## On Taking Square Roots without Quadratic Nonresidues over Finite Fields (2009)

Citations: | 1 - 1 self |

### BibTeX

@MISC{Sze09ontaking,

author = {Tsz-wo Sze},

title = {On Taking Square Roots without Quadratic Nonresidues over Finite Fields},

year = {2009}

}

### OpenURL

### Abstract

We present a novel idea to compute square roots over finite fields, without being given any quadratic nonresidue, and without assuming any unproven hypothesis. The algorithm is deterministic and the proof is elementary. In some cases, the square root algorithm runs in Õ(log2 q) bit operations over finite fields with q elements. As an application, we construct a deterministic primality proving algorithm, which runs in Õ(log3 N) for some integers N. 1

### Citations

913 |
A Course in Computational Algebraic Number Theory
- Cohen
- 1996
(Show Context)
Citation Context ... be a square. The square root problem over Fq is to find α ∈ Fq such that α 2 = β, given β and Fq as inputs. Suppose q ≡ 1 (mod 8) in this paper. Otherwise, the square root problem is easy; see [12], =-=[11]-=-. The problem of taking square roots over a finite field and the problem of constructing a quadratic nonresidue over the same finite field are polynomial time equivalent. If one can take square roots,... |

675 |
The Art of Computer Programming, volume 2: Seminumerical Algorithms
- Knuth
- 1988
(Show Context)
Citation Context ...over Gα can be computed by a few field operations over Fq in the worst case. The lemma follows from the fact that field operations over Fq can be performed in Õ(log q) bit operations; see [13], [22], =-=[15]-=-, [29]. Lemma 5.3. Given a square β ∈ Fq, the power [g] k for any [g] ∈ G ′ α can be computed in Õ(log k log q) bit operations without the knowledge of α. Proof. The power [g] k can be evaluated in Õ(... |

207 |
Riemann’s hypothesis and tests for primality
- Miller
- 1976
(Show Context)
Citation Context ...e deterministic algorithms. The running time of the AKS algorithm [2] and Lenstra-Pomerance’s modified AKS algorithm [14] are Õ(log7.5 N) and Õ(log6 N), respectively. Assuming ERH, Miller’s algorithm =-=[17]-=- is deterministic with running time Õ(log4 N). Theorem 6.1. (Proth’s Theorem) Let N = 2 e t + 1 for some odd t with 2 e > t. If a (N−1)/2 ≡ −1 (mod N) for some a, then N is a prime. See [31] for the d... |

170 |
Elliptic curves over finite fields and the computation of square roots mod p
- Schoof
- 1985
(Show Context)
Citation Context ...ime algorithm for taking square roots, or equivalently, constructing a quadratic nonresidue, over prime fields in general, deterministic polynomial time algorithms exist in some special cases. Schoof =-=[23]-=- showed a deterministic algorithm for computing square roots of β over Fp with running time O((|β| 1/2+ǫ log p) 9 ) bit operations 1 for all ǫ > 0. Thus, his algorithm is polynomial time for any fixed... |

155 |
Factoring polynomials over large finite fields
- Berlekamp
- 1970
(Show Context)
Citation Context ...rithms for taking square roots in finite fields. Tonelli-Shanks [27, 24], Adleman-Manders-Miller [1] and Cipolla-Lehmer [10, 16] require a quadratic nonresidue as an additional input. Berlekamp-Rabin =-=[7, 20]-=- takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], [5], [6], [8], [9], [18] [19] and [28]. We restrict ... |

133 |
Prime numbers: a computational perspective
- Crandall, Pomerance
- 2005
(Show Context)
Citation Context ...β ∈ Fq be a square. The square root problem over Fq is to find α ∈ Fq such that α 2 = β, given β and Fq as inputs. Suppose q ≡ 1 (mod 8) in this paper. Otherwise, the square root problem is easy; see =-=[12]-=-, [11]. The problem of taking square roots over a finite field and the problem of constructing a quadratic nonresidue over the same finite field are polynomial time equivalent. If one can take square ... |

107 |
Elliptic Curves: Number Theory and Cryptography(Second Edition
- Washington
- 2008
(Show Context)
Citation Context ..., (x,y) ↦−→ (y/x) + α (y/x) − α is an isomorphism from Ens(Fq) to F × q . The inverse is τ −1 : F × q → Ens(Fq), 1 ↦−→ ∞, λ ↦−→ ( 4α2λ (λ − 1) 2, 4α3 (λ + 1) (λ − 1) 3 ) . For proofs and details, see =-=[30]-=- p61 - p63. Together with the isomorphism ψ given in equation (4.6), we have Gα ≃ F × q ≃ Ens(Fq). The isomorphism from Ens(Fq) to Gα is surprisingly simple: ψ −1 ◦ τ : Ens(Fq) −→ Gα, ∞ ↦−→ [∞] , (x,y... |

