Is there an efficient way to compute the square root of modulo prime?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite
1












Is there a reasonably simple way to find the square root of $a$ modulo $p$ where $p$ is an odd prime?
If the odd prime is small number it seems you can do this by brute force. HOwever if we want to solve something like x^2=2 mod 103 (whose solution is 38 and 65 mod 103) is pretty cumbersome because we have a non-linear Diophantine equation x^2=2+101y. Is there an efficient and quick method to solve something of this kind? If I try primitive roots then the first primitive root is 5 not 2 so that does not help.




elementary-number-theory




share|cite|improve this question

















  • 1




    Please see here on MO.
    – TheSimpliFire
    Jul 15 at 11:22






  • 1




    Do you know how to do this if p is 3 mod 4? In that case it's very easy: just raise a to the (p+1)/4 modulo p. (Of course this only works if a has a square root mod p.) The above link seems to be showing that it's always efficient, but it is definitely more complicated in the case that p is 1 mod 4.
    – CJD
    Jul 15 at 11:47











  • @cjd, fyi. What if you try tovtwke the square root of a residue $r bmod p$ that isn't a quadratic residue? With $pequiv 3bmod 4$ the $r^(p+1)/4$ formula gives instead a square root of $-r$.
    – Oscar Lanzi
    Jul 15 at 12:33











  • Tonelli–Shanks algorithm
    – Count Iblis
    Jul 15 at 14:36







  • 1




    The easy case $p equiv 3 bmod 4$ has been discussed in previous Questions, but there is perhaps room on Math.SE for a comprehensive Answer for $p equiv 1 bmod 4$ (not just the link to the Wikipedia article, as there are competing algorithms).
    – hardmath
    Jul 15 at 19:20














up vote
2
down vote

favorite
1












Is there a reasonably simple way to find the square root of $a$ modulo $p$ where $p$ is an odd prime?
If the odd prime is small number it seems you can do this by brute force. HOwever if we want to solve something like x^2=2 mod 103 (whose solution is 38 and 65 mod 103) is pretty cumbersome because we have a non-linear Diophantine equation x^2=2+101y. Is there an efficient and quick method to solve something of this kind? If I try primitive roots then the first primitive root is 5 not 2 so that does not help.




elementary-number-theory




share|cite|improve this question

















  • 1




    Please see here on MO.
    – TheSimpliFire
    Jul 15 at 11:22






  • 1




    Do you know how to do this if p is 3 mod 4? In that case it's very easy: just raise a to the (p+1)/4 modulo p. (Of course this only works if a has a square root mod p.) The above link seems to be showing that it's always efficient, but it is definitely more complicated in the case that p is 1 mod 4.
    – CJD
    Jul 15 at 11:47











  • @cjd, fyi. What if you try tovtwke the square root of a residue $r bmod p$ that isn't a quadratic residue? With $pequiv 3bmod 4$ the $r^(p+1)/4$ formula gives instead a square root of $-r$.
    – Oscar Lanzi
    Jul 15 at 12:33











  • Tonelli–Shanks algorithm
    – Count Iblis
    Jul 15 at 14:36







  • 1




    The easy case $p equiv 3 bmod 4$ has been discussed in previous Questions, but there is perhaps room on Math.SE for a comprehensive Answer for $p equiv 1 bmod 4$ (not just the link to the Wikipedia article, as there are competing algorithms).
    – hardmath
    Jul 15 at 19:20












up vote
2
down vote

favorite
1









up vote
2
down vote

favorite
1






1





Is there a reasonably simple way to find the square root of $a$ modulo $p$ where $p$ is an odd prime?
If the odd prime is small number it seems you can do this by brute force. HOwever if we want to solve something like x^2=2 mod 103 (whose solution is 38 and 65 mod 103) is pretty cumbersome because we have a non-linear Diophantine equation x^2=2+101y. Is there an efficient and quick method to solve something of this kind? If I try primitive roots then the first primitive root is 5 not 2 so that does not help.




