In number theory, Zolotarev's lemma states that the Legendre symbol for an integer amodulo an odd prime numberp, where p does not divide a, can be computed as the sign of a permutation: where ε denotes the signature of a permutation and πa is the permutation of the nonzero residue classes mod p induced by multiplication by a. For example, take a = 2 and p = 7. The nonzero squares mod 7 are 1, 2, and 4, so = 1 and = −1. Multiplication by 2 on the nonzero numbers mod 7 has the cycle decomposition, so the sign of this permutation is 1, which is. Multiplication by 6 on the nonzero numbers mod 7 has cycle decomposition, whose sign is −1, which is.
Proof
In general, for any finite groupG of order n, it is straightforward to determine the signature of the permutation πg made by left-multiplication by the element g of G. The permutation πg will be even, unless there are an odd number of orbits of even size. Assuming n even, therefore, the condition for πg to be an odd permutation, when g has order k, is that n/k should be odd, or that the subgroup <g> generated by g should have odd index. We will apply this to the group of nonzero numbers mod p, which is a cyclic group of order p − 1. The jth power of a primitive root modulo p will by index calculus have index the greatest common divisor The condition for a nonzero number mod p to be a quadratic non-residue is to be an odd power of a primitive root. The lemma therefore comes down to saying that i is odd when j is odd, which is true a fortiori, and j is odd when i is odd, which is true because p − 1 is even.
Zolotarev's lemma can be deduced easily from Gauss's lemma and vice versa. The example i.e. the Legendre symbol with a = 3 and p = 11, will illustrate how the proof goes. Start with the set arranged as a matrix of two rows such that the sum of the two elements in any column is zero mod p, say: Apply the permutation : The columns still have the property that the sum of two elements in one column is zero mod p. Now apply a permutation V which swaps any pairs in which the upper member was originally a lower member: Finally, apply a permutation W which gets back the original matrix: We have W−1 = VU. Zolotarev's lemma says = 1 if and only if the permutation U is even. Gauss's lemma says = 1 iff V is even. But W is even, so the two lemmas are equivalent for the given a and p.
This interpretation of the Legendre symbol as the sign of a permutation can be extended to the Jacobi symbol where a and n are relatively prime odd integers with n > 0: a is invertible mod n, so multiplication by a on Z/nZ is a permutation and a generalization of Zolotarev's lemma is that the Jacobi symbol above is the sign of this permutation. For example, multiplication by 2 on Z/21Z has cycle decomposition, so the sign of this permutation is = −1 and the Jacobi symbol is −1. When n = p is an odd prime and a is not divisible by p, multiplication by a fixes 0 mod p, so the sign of multiplication by a on all numbers mod p and on the units mod p have the same sign. But for composite n that is not the case, as we see in the example above.