97 |
zur Gathen and Jürgen Gerhard. Modern Computer Algebra
- von
- 1999
(Show Context)
Citation Context ...α can be computed by a few field operations over Fq in the worst case. The lemma follows from the fact that field operations over Fq can be performed in Õ(log q) bit operations; see [13], [22], [15], =-=[29]-=-. Lemma 5.3. Given a square β ∈ Fq, the power [g] k for any [g] ∈ G ′ α can be computed in Õ(log k log q) bit operations without the knowledge of α. Proof. The power [g] k can be evaluated in Õ(log k)... |

82 | Probabilistic Algorithms in Finite Fields
- Rabin
- 1980
(Show Context)
Citation Context ...rithms for taking square roots in finite fields. Tonelli-Shanks [27, 24], Adleman-Manders-Miller [1] and Cipolla-Lehmer [10, 16] require a quadratic nonresidue as an additional input. Berlekamp-Rabin =-=[7, 20]-=- takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], [5], [6], [8], [9], [18] [19] and [28]. We restrict ... |

79 |
Schnelle Multiplikation großer Zahlen
- Schönhage, Strassen
- 1971
(Show Context)
Citation Context ...ion ∗ over Gα can be computed by a few field operations over Fq in the worst case. The lemma follows from the fact that field operations over Fq can be performed in Õ(log q) bit operations; see [13], =-=[22]-=-, [15], [29]. Lemma 5.3. Given a square β ∈ Fq, the power [g] k for any [g] ∈ G ′ α can be computed in Õ(log k log q) bit operations without the knowledge of α. Proof. The power [g] k can be evaluated... |

42 | Faster Integer Multiplication
- Furer
- 2007
(Show Context)
Citation Context ...operation ∗ over Gα can be computed by a few field operations over Fq in the worst case. The lemma follows from the fact that field operations over Fq can be performed in Õ(log q) bit operations; see =-=[13]-=-, [22], [15], [29]. Lemma 5.3. Given a square β ∈ Fq, the power [g] k for any [g] ∈ G ′ α can be computed in Õ(log k log q) bit operations without the knowledge of α. Proof. The power [g] k can be eva... |

37 |
Five numbertheoretic algorithms
- Shanks
- 1972
(Show Context)
Citation Context ...tually obtain a quadratic nonresidue because the number of steps is O(log q). Conversely, given a quadratic nonresidue as an additional input, there are deterministic polynomial time algorithms [27], =-=[24]-=- and [1] for computing square roots. There is no known deterministic polynomial time square root algorithm over finite fields in general, therefore, there is no known deterministic polynomial time alg... |

36 |
On taking roots in finite fields
- Adleman, Manders, et al.
- 1977
(Show Context)
Citation Context ...tain a quadratic nonresidue because the number of steps is O(log q). Conversely, given a quadratic nonresidue as an additional input, there are deterministic polynomial time algorithms [27], [24] and =-=[1]-=- for computing square roots. There is no known deterministic polynomial time square root algorithm over finite fields in general, therefore, there is no known deterministic polynomial time algorithm f... |

29 |
The least quadratic non residue
- Ankeny
- 1952
(Show Context)
Citation Context ...due over Fp is non-trivial only if p ≡ 1 (mod 16), p ≡ 1 (mod 3) and p ≡ 1 (mod 5). We end our discussion on prime fields by considering the Extended Riemann Hypothesis (ERH). By assuming ERH, Ankeny =-=[3]-=- showed that the least 2 quadratic nonresidue over Fp is less than clog 2 p for some constant c. As a consequence, the probabilistic algorithm for finding a quadratic nonresidue mentioned previously c... |

24 |
A simple and fast probabilistic algorithm for computing square roots modulo a prime number
- Peralta
- 1986
(Show Context)
Citation Context ...iller [1] and Cipolla-Lehmer [10, 16] require a quadratic nonresidue as an additional input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta =-=[21]-=- is similar to Berlekamp-Rabin. For other results, see [4], [5], [6], [8], [9], [18] [19] and [28]. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although ... |