elementary-number-theory




share|cite|improve this question













Is there a reasonably simple way to find the square root of $a$ modulo $p$ where $p$ is an odd prime?
If the odd prime is small number it seems you can do this by brute force. HOwever if we want to solve something like x^2=2 mod 103 (whose solution is 38 and 65 mod 103) is pretty cumbersome because we have a non-linear Diophantine equation x^2=2+101y. Is there an efficient and quick method to solve something of this kind? If I try primitive roots then the first primitive root is 5 not 2 so that does not help.





elementary-number-theory





share|cite|improve this question












share|cite|improve this question




share|cite|improve this question








edited Jul 15 at 18:46
























asked Jul 15 at 11:07









matqkks

1,09511631




1,09511631







  • 1




    Please see here on MO.
    – TheSimpliFire
    Jul 15 at 11:22






  • 1




    Do you know how to do this if p is 3 mod 4? In that case it's very easy: just raise a to the (p+1)/4 modulo p. (Of course this only works if a has a square root mod p.) The above link seems to be showing that it's always efficient, but it is definitely more complicated in the case that p is 1 mod 4.
    – CJD
    Jul 15 at 11:47











  • @cjd, fyi. What if you try tovtwke the square root of a residue $r bmod p$ that isn't a quadratic residue? With $pequiv 3bmod 4$ the $r^(p+1)/4$ formula gives instead a square root of $-r$.
    – Oscar Lanzi
    Jul 15 at 12:33











  • Tonelli–Shanks algorithm
    – Count Iblis
    Jul 15 at 14:36







  • 1




    The easy case $p equiv 3 bmod 4$ has been discussed in previous Questions, but there is perhaps room on Math.SE for a comprehensive Answer for $p equiv 1 bmod 4$ (not just the link to the Wikipedia article, as there are competing algorithms).
    – hardmath
    Jul 15 at 19:20












  • 1




    Please see here on MO.
    – TheSimpliFire
    Jul 15 at 11:22






  • 1




    Do you know how to do this if p is 3 mod 4? In that case it's very easy: just raise a to the (p+1)/4 modulo p. (Of course this only works if a has a square root mod p.) The above link seems to be showing that it's always efficient, but it is definitely more complicated in the case that p is 1 mod 4.
    – CJD
    Jul 15 at 11:47











  • @cjd, fyi. What if you try tovtwke the square root of a residue $r bmod p$ that isn't a quadratic residue? With $pequiv 3bmod 4$ the $r^(p+1)/4$ formula gives instead a square root of $-r$.
    – Oscar Lanzi
    Jul 15 at 12:33











  • Tonelli–Shanks algorithm
    – Count Iblis
    Jul 15 at 14:36







  • 1




    The easy case $p equiv 3 bmod 4$ has been discussed in previous Questions, but there is perhaps room on Math.SE for a comprehensive Answer for $p equiv 1 bmod 4$ (not just the link to the Wikipedia article, as there are competing algorithms).
    – hardmath
    Jul 15 at 19:20







1




1




Please see here on MO.
– TheSimpliFire
Jul 15 at 11:22




Please see here on MO.
– TheSimpliFire
Jul 15 at 11:22




1




1




Do you know how to do this if p is 3 mod 4? In that case it's very easy: just raise a to the (p+1)/4 modulo p. (Of course this only works if a has a square root mod p.) The above link seems to be showing that it's always efficient, but it is definitely more complicated in the case that p is 1 mod 4.
– CJD
Jul 15 at 11:47





Do you know how to do this if p is 3 mod 4? In that case it's very easy: just raise a to the (p+1)/4 modulo p. (Of course this only works if a has a square root mod p.) The above link seems to be showing that it's always efficient, but it is definitely more complicated in the case that p is 1 mod 4.
– CJD
Jul 15 at 11:47













@cjd, fyi. What if you try tovtwke the square root of a residue $r bmod p$ that isn't a quadratic residue? With $pequiv 3bmod 4$ the $r^(p+1)/4$ formula gives instead a square root of $-r$.
– Oscar Lanzi
Jul 15 at 12:33





@cjd, fyi. What if you try tovtwke the square root of a residue $r bmod p$ that isn't a quadratic residue? With $pequiv 3bmod 4$ the $r^(p+1)/4$ formula gives instead a square root of $-r$.
– Oscar Lanzi
Jul 15 at 12:33













