporates a slight simplification of his argument, due to Gauss, which appears in article 182 of the Disquisitiones Arithmeticae.

An (integral binary) quadratic form is an expression of the form

ax2+bxy+cy2

with

a,b,c

integers. A number

n

is said to be represented by the form if there exist integers

x,y

such that

n=ax2+bxy+cy2

. Fermat's theorem on sums of two squares is then equivalent to the statement that a prime

p

is represented by the form

x2+y2

(i.e.,

a=c=1

,

b=0

) exactly when

p

is congruent to

1

modulo

4

.

The discriminant of the quadratic form is defined to be

b2-4ac

. The discriminant of

x2+y2

is then equal to

-4

.

Two forms

ax2+bxy+cy2

and

a'x'2+b'x'y'+c'y'2

are equivalent if and only if there exist substitutions with integer coefficients

x=\alphax'+\betay'

y=\gammax'+\deltay'

with

\alpha\delta-\beta\gamma=\pm1

such that, when substituted into the first form, yield the second. Equivalent forms are readily seen to have the same discriminant, and hence also the same parity for the middle coefficient

b

, which coincides with the parity of the discriminant. Moreover, it is clear that equivalent forms will represent exactly the same integers, because these kind of substitutions can be reversed by substitutions of the same kind.

Lagrange proved that all positive definite forms of discriminant −4 are equivalent. Thus, to prove Fermat's theorem it is enough to find any positive definite form of discriminant −4 that represents

p

. For example, one can use a form

px2+2mxy+\left(

m2+1
p

\right)y2,

where the first coefficient a = 

p

was chosen so that the form represents

p

by setting x = 1, and y = 0, the coefficient b = 2m is an arbitrary even number (as it must be, to get an even discriminant), and finally
c=m2+1
p

is chosen so that the discriminant

b2-4ac=4m2-4pc

is equal to −4, which guarantees that the form is indeed equivalent to

x2+y2

. Of course, the coefficient
c=m2+1
p

must be an integer, so the problem is reduced to finding some integer m such that

p

divides

m2+1

: or in other words, a 'square root of -1 modulo

p

'
.

We claim such a square root of

-1

is given by

K=

p-1
2
\prod
k=1

k

. Firstly it follows from Euclid's Fundamental Theorem of Arithmetic that

ab\equiv0\pmodp\iffa\equiv0\pmodp  \hbox{or}  b\equiv0\pmodp

. Consequently,

a2\equiv1\pmodp\iffa\equiv\pm1\pmodp

: that is,

\pm1

are their own inverses modulo

p

and this property is unique to them. It then follows from the validity of Euclidean division in the integers, and the fact that

p

is prime, that for every

2\leqa\leqp-2

the gcd of

a

and

p

may be expressed via the Euclidean algorithm yielding a unique and distinct inverse

a-1a

of

a

modulo

p

. In particular therefore the product of all non-zero residues modulo

p

is

-1

. Let

L=

p-1
\prod
l=p+1
2

l

: from what has just been observed,

KL\equiv-1\pmodp

. But by definition, since each term in

K

may be paired with its negative in

L

,

L=

p-1
2
(-1)

K

, which since

p

is odd shows that

K2\equiv-1\pmodp\iffp\equiv1\pmod4

, as required.

Dedekind's two proofs using Gaussian integers

Richard Dedekind gave at least two proofs of Fermat's theorem on sums of two squares, both using the arithmetical properties of the Gaussian integers, which are numbers of the form, where a and b are integers, and i is the square root of −1. One appears in section 27 of his exposition of ideals published in 1877; the second appeared in Supplement XI to Peter Gustav Lejeune Dirichlet's Vorlesungen über Zahlentheorie, and was published in 1894.

1. First proof. If is an odd prime number, then we have

ip-1=

p-1
2
(-1)
in the Gaussian integers. Consequently, writing a Gaussian integer with and applying the Frobenius automorphism in Z[''i'']/(p), one finds

\omegap=(x+yi)p\equivxp+ypip\equivx+

p-1
2
(-1)

yi\pmod{p},

since the automorphism fixes the elements of Z/(p). In the current case,

p=4n+1

for some integer n, and so in the above expression for ωp, the exponent of -1 is even. Hence the right hand side equals ω, so in this case the Frobenius endomorphism of Z[''i'']/(p) is the identity.

(p)

in Z[''i''] would be a product of 2/f distinct prime ideals. (In fact, Kummer had established a much more general result for any extension of Z obtained by adjoining a primitive m-th root of unity, where m was any positive integer; this is the case of that result.) Therefore, the ideal (p) is the product of two different prime ideals in Z[''i'']. Since the Gaussian integers are a Euclidean domain for the norm function

N(x+iy)=x2+y2

, every ideal is principal and generated by a nonzero element of the ideal of minimal norm. Since the norm is multiplicative, the norm of a generator

\alpha

of one of the ideal factors of (p) must be a strict divisor of

N(p)=p2

, so that we must have

p=N(\alpha)=N(a+bi)=a2+b2

, which gives Fermat's theorem.

2. Second proof. This proof builds on Lagrange's result that if

p=4n+1

is a prime number, then there must be an integer m such that

m2+1

is divisible by p (we can also see this by Euler's criterion); it also uses the fact that the Gaussian integers are a unique factorization domain (because they are a Euclidean domain). Since does not divide either of the Gaussian integers

m+i

and

m-i

(as it does not divide their imaginary parts), but it does divide their product

m2+1

, it follows that cannot be a prime element in the Gaussian integers. We must therefore have a nontrivial factorization of p in the Gaussian integers, which in view of the norm can have only two factors (since the norm is multiplicative, and

p2=N(p)

, there can only be up to two factors of p), so it must be of the form

p=(x+yi)(x-yi)

for some integers and . This immediately yields that

p=x2+y2

.

