ELECTRONICS >> Intel Microprocessors (Spanish only)

by Michael Barr
The theorem of the title has been known for centuries, perhaps longer, but I believe that Lagrange gave the first proof. When I was a student, I saw a very different (and, in my opinion, harder) proof from the one given here. I don't know who discovered this proof, but I saw it in Alan Baker's little book on number theory.
There is yet another proof that proves and uses unique factorization in the noncommutative ring of quaternionic integers. Warning: the quaternionic integers include (1+i+j+k)/2 and in fact is the ring of all polynomials in that number.
All proofs that I have seen use the identity
which implies that the product of two numbers, each of which is a sum
of four squares, is also a sum of four squares. Although this identity
can be verified directly it is worth pointing out that by taking
For later use, we also mention what might be called the complex product identity:
We give here a proof that has the added advantage not only of being constructive, but actually quite easily implemented as an algorithm. It is not deterministic in the sense that there are trials, but it is arranged so that each trial has at least a 50% chance of success. I assume that the reader is familiar with modular arithmetic, although I may add an introduction to that in the future. If a and n are numbers, we say that the remainder r when a is divided by n is the residue of a mod n (residue was the old word for what we now call remainder, but the old usage has hung on in number theory). Clearly, a = r (mod p) and r is the smallest nonnegative number with that property. Closely related is the absolutely least residue defined as whichever of r and rn is smaller in absolute value. If n happens to be even and r=n/2, then r=rn and you can take either one, but in order for the phrase to have an unambiguous meaning, we will take r.
So we wish to show that every odd prime is a sum of four squares. Actually, we give two separate arguments, the first that every prime congruent to 1 mod 4 is a sum of two squares and then that every prime congruent to 3 mod 4 is a sum of four squares.
We begin by showing that if p is a prime and p = 1 (mod 4), then
there is a number a such that a^{2} = 1 (mod p). We say that
Next we note that for any a not divisible by p, if we
let b=a^{(p1)/2}, then b^{2} = 1 (mod p). This means that
p divides
Can a^{(p1)/2}=1 for all a? No, it cannot. I will not give all
the details here, but the underlying reason is that arithmetic mod a
prime is really like ordinary arithmetic in nearly all respects. In
particular, the usual argument that a polynomial of degree d has at
most d distinct roots is valid. If f(x) is a polynomial, then
f(a) = 0 (mod p) if and only if xa divides f(x), with division taking
place mod p. This is not true for nonprimes, by the way. For
example, x^{2}1 = (x1)(x+1) has four distinct roots mod 8 because 2 can divide one of the factors and 4 can divide the other. Getting back to the main argument, the
polynomial x^{(p1)/2}1 can have at most (p1)/2 roots as can the
other factor of
If a^{(p1)/2} = 1 (mod p) and we let b=a^{(p1)/4}, then b^{2} = 1 (mod p), as desired.
So the first step of the process is to find a square root of 1 mod p. We have shown, in fact, that exactly half of the numbers 1, ..., p1 have the desired property. I do not know a deterministic process for finding such a number, but they appear to be distributed randomly so you can just try numbers at random until you find one and each trial has a 50% chance of success. It is not hard to show that the smallest solution must be a prime so that you can just try primes 2, 3, 5, 7, 11,... until you succeed. Even if you are trying 1000 digit numbers it is unlikely that you will not find a solution before the 2000th prime, so for computational purposes, it is probably worth keeping a list of the first 2000 or so primes.
Actually, you can do better than that if a higher power of 2 divides p1. If 2^{k} divides p1 and we let m=(p1)/2^{k}, then as soon as a^{m} 1 (mod p), it follows that one among the numbers a, a^{2}, a^{4} will be a square root of 1 mod p. The probability of a number chosen at random satisfying a^{m} = 1 (mod p) is only 1 in 2^{k1}.
Now a^{2}+1^{2} is a multiple of p, say a^{2}+1^{2}=kp. Since a <= p1, we see that a^{2}+1 < p^{2} so that k < p. What we will now describe is a procedure that continues to produce solutions of a^{2}+b^{2}=kp, but with smaller values of k until k=1 and we are through. Assuming we have such a pair a and b, let a' and b' be the absolutely least residues a mod k and b mod k, respectively. This means that a' and b' are integers in the range (k/2,k/2]. It follows that a'^{2}+b'^{2} <= (k/2)^{2}+(k/2)^{2} = k^{2}/2. Also, a'^{2}+b'^{2} = a^{2}+b^{2} = 0 (mod k) since a = a' (mod k) and b = b' (mod k).
Thus a'^{2}+b'^{2}=mk with m < k. Multiplying, we find that (a^{2}+b^{2})(a'^{2}+b'^{2}) = mk^{2}p. Now we have the identity,
(a^{2}+b^{2})(a'^{2}+b'^{2}) = (aa'+bb')^{2}+(ab'ba')^{2} (*)
Since aa'+bb' = a^{2}+b^{2} = 0 (mod k) and ab'ba' = abba = 0 (mod k) it follows that both terms on the right hand side of (*) are divisible by k and so
((aa'+bb')/k)^{2} + ((ab'ba')/k)^{2} = mp
and m < k. It can be shown that the number of reduction steps is bounded above by log_{2} p.