Tonelli–Shanks algorithm
– Count Iblis
Jul 15 at 14:36





Tonelli–Shanks algorithm
– Count Iblis
Jul 15 at 14:36





1




1




The easy case $p equiv 3 bmod 4$ has been discussed in previous Questions, but there is perhaps room on Math.SE for a comprehensive Answer for $p equiv 1 bmod 4$ (not just the link to the Wikipedia article, as there are competing algorithms).
– hardmath
Jul 15 at 19:20




The easy case $p equiv 3 bmod 4$ has been discussed in previous Questions, but there is perhaps room on Math.SE for a comprehensive Answer for $p equiv 1 bmod 4$ (not just the link to the Wikipedia article, as there are competing algorithms).
– hardmath
Jul 15 at 19:20










2 Answers
2






active

oldest

votes

















up vote
3
down vote













Partial answer:



If $p=4n-1$, then let $b = a^fracp+14$. Then $b^2=a^fracp+12=a^fracp-12aequiv a$ because of Euler's criterion.






share|cite|improve this answer




























    up vote
    1
    down vote













    Let $p$ be an odd prime and we can say whether an integer $a$, $ane0(mboxmod)p,$ has a square root mod $p$ or not by
    $$mboxa is begincasesmboxa quadratic residue if $a^fracp-12equiv 1(mboxmod p)$ \mboxa quadratic nonresidue if $a^fracp-12equiv -1(mboxmod p)$endcases$$






    share|cite|improve this answer



















    • 2




      That doesn't compute the square root.
      – Lord Shark the Unknown
      Jul 15 at 11:55










    Your Answer




    StackExchange.ifUsing("editor", function ()
    return StackExchange.using("mathjaxEditing", function ()
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
    );
    );
    , "mathjax-editing");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "69"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f2852403%2fis-there-an-efficient-way-to-compute-the-square-root-of-modulo-prime%23new-answer', 'question_page');

    );

    Post as a guest

















    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    3
    down vote













    Partial answer:



    If $p=4n-1$, then let $b = a^fracp+14$. Then $b^2=a^fracp+12=a^fracp-12aequiv a$ because of Euler's criterion.






    share|cite|improve this answer

























      up vote
      3
      down vote













      Partial answer:



      If $p=4n-1$, then let $b = a^fracp+14$. Then $b^2=a^fracp+12=a^fracp-12aequiv a$ because of Euler's criterion.






      share|cite|improve this answer























        up vote
        3
        down vote










        up vote
        3
        down vote









        Partial answer:



        If $p=4n-1$, then let $b = a^fracp+14$. Then $b^2=a^fracp+12=a^fracp-12aequiv a$ because of Euler's criterion.






        share|cite|improve this answer













        Partial answer:



        If $p=4n-1$, then let $b = a^fracp+14$. Then $b^2=a^fracp+12=a^fracp-12aequiv a$ because of Euler's criterion.







        share|cite|improve this answer













        share|cite|improve this answer



        share|cite|improve this answer











        answered Jul 15 at 12:09









        lhf

        156k9160367




        156k9160367




















            up vote
            1
            down vote













            Let $p$ be an odd prime and we can say whether an integer $a$, $ane0(mboxmod)p,$ has a square root mod $p$ or not by
            $$mboxa is begincasesmboxa quadratic residue if $a^fracp-12equiv 1(mboxmod p)$ \mboxa quadratic nonresidue if $a^fracp-12equiv -1(mboxmod p)$endcases$$






            share|cite|improve this answer



















            • 2




              That doesn't compute the square root.
              – Lord Shark the Unknown
              Jul 15 at 11:55














            up vote
            1
            down vote













            Let $p$ be an odd prime and we can say whether an integer $a$, $ane0(mboxmod)p,$ has a square root mod $p$ or not by
            $$mboxa is begincasesmboxa quadratic residue if $a^fracp-12equiv 1(mboxmod p)$ \mboxa quadratic nonresidue if $a^fracp-12equiv -1(mboxmod p)$endcases$$






            share|cite|improve this answer



















            • 2




              That doesn't compute the square root.
              – Lord Shark the Unknown
              Jul 15 at 11:55












