I came across this problem and I believe Lagrange's theorem is the key to its solution. The question is:
Let $p$ be an odd prime. Prove that there is some integer $x$ such that $x^2 \equiv −1 \pmod p$ if and only if $p \equiv 1 \pmod 4$.
I appreciate any help. Thanks.
On
If such an element exists it would have order $4$, so by Lagrange's theorem $4|p-1$ and thus $p\equiv 1\mod 4$.
If $p\equiv 1\mod 4$ we can use Wilson's theorem to explicitly write down an element that squares to $-1$: $$ -1\equiv(p-1)!\equiv 1\cdot\ldots\cdot \frac{p-1}{2}\frac{p+1}{2}\cdot\ldots\cdot(p-1)\equiv\left(\left(\frac{p-1}{2}\right)!\right)^2\cdot(-1)^{\frac{p-1}{2}}\equiv\left(\left(\frac{p-1}{2}\right)!\right)^2 $$
On
There is a slightly more general version of this result: if a finite field has an odd number $q$ of elements, then the equation $x^2+1=0$ has a solution in the field if and only if $q\equiv1\pmod4$. In your case you can of course take $\mathbb Z/p\mathbb Z$ as finite field, in which case $q=p$.
Here's a simple proof. Group all nonzero elements of your field in packets $\{a,-a,a^{-1},-a^{-1}\}$. It is easy to see that if one would have generated the packet from any of its three elements other than $a$, it would still give the same packet. In other words one has partitioned the $q-1$ nonzero elements into packets. Not all packets have four distinct elements though: while it cannot happen that $a=-a$ (since $q$ is odd), it can happen either that $a=a^{-1}$ or that $a=-a^{-1}$; in both cases the packet has two elements instead of four.
Now $a=a^{-1}$ happens if and only if $a^2=1$, and since $a^2-1=(a-1)(a+1)$, this occurs precisely for $a=1$ and $a=-1$, giving one packet of this type, regardless of the field. For the other type $a=-a^{-1}$, this happens if and only if $a^2=-1$. That need not occur at all, but if it does, there are precisely two solutions to this quadratic equation, which then together define a single packet of this second type. Now since all remaining packets are of size $4$, and all packet sizes add up to $q-1$, one easily sees that a packet of the second type exists if and only if $q-1$ is a multiple of $4$.
On
An alternative to the other (perfectly good) proofs already suggested is the following. We use that the group $\mathbb{Z}_p^*$ of units of the ring $\mathbb{Z}_p$ is cyclic of order $p-1$, and consider its generator $a$. Then as $(a^{\frac{p-1}{2}})^2=1$, and $\mathbb{Z}_p$ is an integral domain, either $a^{\frac{p-1}{2}}=1$ or $a^{\frac{p-1}{2}}=-1$, and we must be in the second case since $a$ has order $p-1$.
Now $-1\in\mathbb{Z}_p^*$ is a square if and only if it is an even power of $a$, so substituting $4n+1$ and $4n+3$ for $p$ in the above tells you that this only happens if $p=4n+1$.
On
$-1 \equiv x^2 \pmod p$ implies that $(-1)^{\varphi(p)/2} = 1$. This result follows from Euler's criterion that for any $\alpha \in Z_p^*$, if $\alpha \in (Z_p^*)^2$, then $\alpha^{\varphi(p)/2} = 1$ and if $\alpha \notin (Z_p^*)^2$, then $\alpha^{\varphi(p)/2} = -1$.
So for $Z_p^*$, we have $\varphi(p) = p-1$. Hence $\varphi(p)/2 = (p-1)/2$.
If $p \equiv 1\ (mod\ 4)$, then $(p-1)/2$ is even and if $p \equiv 3\ (mod\ 4)$ then $(p-1)/2$ is odd.
So if $p \equiv 1\ (mod\ 4)$, then $(-1)^{(p-1)/2} = 1 \implies -1 \in (Z_p^*)^2$.
Hint: When $p$ is prime: $-1 \equiv (p-1)!\pmod p$ and when $p\equiv 1\pmod 4$, $(p-1)!\equiv\left[\left(\frac{p-1}{2}\right)!\right]^2\pmod p$
Alternatively, you can use the fact that a polynomial of degree $n$ has at most $n$ roots, modulo $p$, and that $x^{p-1}-1 = \left(x^{\frac{p-1}2}-1\right)\left(x^{\frac{p-1}2}+1\right)$ is known to have $p-1$ roots, modulo $p$, so $x^{\frac{p-1}2}+1$ must have a root, $r$, and then $r^{\frac{p-1}4}$ has the property that $r^2\equiv -1\pmod p$