## Square Roots Modulo p

Citations: | 1 - 0 self |

### BibTeX

@MISC{Tornaría_squareroots,

author = {Gonzalo Tornaría},

title = {Square Roots Modulo p},

year = {}

}

### OpenURL

### Abstract

The algorithm of Tonelli and Shanks for computing square roots modulo a prime number is the most used, and probably the fastest among the known algorithms when averaged over all prime numbers. However, for some particular prime numbers, there are other algorithms which are considerably faster. In this paper we compare the algorithm of Tonelli and Shanks with an algorithm based in quadratic field extensions due to Cipolla, and give an explicit condition on a prime number to decide which algorithm is faster. Finally, we show that there exists an infinite sequence of prime numbers for which the algorithm of Tonelli and Shanks is asymptotically worse.

### Citations

46 | Zero-free regions for Dirichlet L-functions and the least prime in an arithmetic progression
- Heath-Brown
- 1992
(Show Context)
Citation Context ...stants C0, L. Applying this to pi we get pi < C02 (ei+1)L . (3) Taking base 2 logarithms, we conclude that ni < eiL + C. ⊓⊔ Remark. The best known unconditional value for L is 11/2, due to HeathBrown =-=[4]-=-. Assuming the Generalized Riemann Hypothesis, one can use L = 2+ɛ for arbitrary ɛ > 0 [1, 4]. In the case in hand, where the modulus are all powers of two, there may be even stronger results. For exa... |

40 |
Five number-theoretic algorithms
- Shanks
- 1973
(Show Context)
Citation Context ...is work was partially supported by a scholarship of PEDECIBA MatemáticasThe original method of Tonelli required about e 2 /2 operations for computing the discrete logarithm. It was improved by Shanks =-=[8]-=-, who rearranged the algorithm in a clever way such that the operations done for computing a 0 bit include the operations needed for computing the next bit. Thus, while the number of operations in the... |

24 |
On the least prime in an arithmetic progression, I. The basic theorem, II. The Deuring-Heilbronn’s phenomenon
- Linnik
- 1944
(Show Context)
Citation Context ...des pi − 1. From the definition is clear that ei = i, and ni > i. We now give an upper bound for ni. Lemma 4.1. There exists absolute constants L, C such that eiL + C > ni. Proof. A theorem of Linnik =-=[6, 7]-=- states that if (a, m) = 1 then the least prime number congruent to a modulo m is less than C0m L for some absolute constants C0, L. Applying this to pi we get pi < C02 (ei+1)L . (3) Taking base 2 log... |

20 |
Bemerkung über die Auflösung quadratischer Congruenzen. Göttinger Nachrichten
- Tonelli
(Show Context)
Citation Context ...be the number of ones in the binary representation of p. We denote by Gp the Sylow 2-subgroup of IF × p , which is cyclic of order 2 e . 2 The Algorithm of Tonelli and Shanks The algorithm of Tonelli =-=[9]-=-, is based in this observation: it’s easy to reduce the problem to the case a ∈ Gp, because [IF × p : Gp] is odd. Then one can use the Legendre symbol to find a generator of Gp, and compute the square... |

10 | Faster square roots in annoying finite fields
- Bernstein
(Show Context)
Citation Context ...even counting the sums and the Legendre symbol computations). Therefore TS(pi) Cip(pi) = Ω(ni), and the theorem follows. ⊓⊔ 5 Last Remarks I thank the referee for pointing me to the work of Bernstein =-=[2]-=-. In this work, Bernstein improves the algorithm of Tonelli and Shanks. He computes discrete logarithms several bits at a time by means of some auxiliar precomputations. This is especially appealing i... |

10 | An analysis of Shanks’s algorithm for computing square roots in finite fields. Number theory
- Lindhurst
- 1996
(Show Context)
Citation Context ...ue and non-residue inputs.sTheorem 4.2. lim sup p prime TS(p) = ∞ . (4) Cip(p) Proof. From Corollary 2.3 and Proposition 3.2 we know that TS(pi) > ei(ei − 1) 4 > (ni − C)(ni − C − L) 4L 2 = Ω(n 2 i ) =-=(5)-=- and that Cip(pi) = O(ni) (even counting the sums and the Legendre symbol computations). Therefore TS(pi) Cip(pi) = Ω(ni), and the theorem follows. ⊓⊔ 5 Last Remarks I thank the referee for pointing m... |

9 |
Un metodo per la risoluzione della congruenza di secondo
- Cipolla
- 1903
(Show Context)
Citation Context ... be room for improvements when e is large with respect to n, provided that such prime numbers exist.s3 The Algorithm of Cipolla An alternative to using discrete logarithms is the algorithm of Cipolla =-=[3]-=-. Let a ∈ IF × p , and assume that we know t ∈ IFp such that t 2 − a is a quadratic nonresidue. Then X 2 − (t 2 − a) is irreducible over IFp, and IFp[α], with α 2 = t 2 − a, is a finite field of p 2 e... |

5 |
On the least prime in an arithmetic progression, II. The DeuruigHeilbronn phenornenon
- Linnik
(Show Context)
Citation Context ...des pi − 1. From the definition is clear that ei = i, and ni > i. We now give an upper bound for ni. Lemma 4.1. There exists absolute constants L, C such that eiL + C > ni. Proof. A theorem of Linnik =-=[6, 7]-=- states that if (a, m) = 1 then the least prime number congruent to a modulo m is less than C0m L for some absolute constants C0, L. Applying this to pi we get pi < C02 (ei+1)L . (3) Taking base 2 log... |

1 |
On prime numbers in an arithmetic progression with a prime-power difference
- Barban, Linnik, et al.
- 1964
(Show Context)
Citation Context ...we conclude that ni < eiL + C. ⊓⊔ Remark. The best known unconditional value for L is 11/2, due to HeathBrown [4]. Assuming the Generalized Riemann Hypothesis, one can use L = 2+ɛ for arbitrary ɛ > 0 =-=[1, 4]-=-. In the case in hand, where the modulus are all powers of two, there may be even stronger results. For example, in [1] the authors prove that one can use L = 8/3 + ɛ provided the modulus are restrict... |