In this case, we begin by finding numbers a and b such that a^{2}+b^{2}+1 = 0 (mod p). This is the same as b^{2}=1a^{2} (mod p). So we can look at 14, 19, ..., until one of them has a square root mod p. I don't know if there is a theorem on the subject, but empirically it seems that for each value of a there is about a 50% chance that 1a^{2} is a quadratic residue. It is not hard to prove that there is at least one solution to y^{2}=1x^{2} (mod p). To see this, first observe that the squares 0^{2}, 1^{2}, ..., ((p1)/2)^{2} have all distinct residues mod p since a^{2} = b^{2} (mod p) implies that p divides (a^{2}b^{2})=(a+b)(ab) and hence that a = b (mod p) or a = b (mod p), which is impossible for two distinct numbers in the range [0,(p1)/2]. Thus those squares have (p+1)/2 distinct residues. For similar reasons, the numbers 10^{2}, 11^{2}, ..., 1((p1)/2)^{2} have (p+1)/2 distinct residues. Since there are at most p, the two sets of residues overlap and there is at least one solution to x^{2}+y^{2}+1 = 0 (mod p). This proves that there is at least one solution, but if there were only one, finding it would be like looking for a very small needle in a very large haystack (assuming p is very large). In fact, trials convince me that 1x^{2} is congruent to a square about half the time and there are very many solutions. In fact, it can be shown that 2=11^{2} is a quadratic residue whenever p = 3 (mod 8), which already covers half the cases of primes that are congruent to 3 mod 4. Similar criteria exist for 5=12^{2}, 10=13^{2}, etc. So it looks as if you can simply try successively 2, 5, 10, ... until you find one that works. (Incidentally, 1 can never be a quadratic residue for these primes, a very easy exercise.)
For our purposes, however, it is not enough to find x, you also need y. Fortunately, there is for primes that are congruent to 3 mod 4, there is a very simple way of constructing a square root of any number that is a quadratic residue. There is, to my knowledge, no correspondingly easy way of doing this for primes congruent to 1 mod 4. Consider a number a, not divisible by p. Suppose that a = b^{2} (mod p). Then
a^{(p+1)/2} = b^{p+1} = b^{2}b^{p1} = b^{2} = a (mod p)
from which we see that (a^{(p+1)/4})^{2} = a (mod p) and hence a^{(p+1)/4} is a square root of a mod p if it has one. (Otherwise it is a square root of a, as a matter of interest.)
One we have found x and y so that x^{2}+y^{2}+1 = 0 (mod p), we can replace them by absolutely least residues and suppose that x < (p1)/2 and y < (p1)/2 from which one sees that x^{2}+y^{2}+1 < p^{2}/2. Thus we get initial values of a,b,c,d for which a^{2}+b^{2}+c^{2}+d^{2} = kp with k < p.
We will show how, if k > 1, to find a new solution with a smaller value of k. The argument is similar to, but harder than, the previous case of two squares. We consider the case of k odd and even separately, for reasons we make clear. Suppose k is odd. In that case, let a', b',c', and d' be the absolutely least residues of a, b, c, and d mod k. Then each of a', b', c' and d' is <= (k1)/2 so that
a'^{2}+b'^{2}+c'^{2}+d'^{2} <= (k1)^{2}
while
a'^{2}+b'^{2}+c'^{2}+d'^{2} = a^{2}+b^{2}+c^{2}+d^{2} = 0 (mod k)
Hence a'^{2}+b'^{2}+c'^{2}+d'^{2} = mk with m < k. Now we have that
mk^{2}p = (a^{2}+b^{2}+c^{2}+d^{2}) (a'^{2}+b'^{2}+c'^{2}+d'^{2}) = (aa'+bb'+cc'+dd')^{2} + (ab'ba'+dc'cd')^{2} + (ac'ca'+bd'db')^{2} + (ad'a'd+cb'bc')^{2} and, in a way similar to the first case, each term is divisible by k, from which we conclude that
mp = ((aa'+bb'+cc'+dd')/k)^{2} + ((ab'ba'+dc'cd')/k))^{2} + ((ac'ca'+bd'db')/k)^{2} + ((ad'a'd+cb'bc')/k)^{2}
which completes the construction.
When k is even, this argument fails specifically in the case that a'=b'=c'=d'=k/2 since then a'^{2}+b'^{2}+c'^{2}+d'^{2} = k^{2}. Although we could give a proof that works just in that case, it is just as easy and computationally better to give an argument that halves k even. We observe that a^{2}+b^{2}+c^{2}+d^{2} = kp is even so that none or two or all four of a, b, c and d are even. In any case we can arrange them so that a±b and c±d are even and then
((a+b)/2)^{2} + ((ab)/2)^{2} + ((c+d)/2)^{2} + ((cd)/2)^{2} = (k/2)p
which completes the proof.
Reproduced here with permission of the author.
Click here to open an applet that finds the decomposition of positive integer numbers as a sum of up to four squares using this method.
by Dario Alejandro Alpern
The methods shown above work only when the complete prime factorization of the number is known. If this is not the case a modification is required.
Since it is much easier to test whether a number is prime than factoring it, the following method suggests itself:
If the number does not have the form 4^{r} (8k+7) it can be expressed as a sum of three squares. In this case subtract a square to the original number such that the difference is a prime of the form 4k+1. Then, using the method explained above we find the decomposition of the prime in a sum of two perfect squares. If the number cannot be expressed as a sum of three squares subtract two squares.
Unluckily this simple method does not work: when a number is multiple of 4, we cannot find a difference of the form 4k+1 by subtracting one or two squares. Also, when the number has the form 8k+3 it can be expressed as a sum of three squares, but subtracting a square we cannot obtain a number of the form 4k+1. It is not difficult to change the idea so it works.
The method can be stated as follows:
It is not necessary to use a certifiedprime test in the loop used in the method. This is because we are satisfied if we find a number q such that q^{2} = 1 (mod (4k+1)). This number q is used in the algorithm that computes the sum of two squares.
A disadvantage of this method is that a number that is a product of big primes of the form 4k+1 will be expressed as a sum of three squares instead of two.
Click here to open an applet that finds the decomposition of positive integer numbers as a sum of up to four squares using this method.
Last updated February 19th, 2003.