Proof by Minkowski's Theorem

For

p

congruent to

1

mod

4

a prime,

-1

is a quadratic residue mod

p

by Euler's criterion. Therefore, there exists an integer

m

such that

p

divides

m2+1

. Let

\hat{i},\hat{j}

be the standard basis elements for the vector space

R2

and set

\vec{u}=\hat{i}+m\hat{j}

and

\vec{v}=0\hat{i}+p\hat{j}

. Consider the lattice

S=\{a\vec{u}+b\vec{v}\mida,b\inZ\}

. If

\vec{w}=a\vec{u}+b\vec{v}=a\hat{i}+(am+bp)\hat{j}\inS

then

\|\vec{w}\|2\equiva2+(am+bp)2\equiva2(1+m2)\equiv0\pmod{p}

. Thus

p

divides

\|\vec{w}\|2

for any

\vec{w}\inS

.

The area of the fundamental parallelogram of the lattice is

p

. The area of the open disk,

D

, of radius

\sqrt{2p}

centered around the origin is

2\pip>4p

. Furthermore,

D

is convex and symmetrical about the origin. Therefore, by Minkowski's theorem there exists a nonzero vector

\vec{w}\inS

such that

\vec{w}\inD

. Both

\|\vec{w}\|2<2p

and

p\mid\|\vec{w}\|2

so

p=\|\vec{w}\|2

. Hence

p

is the sum of the squares of the components of

\vec{w}

.

Zagier's "one-sentence proof"

Let

p=4k+1

be prime, let

N

denote the natural numbers (with or without zero), and consider the finite set

S=\{(x,y,z)\inN3:x2+4yz=p\}

of triples of numbers.Then

S

has two involutions: an obvious one

(x,y,z)\mapsto(x,z,y)

whose fixed points

(x,y,y)

correspond to representations of

p

as a sum of two squares, and a more complicated one,

(x,y,z)\mapsto \begin{cases} (x+2z,~z,~y-x-z),rm{if}x<y-z\\ (2y-x,~y,~x-y+z),rm{if}y-z<x<2y\\ (x-2y,~x-y+z,~y),rm{if}x>2y \end{cases}

which has exactly one fixed point

(1,1,k)

. This proves that the cardinality of

S

is odd. Hence,

S

has also a fixed point with respect to the obvious involution.

This proof, due to Zagier, is a simplification of an earlier proof by Heath-Brown, which in turn was inspired by a proof of Liouville. The technique of the proof is a combinatorial analogue of the topological principle that the Euler characteristics of a topological space with an involution and of its fixed-point set have the same parity and is reminiscent of the use of sign-reversing involutions in the proofs of combinatorial bijections.

This proof is equivalent to a geometric or "visual" proof using "windmill" figures, given by Alexander Spivak in 2006 and described in this MathOverflow post by Moritz Firsching and this YouTube video by Mathologer.

Proof with partition theory

In 2016, A. David Christopher gave a partition-theoretic proof by considering partitions of the odd prime

n

having exactly two sizes

ai(i=1,2)

, each occurring exactly

ai

times, and by showing that at least one such partition exists if

n

is congruent to 1 modulo 4.[15]

See also

References

External links

Notes and References

  1. For a proof of the converse see for instance 20.1, Theorems 367 and 368, in: G.H. Hardy and E.M. Wright. An introduction to the theory of numbers, Oxford 1938.
  2. [Simon Stevin]
  3. L. E. Dickson, History of the Theory of Numbers, Vol. II, Ch. VI, p. 227. "A. Girard ... had already made a determination of the numbers expressible as a sum of two integral squares: every square, every prime 4n+1, a product formed of such numbers, and the double of the foregoing"
  4. L. E. Dickson, History of the Theory of Numbers, Vol. II, Ch. VI, p. 228.
  5. .
  6. De numeris qui sunt aggregata duorum quadratorum. (Novi commentarii academiae scientiarum Petropolitanae 4 (1752/3), 1758, 3-40)
  7. Demonstratio theorematis FERMATIANI omnem numerum primum formae 4n+1 esse summam duorum quadratorum. (Novi commentarii academiae scientiarum Petropolitanae 5 (1754/5), 1760, 3-13)
  8. .
  9. A. David Christopher. "A partition-theoretic proof of Fermat's Two Squares Theorem", Discrete Mathematics 339:4:1410–1411 (6 April 2016)
  10. http://www.math.dartmouth.edu/~euler/correspondence/letters/OO0852.pdf Euler à Goldbach, lettre CXXV
  11. De numeris qui sunt aggregata duorum quadratorum. (Novi commentarii academiae scientiarum Petropolitanae 4 (1752/3), 1758, 3-40) http://www.math.dartmouth.edu/~euler/docs/originals/E228.pdf
  12. Demonstratio theorematis FERMATIANI omnem numerum primum formae 4n+1 esse summam duorum quadratorum. (Novi commentarii academiae scientiarum Petropolitanae 5 (1754/5), 1760, 3-13) http://www.math.dartmouth.edu/~euler/docs/originals/E241.pdf
  13. The summary is based on Edwards book, pages 45-48.
  14. Nouv. Mém. Acad. Berlin, année 1771, 125; ibid. année 1773, 275; ibid année 1775, 351.
  15. A. David Christopher, A partition-theoretic proof of Fermat's Two Squares Theorem", Discrete Mathematics, 339 (2016) 1410–1411.