Talk:Tonelli–Shanks algorithm

the case where p = 3 mod 4
It is written that in the special case where p equals 3 modulo 4, then the solution is simply:

$$n^{(p+1)/4}$$

I don't get why. Is it supposed to be obvious? --Grondilu (talk) 14:01, 20 June 2012 (UTC)
 * Yes. Square it, and apply Euler's criterion.—Emil J. 14:41, 20 June 2012 (UTC)

alberto tonelli needs enwiki biop (from itwiki)
Alberto Tonelli needs a enwiki translation. He has an article on the itwiki, a small one that doesn't mention he first came up with the important Tonelli-Shanks modular square root algorithm. There are three algorithms to take a modular square root and Tonelli's is as good as any of them. It's actually a rather important algorithm, since public key cryptography uses modular arithmetic. Endo999 (talk) 02:13, 28 August 2017 (UTC)

dickson's work on tonelli says the algorithm will work on mod p^k
I'm not a professional mathematician but I just read Dickson's "History of Numbers" where it says on page 215-216 that


 * A. Tonelli gave an explicit formula for the roots of $$x^{2}=c (\bmod{ p^{\lambda}})$$

Perhaps some mathematician should work out if the Tonelli algorithm takes modular square roots for powers of primes as well as for primes This Wiki article says the algorithm only works for prime modula.

After reading the Dickson text a couple of times on p215,216 I came across this formula for the square root of $$x^{2}\bmod{p^{y}}$$.


 * when $$p=4*7+1$$, or $$s=2$$ and $$A=7$$
 * for $$x^{2}\bmod{p^{\lambda}}\equiv c$$ then
 * $$x \bmod{p^{\lambda}}\equiv \pm (c^{A}+3)^{\beta}*c^{(\beta+1)/2}$$ where $$\beta \equiv a*p^{\lambda-1}$$

Noting that $$23^{2} \bmod{ 29^{3}}\equiv 529$$ and noting that $$\beta = 7*29^{2}$$ then


 * $$(529^{7} + 3)^{7* 29^{2}}* 529^{(7*29^{2} + 1)/2}\bmod{ 29^{3}}\equiv 24366 \equiv -23$$

So Tonelli's math does seem to take modular square roots of prime powers! Endo999 (talk) 03:17, 2 September 2017 (UTC)

Here's another equation: $$2333^{2} \bmod{ 29^{3}}\equiv 4142$$ and


 * $$(4142^{7} + 3)^{7 *29^{2}}* 4142^{(7*29^{2} + 1)/2}\bmod{ 29^{3}}\equiv 2333$$

Endo999 (talk) 06:36, 30 August 2017 (UTC)

On page 215-216 of the Dickson book, the equation is given of Tonelli's:


 * $$X\bmod{p^{y}}\equiv x^{p^{y-1}}*c^{(p^{y}-2p^{y-1}+1)/2}$$ where $$X^{2}\bmod{p^{y}}\equiv c$$ and $$x^{2}\bmod{p}\equiv c$$;

Using $$p=23$$ and using the modulus of $$p^{3}$$ the math follows (in mathematica):

Mod[1115^2, 23 23 23]=2191 Mod[1115^2, 23]=6 PowerMod[6, 1/2, 23]=11

Mod[11^(23 23) 2191^((23 23 23 - 2 23 23 + 1)/2), 23 23 23] =1115 Thus Tonelli's work can work for a 3 mod 4 prime power. Endo999 (talk) 20:23, 11 September 2017 (UTC)

The algorithm makes no sense at all when $$d>1$$
I suppose that $$(\mathbb Z/p\mathbb Z)^d$$ should rather read $$\mathbb Z/p^d\mathbb Z$$? And the introductory sentence is more than confusing as well. The "multiplicative group" would perhaps be $$(\mathbb Z/p^d\mathbb Z)^\times$$, and of course all operations and comparisons in that ring are modulo $$p^d$$. --Hagman (talk) 09:09, 10 February 2018 (UTC)