            up vote
            1
            down vote










            up vote
            1
            down vote









            Let $p$ be an odd prime and we can say whether an integer $a$, $ane0(mboxmod)p,$ has a square root mod $p$ or not by
            $$mboxa is begincasesmboxa quadratic residue if $a^fracp-12equiv 1(mboxmod p)$ \mboxa quadratic nonresidue if $a^fracp-12equiv -1(mboxmod p)$endcases$$






            share|cite|improve this answer















            Let $p$ be an odd prime and we can say whether an integer $a$, $ane0(mboxmod)p,$ has a square root mod $p$ or not by
            $$mboxa is begincasesmboxa quadratic residue if $a^fracp-12equiv 1(mboxmod p)$ \mboxa quadratic nonresidue if $a^fracp-12equiv -1(mboxmod p)$endcases$$







            share|cite|improve this answer















            share|cite|improve this answer



            share|cite|improve this answer








            edited Jul 15 at 12:02


























            answered Jul 15 at 11:48









            Key Flex

            4,406525




            4,406525







            • 2




              That doesn't compute the square root.
              – Lord Shark the Unknown
              Jul 15 at 11:55












            • 2




              That doesn't compute the square root.
              – Lord Shark the Unknown
              Jul 15 at 11:55







            2




            2




            That doesn't compute the square root.
            – Lord Shark the Unknown
            Jul 15 at 11:55




            That doesn't compute the square root.
            – Lord Shark the Unknown
            Jul 15 at 11:55












             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f2852403%2fis-there-an-efficient-way-to-compute-the-square-root-of-modulo-prime%23new-answer', 'question_page');

            );

            Post as a guest
































































            Comments

            Post a Comment

            Popular posts from this blog

            What is the equation of a 3D cone with generalised tilt?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite What is the equation of a 3D cone with generalized tilt? I've noticed that in most equations given to represent a cone, there is no parameter which defines the tilt of the cone in 3D space and that most of them have their point at the origin $(0,0,0)$ - I was wondering if anyone could give me a more generalized cone equation for a cone in any position in 3D space 3d share | cite | improve this question edited Jul 25 '16 at 0:05 ervx 9,425 3 13 36 asked Jul 24 '16 at 15:38 Charlene 11 2 2 Welcome to Math.SE! Could you please explain a few things to help people give an answer useful to you: 1. What do you mean by "generalized tilt"? 2. Are you asking about a right circular cone? Does the angle at the vertex matter? 3. What form of answer (implicit, parametric...?) are you looking for? 4. If this is homework, what tools do you have available, an...
            Read more

            Color the edges and diagonals of a regular polygon

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 5 down vote favorite 1 Here is the problem: For what $n$ is it possible to color the edges and diagonals of an $n$-side regular polygon with $dfracbinomn23$ colors, such that you use every color exactly three times and for every color the three segments (edges or diagonals) with that color form a triangle? Trivially $nequiv 0 text or 1 pmod3$. I can also prove that if the statement is true for $k$ than it is true for $3k$ as well. How to finish? Please help! Thanks combinatorial-geometry share | cite | improve this question edited Aug 6 at 21:57 alcana 118 4 asked Aug 6 at 21:15 Leo Gardner 356 11 Even assuming "polyhpn" in the title is a typo for polygon , it is unclear what you mean by "the edges and sides". Aren't the side of a regular polygon the same as the edges? A regular $n$-sided polygon has $n$ edges. – hardmath Aug 6 at 21:20 3 $n$ ne...
            Read more

            Relationship between determinant of matrix and determinant of adjoint?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite We are studying adjoints in class, and I was curious if there is a relationship between the determinant of matrix A, and the determinant of the adjoint of matrix A? I assume there would be a relationship because finding the adjoint requires creating a cofactor matrix and then transposing it. linear-algebra determinant adjoint-operators share | cite | improve this question asked Nov 17 '17 at 17:32 CluelessCoder 32 5 For a square matrix $A$ of order $n$, we have $A(operatornameadj A)=(operatornameadj A)A=|A|I_n$ where $I_n$ is the identity matrix of order $n$. This should tell you about the determinant of the adjoint in terms of that of $A$ (use multiplicative property and other elementary properties of determinants). – Prasun Biswas Nov 17 '17 at 17:35 1 @CluelessCoder: see here: math.stackexchange.com/questions/516127/…...
            Read more