21 |
Computer technology applied to the theory of numbers
- Lehmer
- 1969
(Show Context)
Citation Context ... a quadratic nonresidue is found. There are several efficient probabilistic algorithms for taking square roots in finite fields. Tonelli-Shanks [27, 24], Adleman-Manders-Miller [1] and Cipolla-Lehmer =-=[10, 16]-=- require a quadratic nonresidue as an additional input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. F... |

19 |
Bemerkung über die Auflösung quadratischer Congrenzen, Göttinger Nachrichten
- Tonelli
- 1891
(Show Context)
Citation Context ...d eventually obtain a quadratic nonresidue because the number of steps is O(log q). Conversely, given a quadratic nonresidue as an additional input, there are deterministic polynomial time algorithms =-=[27]-=-, [24] and [1] for computing square roots. There is no known deterministic polynomial time square root algorithm over finite fields in general, therefore, there is no known deterministic polynomial ti... |

10 | Faster square roots in annoying finite fields
- Bernstein
(Show Context)
Citation Context ... additional input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], [5], [6], =-=[8]-=-, [9], [18] [19] and [28]. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although there is no known deterministic polynomial time algorithm for taking squa... |

9 |
A Note on Square Roots in Finite Fields
- BACH
- 1990
(Show Context)
Citation Context ...onresidue as an additional input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see =-=[4]-=-, [5], [6], [8], [9], [18] [19] and [28]. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although there is no known deterministic polynomial time algorithm ... |

9 |
On the computation of square roots in finite fields
- Müller
- 2004
(Show Context)
Citation Context ...ut. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], [5], [6], [8], [9], [18] =-=[19]-=- and [28]. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although there is no known deterministic polynomial time algorithm for taking square roots, or equ... |

8 | Constructing nonresidues in finite fields and the extended Riemann hypothesis
- Buchmann, Shoup
- 1996
(Show Context)
Citation Context ...tional input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], [5], [6], [8], =-=[9]-=-, [18] [19] and [28]. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although there is no known deterministic polynomial time algorithm for taking square ro... |

8 |
Un metodo per la risoluzione della congruenza di secondo
- Cipolla
- 1903
(Show Context)
Citation Context ... a quadratic nonresidue is found. There are several efficient probabilistic algorithms for taking square roots in finite fields. Tonelli-Shanks [27, 24], Adleman-Manders-Miller [1] and Cipolla-Lehmer =-=[10, 16]-=- require a quadratic nonresidue as an additional input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. F... |

5 | Édouard Lucas and Primality Testing, volume 22 - Williams - 1998 |

4 |
Note on taking square-roots modulo N
- Bach, Huber
- 1999
(Show Context)
Citation Context ...idue as an additional input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], =-=[5]-=-, [6], [8], [9], [18] [19] and [28]. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although there is no known deterministic polynomial time algorithm for t... |

4 | On Solving Univariate Polynomial Equations over Finite Fields and Some Related Problems
- Sze
- 2007
(Show Context)
Citation Context ...there is a unique order 2 element in Gα. For any α ∈ F × q , we have ψ([0]) = 0 + α = −1. 0 − α Thus, [0] is the order 2 element in Gα, independent of the choice of α. For more discussions on Gα, see =-=[25]-=-. 54.1 Singular Curves with a Double Root We can reinterpret the group law in terms of “singular elliptic curves.” Consider the curve E : y 2 = x 2 (x + α 2 ). Let E(Fq) be the points on the curve wi... |

3 |
and José Felipe Voloch. Efficient computation of roots in finite fields
- Barreto
(Show Context)
Citation Context ...as an additional input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], [5], =-=[6]-=-, [8], [9], [18] [19] and [28]. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although there is no known deterministic polynomial time algorithm for taking... |

2 |
On probable prime testing and the computation of square roots mod n
- Müller
- 2000
(Show Context)
Citation Context ...l input. Berlekamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], [5], [6], [8], [9], =-=[18]-=- [19] and [28]. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although there is no known deterministic polynomial time algorithm for taking square roots, o... |

1 |
Square roots modp
- Turner
- 1994
(Show Context)
Citation Context ...kamp-Rabin [7, 20] takes square roots by polynomial factoring over finite fields. The idea of Peralta [21] is similar to Berlekamp-Rabin. For other results, see [4], [5], [6], [8], [9], [18] [19] and =-=[28]-=-. We restrict our discussion to prime fields Fp for odd prime p in the following paragraphs. Although there is no known deterministic polynomial time algorithm for taking square roots, or equivalently... |