Completely agreed. There are further issues: several times when computing the order of the multiplicative group modulo $$ p^d $$, the order is given as $$ p^d-1$$ instead of the correct $$ p^d - p^{d-1} $$. I think this should be flagged for fixing - it's factually incorrect as written on the page at present. --Anonymous Coward, 19:35, 5 November 2018 (UTC) — Preceding unsigned comment added by 97.115.75.203 (talk)

Error in first line of 'core ideas'?
> Given a non-zero n and an odd prime p, the Euler's criterion tells us that n has a square root (i.e., n is a quadratic residue) if and only if

I don't know about this stuff, but this seems wrong in one or more ways. First, "has a square root" has to be wrong, as every integer "has a square root". I think it means an integer square root? Secondly, I don't think that's true either, but only "modulo p". I think maybe a quadratic residue is only sensible "modulo p"? At least, based on my understanding from the first sentence of "Quadratic residue" wikipedia page. — Preceding unsigned comment added by 134.134.139.74 (talk) 21:44, 22 February 2018 (UTC)
 * I have linked quadratic residue in that sentence since it is the first occurrence. And yes, it is modulo p. I think the lead makes that clear. It is the first sentence after the lead. PrimeHunter (talk) 22:30, 22 February 2018 (UTC)

About the Tonelli formulas
This is a bit confusing:

The Dickson reference shows the following formula for the square root of $$x^{2}\bmod{p^{y}}$$.


 * when $$p=4*7+1$$, or $$s=2$$(s must be 2 for this equation) and $$A=7$$ such that $$29=2^{2}*7+1$$
 * for $$x^{2}\bmod{p^{\lambda}}\equiv c$$ then
 * $$x \bmod{p^{\lambda}}\equiv \pm (c^{A}+3)^{\beta}*c^{(\beta+1)/2}$$ where $$\beta \equiv a*p^{\lambda-1}$$

Noting that $$23^{2} \bmod{ 29^{3}}\equiv 529$$ and noting that $$\beta = 7*29^{2}$$ then

[....]

One should probably say (using the notation in Dickson's "History of the theory of numbers"):

The Dickson reference shows the following formula for the square root of $$x^{2}\bmod{p^{\lambda}}$$.


 * when $$p=2^{s}a + 1$$ is prime, where $$s>=1$$ and $$a$$ is odd, thus $$\gamma=ap^{\lambda-1}$$ is odd
 * for $$x^{2}\bmod{p^{\lambda}}\equiv c$$, where $$\lambda>=1$$ then
 * if $$s=1$$:
 * $$x \bmod{p^{\lambda}}\equiv \pm c^{(\gamma+1)/2}$$
 * if $$s=2$$:
 * $$x \bmod{p^{\lambda}}\equiv \pm (c^{a}+3)^{\gamma}c^{(\gamma+1)/2}$$
 * if $$s=3$$:
 * $$x \bmod{p^{\lambda}}\equiv \pm (c^{2a}+k)^{\gamma}\{(c^{2a}+k)^{2a}c^{a}+k\}^{2\gamma}c^{\frac {\gamma+1}{2}}$$,
 * where $$k$$ is an integer such that $$k+1$$ is a quadratic residue of $$p$$, and $$k-1$$ is a non-residue.
 * We may take $$k=-2$$ if $$a$$ is not divisible by $$3$$, but $$k=-4$$ if $$a$$ is divisible by $$3$$, while neither $$a$$ nor $$4a+1$$ are divisible by $$5$$.

In the following we set $$s=2$$, $$a=7$$ and $$\lambda=3$$ such that $$p=2^{2}*7+1=29$$, $$\gamma=7*29^{2}$$ and $$c \equiv 23^{2} \bmod{ 29^{3}} \equiv 529$$ then

[....] — Preceding unsigned comment added by 88.76.118.122 (talk) 23:09, 9 June 2019 (UTC)