Difference between revisions of "Modular square root"

Latest revision as of 10:38, 6 February 2019

A modular square root $r$ of an integer number $a$ modulo an integer $m$ greater than 1 is an integer such that:

r^{2} \equiv a (\mod m)

In this article we will consider the case when the modulus is prime. Otherwise we can compute the square roots modulo the prime factors of $m$ and then generate a solution using the Chinese Remainder Theorem.

When the argument is congruent to zero, there is only one modular square root, namely zero. Otherwise, the number of square roots can be two or zero depending on whether the argument is a quadratic residue modulo $m$ or not. The sum of both square roots is congruent to zero.

In order to compute the square root, we will consider different cases, depending on the modulus. When this modulus is odd, we assume that the quantity $a^{(m - 1) / 2} mod m$ equals 1 (otherwise there is no square root if $a ≢ 0 (\mod m)$ ).

Set $e$ and an odd $q$ such that $m = 2^{e} q + 1$ .
Choose $x$ at random in the range $1 < x < m$ and set $z \leftarrow x^{q} mod m$ . If $z^{2^{e - 1}} \equiv 1 (\mod m)$ , repeat this step. (This generates a quadratic non-residue of $m$ .)
Set $y \leftarrow z$ , $r \leftarrow e$ , $x \leftarrow a^{(q - 1) / 2} mod m$ , $v \leftarrow a x mod m$ , $w \leftarrow v x mod m$ .
If $w = 1$ , the computation ends with $\pm v$ as the square root.
Find the smallest value of $k$ such that $w^{2^{k}} \equiv 1 (\mod m)$ .
Set $d \leftarrow y^{2^{r - k - 1}} mod m$ , $y \leftarrow d^{2} mod m$ , $r \leftarrow k$ , $v \leftarrow d v mod m$ , $w \leftarrow w y mod m$ .
Go to step 4.

Example 1

Find the square root of 58 modulo 101.

First of all we check that the modulus 101 is prime. Then we find that it is congruent to 5 mod 8.

Now we compute $58^{(101 - 1) / 2} mod 101 = 1$ so there are two square roots to be computed.

$v = (2 * 58)^{(101 - 5) / 8} mod 101 = 15^{12} mod 101 = 88$

$i = 2 * 58 * 88^{2} mod 101 = 10$

Notice that $i * i \equiv - 1 (\mod 101)$

$r = 58 * 88 * (10 - 1) mod 101 = 82$

So the modular square roots are 82 and its negative 19, which can be easily verified: $82 * 82 \equiv 58 (\mod 101)$ , $19 * 19 \equiv 58 (\mod 101)$ .

Example 2

Find the square root of 111 modulo 113.

First of all we check that the modulus 113 is prime. Then we find that it is congruent to 1 mod 8.

Now we compute $111^{(113 - 1) / 2} mod 113 = 1$ so there are two square roots to be computed.

Step 1: $e = 4$ , $q = 7$ .
Step 2: $x = 2$ , $z = 2^{7} mod 113 = 15$ , $z^{2^{3}} mod 113 = 1$ , so we have to repeat step 2.
Step 2: $x = 3$ , $z = 3^{7} mod 113 = 40$ , $z^{2^{3}} mod 113 = 112$ .
Step 3: $y = 40$ , $r = 4$ , $x = 111^{(7 - 1) / 2} mod 113 = 105$ , $v = 111 * 105 mod 113 = 16$ , $w = 16 * 105 mod 113 = 98$ .
Step 4: $w$ is not equal to 1 so the computation continues.
Step 5: $k = 2$
Step 6: $d = 40^{2^{4 - 2 - 1}} mod 113 = 18$ , $y = 18^{2} mod 113 = 98$ , $r = 2$ , $v = 18 * 16 mod 113 = 62$ , $w = 98 * 98 mod 113 = 112$ .
Step 4: $w$ is not equal to 1 so the computation continues.
Step 5: $k = 1$
Step 6: $d = 98^{2^{2 - 1 - 1}} mod 113 = 98$ , $y = 98^{2} mod 113 = 112$ , $r = 1$ , $v = 98 * 62 mod 113 = 87$ , $w = 112 * 112 mod 113 = 1$ .
Step 4: $w = 1$ , so the square root is $\pm v = \pm 87$ .

So the modular square roots are 87 and its negative 26, which can be easily verified: $87 * 87 \equiv 111 (\mod 113)$ , $26 * 26 \equiv 111 (\mod 113)$ .

@@ Line 1: / Line 1: @@
 A '''modular square root''' <math>r</math> of an [[integer]] number <math>a</math> modulo an integer <math>m</math> greater than 1 is an integer such that:
-:<math>r^2 \equiv a\,\pmod m</math>
+:<math>r^2 \equiv a\ \pmod m</math>
-In this article we will consider the case when the modulus is [[prime number|prime]]. Otherwise we can compute the square roots modulo the prime factors of <math>m</math> and then generate a solution using the Chinese Remainder Theorem.
+In this article we will consider the case when the modulus is [[prime]]. Otherwise we can compute the square roots modulo the prime factors of <math>m</math> and then generate a solution using the Chinese Remainder Theorem.
 When the argument is congruent to zero, there is only one modular square root, namely zero. Otherwise, the number of square roots can be two or zero depending on whether the argument is a [[quadratic residue]] modulo <math>m</math> or not. The sum of both square roots is congruent to zero.
-In order to compute the square root, we will consider different cases, depending on the modulus. When this modulus is odd, we assume that the quantity <math>a^{(m-1)/2} \bmod m</math> equals 1 (otherwise there is no square root if <math>a \not\equiv 0\,\pmod m</math>).
+In order to compute the square root, we will consider different cases, depending on the modulus. When this modulus is odd, we assume that the quantity <math>a^{(m-1)/2} \bmod m</math> equals 1 (otherwise there is no square root if <math>a \not\equiv 0\ \pmod m</math>).
 ===Modulus equal to 2===
@@ Line 12: / Line 12: @@
 ===Modulus congruent to 3 modulo 4===
-:<math>r\equiv \pm a^{(m+1)/4}\,\pmod m</math>
+:<math>r\equiv \pm a^{(m+1)/4}\ \pmod m</math>
 ===Modulus congruent to 5 modulo 8===
 First compute the square root of -1 (<math>i</math>) as follows:
-:<math>v\equiv (2a)^{(p-5)/8}\,\pmod m</math>
+:<math>v\equiv (2a)^{(p-5)/8}\ \pmod m</math>
-:<math>i\equiv 2av^2\,\pmod m</math>
+:<math>i\equiv 2av^2\ \pmod m</math>
 Then compute the square root as follows:
-:<math>r\equiv \pm av(i-1)\,\pmod m</math>
+:<math>r\equiv \pm av(i-1)\ \pmod m</math>
 ===Modulus congruent to 1 modulo 8===

Difference between revisions of "Modular square root"

Latest revision as of 10:38, 6 February 2019

Contents

Modulus equal to 2

Modulus congruent to 3 modulo 4

Modulus congruent to 5 modulo 8

Modulus congruent to 1 modulo 8

Example 1

Example 2

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Prime (direct)

Prime Wiki

Tools