Scribd
Upload
186 views

Modular Square Roots

The document describes the Shanks-Tonelli algorithm for finding square roots modulo a prime number p. [1] It works by iteratively updating an initial guess for the square root and a "fudge factor" until the fudge factor is congruent to 1 modulo p, indicating the correct square root has been found. [2] The algorithm is guaranteed to terminate because with each update, the exponent m in the order of the fudge factor decreases. [3] An example demonstrates running the algorithm to find the square root of 2 modulo 113.

Uploaded by

CorniciucOana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
186 views

Modular Square Roots

The document describes the Shanks-Tonelli algorithm for finding square roots modulo a prime number p. [1] It works by iteratively updating an initial guess for the square root and a "fudge factor" until the fudge factor is congruent to 1 modulo p, indicating the correct square root has been found. [2] The algorithm is guaranteed to terminate because with each update, the exponent m in the order of the fudge factor decreases. [3] An example demonstrates running the algorithm to find the square root of 2 modulo 113.

Uploaded by

CorniciucOana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

MODULAR SQUARE ROOTS

• Square Roots mod m: For x, a, m integers and m > 0, x is


a square root of a mod m provided x2 ≡ a mod m.

• Dan Shanks’ observation about square roots mod p:

♠ p an odd prime ⇒ p − 1 = s · 2e with s odd and e > 0.

♠ x = a(s+1)/2 ⇒ x2 ≡ as+1 ≡ as · a (mod p)

♠ a(s+1)/2 is almost the square root of a (mod p)

♠ as ≡ 1 (mod p) ⇒ a(s+1)/2 is the square root of a (mod p)


(two–thirds of the time, even!)

♠ as (mod p) is a 2e th root of unity (mod p)

♠ as (mod p) is a fudge factor which can be updated.

• The Shanks–Tonelli algorithm: It updates both the initial


guess x and the fudge factor as until the f.f. ≡ 1 (mod p).
THE SHANKS–TONELLI ALGORITHM

1. BEGIN with an integer a and a prime p > 2, relatively prime


to a. Calculate a(p−1)/2 (mod p). Now a(p−1)/2 ≡ 1 or −1 (mod p).

2. IF a(p−1)/2 ≡ −1 (mod p), then a has no square root (mod p).


Say so, and EXIT quietly.

3. IF a(p−1)/2 ≡ 1 (mod p), then we’re in business. Write p − 1 =


s · 2e with s odd and e positive.

4. FIND a number n such that n(p−1)/2 ≡ 1 (mod p)—that is, a


nonsquare (mod p).

5. INITIALIZE these variables (all congruences are mod p):

x ≡ a(s+1)/2 (first guess at the square root)


b ≡ as (first guess at the fudge factor)
g ≡ ns (powers of g will update both x and b)
r = e (exponent will decrease with each update of the algorithm).
Note that x2 ≡ ba (mod p).
Now: WHILE m > 0
m
6. FIND the least integer m such that 0 ≤ m ≤ r −1 and b2 ≡ 1
(mod p). That is, find m such that ordp (b) = 2m .

7. IF m = 0, we’re done. RETURN the value of x and EXIT


triumphantly.

8. IF m > 0, UPDATE the variables:


r−m−1
replace x by x · g 2
r−m
replace b by b · g 2
r−m
replace g by g 2
replace r by m.
end WHILE
WHY DOES IT TERMINATE?

m−1
♥ Old value of b satisfies b2 6≡ 1 (mod p), but . . .

m−1
♠ . . . new value of b satisfies b2 ≡ 1 (mod p), so:

♥ The value of m decreases with each update.

m−1
♥ Reason: for old b, m minimal ⇒ b2 ≡ −1 (mod p)

r−1
♥ Also, g 2 ≡ −1 (mod p)

r−m 2m−1 m−1 r−1


♥ Hence, b · g 2 ≡ b2 g2 ≡ 1 (mod p)

r−m
♥ But b · g 2 is the new value of b (see ♠)

♥ So, the new value of m is less than the old value of m.


AN EXAMPLE
THE SQUARE ROOT OF 2 MOD 113

SET UP: a = 2, p = 113, p − 1 = 7 · 24 , e = 4, s = 7, (p − 1)/2 =


56, (s + 1)/2 = 4
BEGIN: 256 ≡ 1 (mod 113); we’re in business.
FIND n: 356 ≡ −1 (mod 113), so n = 3.
INITIALIZE: x = a(s+1)/2 = 24 ≡ 16 (mod 113); b = as = 27 ≡
15 (mod 113);
g = ns = 37 ≡ 40 (mod 113);
r = e = 4.
FIND ordp (b) = 2m : b2 = 225 ≡ −1, b4 ≡ 1 (mod 113). Hence
2
b2 ≡ 1 (mod 113), and so m = 2.
m 6= 0, so UPDATE:
r−m−1 4−2−1
x = xg 2 = 16 · 402 = 16 · 1600 ≡ 16 · 18 ≡ 62 (mod 113);
r−m
b = bg 2 = 15 · 404 ≡ 15 · (−15) ≡ 1 (mod 113);
r−m
g = g2 ≡ −15 (mod 113);
r = m = 2.
Since b = 1, ordp (b) = 1 = 20 ; hence m = 0 and we’re done:
RETURN the current value of x, namely 62. Sure enough, 622 =
3844 = 2 + 34 · 113 ≡ 2 (mod 113), and so 62 is a square root of 2
mod 113.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy