Talk:Tonelli–Shanks algorithm

	This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:
Mathematics Low‑priority Mathematics portal This article is within the scope of WikiProject Mathematics, a collaborative effort to improve the coverage of mathematics on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Low This article has been rated as Low-priority on the project's priority scale.

the case where p = 3 mod 4

Latest comment: 11 years ago2 comments2 people in discussion

It is written that in the special case where p equals 3 modulo 4, then the solution is simply:

${\displaystyle n^{(p+1)/4}}$ 

I don't get why. Is it supposed to be obvious? --Grondilu (talk) 14:01, 20 June 2012 (UTC)Reply

Yes. Square it, and apply Euler's criterion.—Emil J. 14:41, 20 June 2012 (UTC)Reply

alberto tonelli needs enwiki biop (from itwiki)

Latest comment: 6 years ago1 comment1 person in discussion

Alberto Tonelli needs a enwiki translation. He has an article on the itwiki, a small one that doesn't mention he first came up with the important Tonelli-Shanks modular square root algorithm. There are three algorithms to take a modular square root and Tonelli's is as good as any of them. It's actually a rather important algorithm, since public key cryptography uses modular arithmetic. Endo999 (talk) 02:13, 28 August 2017 (UTC)Reply

dickson's work on tonelli says the algorithm will work on mod p^k

Latest comment: 6 years ago3 comments1 person in discussion

I'm not a professional mathematician but I just read Dickson's "History of Numbers" ^[1] where it says on page 215-216 that

A. Tonelli^[2] gave an explicit formula for the roots of ${\displaystyle x^{2}=c({\bmod {p^{\lambda }}})}$ 

Perhaps some mathematician should work out if the Tonelli algorithm takes modular square roots for powers of primes as well as for primes This Wiki article says the algorithm only works for prime modula.

After reading the Dickson text a couple of times on p215,216 I came across this formula for the square root of ${\displaystyle x^{2}{\bmod {p^{y}}}}$ .

when ${\displaystyle p=4*7+1}$ , or ${\displaystyle s=2}$  and ${\displaystyle A=7}$ 

for ${\displaystyle x^{2}{\bmod {p^{\lambda }}}\equiv c}$  then

${\displaystyle x{\bmod {p^{\lambda }}}\equiv \pm (c^{A}+3)^{\beta }*c^{(\beta +1)/2}}$  where ${\displaystyle \beta \equiv a*p^{\lambda -1}}$ 

Noting that ${\displaystyle 23^{2}{\bmod {29^{3}}}\equiv 529}$  and noting that ${\displaystyle \beta =7*29^{2}}$  then

${\displaystyle (529^{7}+3)^{7*29^{2}}*529^{(7*29^{2}+1)/2}{\bmod {29^{3}}}\equiv 24366\equiv -23}$ 

So Tonelli's math does seem to take modular square roots of prime powers! Endo999 (talk) 03:17, 2 September 2017 (UTC)Reply

Here's another equation: ${\displaystyle 2333^{2}{\bmod {29^{3}}}\equiv 4142}$  and

${\displaystyle (4142^{7}+3)^{7*29^{2}}*4142^{(7*29^{2}+1)/2}{\bmod {29^{3}}}\equiv 2333}$ 

Endo999 (talk) 06:36, 30 August 2017 (UTC)Reply

On page 215-216 of the Dickson book, the equation is given of Tonelli's:

${\displaystyle X{\bmod {p^{y}}}\equiv x^{p^{y-1}}*c^{(p^{y}-2p^{y-1}+1)/2}}$  where ${\displaystyle X^{2}{\bmod {p^{y}}}\equiv c}$  and ${\displaystyle x^{2}{\bmod {p}}\equiv c}$ ;

Using ${\displaystyle p=23}$  and using the modulus of ${\displaystyle p^{3}}$  the math follows (in mathematica):

Mod[1115^2, 23 23 23]=2191
 
Mod[1115^2, 23]=6
PowerMod[6, 1/2, 23]=11

Mod[11^(23 23) 2191^((23 23 23 - 2 23 23 + 1)/2), 23 23 23] =1115

Thus Tonelli's work can work for a 3 mod 4 prime power. Endo999 (talk) 20:23, 11 September 2017 (UTC)Reply

References

1. "History of the Theory of Numbers" Volume 1 by Leonard Eugene Dickson, p215-216 read online
2. "AttiR. Accad. Lincei, Rendiconti, (5), 1, 1892, 116-120."

The algorithm makes no sense at all when ${\displaystyle d>1}$

Latest comment: 6 years ago1 comment1 person in discussion

I suppose that ${\displaystyle (\mathbb {Z} /p\mathbb {Z} )^{d}}$  should rather read ${\displaystyle \mathbb {Z} /p^{d}\mathbb {Z} }$ ? And the introductory sentence is more than confusing as well. The "multiplicative group" would perhaps be ${\displaystyle (\mathbb {Z} /p^{d}\mathbb {Z} )^{\times }}$ , and of course all operations and comparisons in that ring are modulo ${\displaystyle p^{d}}$ . --Hagman (talk) 09:09, 10 February 2018 (UTC)Reply

Completely agreed. There are further issues: several times when computing the order of the multiplicative group modulo ${\displaystyle p^{d}}$ , the order is given as ${\displaystyle p^{d}-1}$  instead of the correct ${\displaystyle p^{d}-p^{d-1}}$ . I think this should be flagged for fixing - it's factually incorrect as written on the page at present. --Anonymous Coward, 19:35, 5 November 2018 (UTC) — Preceding unsigned comment added by 97.115.75.203 (talk)

Error in first line of 'core ideas'?

Latest comment: 6 years ago2 comments2 people in discussion

> Given a non-zero n and an odd prime p, the Euler's criterion tells us that n has a square root (i.e., n is a quadratic residue) if and only if

I don't know about this stuff, but this seems wrong in one or more ways. First, "has a square root" has to be wrong, as every integer "has a square root". I think it means an integer square root? Secondly, I don't think that's true either, but only "modulo p". I think maybe a quadratic residue is only sensible "modulo p"? At least, based on my understanding from the first sentence of "Quadratic residue" wikipedia page. — Preceding unsigned comment added by 134.134.139.74 (talk) 21:44, 22 February 2018 (UTC)Reply

I have linked quadratic residue in that sentence since it is the first occurrence. And yes, it is modulo p. I think the lead makes that clear. It is the first sentence after the lead. PrimeHunter (talk) 22:30, 22 February 2018 (UTC)Reply

About the Tonelli formulas

Latest comment: 4 years ago1 comment1 person in discussion

This is a bit confusing:

The Dickson reference shows the following formula for the square root of ${\displaystyle x^{2}{\bmod {p^{y}}}}$ .

when ${\displaystyle p=4*7+1}$ , or ${\displaystyle s=2}$ (s must be 2 for this equation) and ${\displaystyle A=7}$  such that ${\displaystyle 29=2^{2}*7+1}$ 

for ${\displaystyle x^{2}{\bmod {p^{\lambda }}}\equiv c}$  then

${\displaystyle x{\bmod {p^{\lambda }}}\equiv \pm (c^{A}+3)^{\beta }*c^{(\beta +1)/2}}$  where ${\displaystyle \beta \equiv a*p^{\lambda -1}}$ 

Noting that ${\displaystyle 23^{2}{\bmod {29^{3}}}\equiv 529}$  and noting that ${\displaystyle \beta =7*29^{2}}$  then

[....]

One should probably say (using the notation in Dickson's "History of the theory of numbers"):

The Dickson reference shows the following formula for the square root of ${\displaystyle x^{2}{\bmod {p^{\lambda }}}}$ .

when ${\displaystyle p=2^{s}a+1}$  is prime, where ${\displaystyle s>=1}$  and ${\displaystyle a}$  is odd, thus ${\displaystyle \gamma =ap^{\lambda -1}}$  is odd

for ${\displaystyle x^{2}{\bmod {p^{\lambda }}}\equiv c}$ , where ${\displaystyle \lambda >=1}$  then

if ${\displaystyle s=1}$ :

${\displaystyle x{\bmod {p^{\lambda }}}\equiv \pm c^{(\gamma +1)/2}}$ 

if ${\displaystyle s=2}$ :

${\displaystyle x{\bmod {p^{\lambda }}}\equiv \pm (c^{a}+3)^{\gamma }c^{(\gamma +1)/2}}$ 

if ${\displaystyle s=3}$ :

${\displaystyle x{\bmod {p^{\lambda }}}\equiv \pm (c^{2a}+k)^{\gamma }\{(c^{2a}+k)^{2a}c^{a}+k\}^{2\gamma }c^{\frac {\gamma +1}{2}}}$ ,

where ${\displaystyle k}$  is an integer such that ${\displaystyle k+1}$  is a quadratic residue of ${\displaystyle p}$ , and ${\displaystyle k-1}$  is a non-residue.

We may take ${\displaystyle k=-2}$  if ${\displaystyle a}$  is not divisible by ${\displaystyle 3}$ , but ${\displaystyle k=-4}$  if ${\displaystyle a}$  is divisible by ${\displaystyle 3}$ , while neither ${\displaystyle a}$  nor ${\displaystyle 4a+1}$  are divisible by ${\displaystyle 5}$ .

In the following we set ${\displaystyle s=2}$ , ${\displaystyle a=7}$  and ${\displaystyle \lambda =3}$  such that ${\displaystyle p=2^{2}*7+1=29}$ , ${\displaystyle \gamma =7*29^{2}}$  and ${\displaystyle c\equiv 23^{2}{\bmod {29^{3}}}\equiv 529}$  then

[....] — Preceding unsigned comment added by 88.76.118.122 (talk) 23:09, 9 June 2019 (UTC)Reply