User:Endo999

I have created some javascript in my GoogleTrans.js file that will marry the Google translation javascript api with Wikipedia. Help for this gadget is at User:Endo999/GoogleTrans.

Install
You can install GoogleTrans by going to my preferences when you are logged into Wikipedia. clicking on the Gadgets tab in your profile, and then selecting the GoogleTrans gadget.

Then, you may need to restart your browser (clear the cache) to get it working. (Shift+F5 also work for Firefox, and CTRL+F5 works for Internet Explorer).

From then on the following will happen

Features
1) Like the Google toolbar: whenever you place the cursor over a word (for say 2 seconds), a popup will happen with the foreign language translation of the word. When you move the cursor away from the word, the popup window will disappear.

Note: a new feature recently introduced means that you have to hold the shift key down after you have hovered over a word (or selected text). This feature can be turned off by clicking on the Translation Popups tab at the top of the page and clicking on the link that turns this feature off.

2) Over 50 languages: As many languages as Google does. The Change Translation Languages popup window has a To language.  Click on the ->French (ie) at the top of the Popup window to change the language being translated to.

3) Work with: IE, Firefox, Epiphany, Safari, Opera, and Chrome. This feature is turned off for Konqueror at the moment because 2005 Konquerer does not run the javascript well.  Perhaps later versions of Konqueror do, but I have not tested on them.

4) And: when a cursor is placed within selected text, then all the selected text is translated (this for IE, Firefox, Chrome, and Epiphany). Safari and Opera don't support this option.

5) Within the popup are some links If you click on this link you get to change the language translation pair
 * a) a '->FRENCH', as an example. This means translation is happening from English to French.
 * b) a source link which takes you to the Google translation web page.
 * c) A 'X' link, just in case moving the cursor away from the popup does not get rid of the popup.

6) To stay up: move the cursor into the popup, or outside the frame of the document (like onto the nondocument part of the browser) the popup window will stay up.

7) There is a 'GoogleTrans (on/off)' tab. (on/off)  tells whether the translation popups feature is on or off.  Click on the tab to get the Change Translation Languages popup window, which will allow you to toggle the feature on or off.


 * Others

The page goes beyond the Google translation feature of their toolbar in that over 50 languages are supported (translations between them and not just from English), and translation of selected text paragraphs (up to 500 characters) happens for IE, Firefox, Chrome, and Epiphany.

The translation software at Google is very powerful and I thought I would marry the premier language site on the web with it. The Javascript for determining the word under the cursor in a web page and/or the selected text under the cursor is mine.

Endo999 (talk) 02:59, 11 October 2008 (UTC)

Selected Text Translation


Translation of small amounts of selected text is possible. Select less than 500 characters of text, put the cursor within the selected text (preferably right on a word within the selected text), and hit the SHIFT key. At this point you will see a popup (like the picture shown) with the translated text. If you wish to have the next sentence translated, simply click on the "Translate Next Sentence?" link at the bottom left of the popup.

Math Blog
The following material is Endo999's math blog.

Fun Mathematical Observations
For fun, consider the following:

Everybody knows the following is true:


 * $$\frac{r^{3}}{r^{2}} == r^{1}$$

However, the following analogue for $$r^{x} + r^{-x}$$ is also true:


 * $$\frac{r^{3} + r^{-3}}{r^{2} + r^{-2} - 1} == r^{1} + r^{-1}$$

So:


 * $$\frac{8 + \frac{1}{8}}{4 + \frac{1}{4} - 1} == 2 + \frac{1}{2}$$

and
 * $$\frac{27 + \frac{1}{27}}{9 + \frac{1}{9} - 1} == 3 + \frac{1}{3}$$

Viola! Make sure to remember the $$-1$$ in the denominator.

Redrafting Cubes
With the equation in the section above, we can take a cube and draft the equation as:


 * $$2^{8*3} + 2^{-8*3} \bmod{89*29} \equiv 2385 \equiv (2^{8} + 2^{-8}) (2^{16} + 2^{-16} - 1)$$

or


 * $$2^{5*3} + 2^{-5*3} \bmod{89*29} \equiv 2013 \equiv (2^{5} + 2^{-5}) (2^{10} + 2^{-10} - 1)$$

or


 * $$2^{4*3} + 2^{-4*3} \bmod{89*29} \equiv 670 \equiv (2^{4} + 2^{-4}) (2^{8} + 2^{-8} - 1)$$

Thus,


 * $$2^{x*3} + 2^{-x*3} \bmod{p*q} \equiv (2^{x} + 2^{-x}) (2^{2*x} + 2^{-2*x} - 1)$$

This is a redrafting of any cube or power of cubes.

You can also redraft the cube as:


 * $$(2^{x} - 2^{-x}) (2^{2*x} + 2^{-2*x} + 1)\bmod{p*q}\equiv 2^{x*3}-2^{-x*3}$$

Redrafting an RSA cipher to the 23rd power
As $$m^{23} \bmod{p*q}\equiv c$$, in our RSA cipher, then $$2^{23/3}\bmod{ 89 *29} \equiv 1529$$, therefore,


 * $$(1529 + 1529^{-1}) (1529^{2} + 1529^{-2} - 1)\bmod{ 89* 29}\equiv 2^{23}+2^{-23}\equiv 1115$$

If $$m^{e}\bmod{p*q}$$ has a cube power then the equation holds.

You can solve for $$2^{23/3}+2^{-23/3}$$ by solving the cubic modular equation:


 * $$x (x^2 - 3) \bmod{89*29}\equiv 1115$$

where $$x=1924\equiv 1529+1529^{-1}\bmod{89*29}$$

Or


 * $$(1529 - 1529^{-1}) (1529^{2} + 1529^{-2} + 1)\bmod{ 89* 29}\equiv 2^{23}-2^{-23}\equiv 2182$$

Back To Fun Facts On Math
How about the 2 modular square roots of a modular power. For instance,

$$2^{31} \bmod 803$$ is the modular square root for $$2^{62} \bmod 803$$. So is $$2^{14} \bmod 803$$ because $$2^{90} \bmod 803 \equiv 1$$.

As the power cycle is $$90$$ for the modulus $$803$$, then $$2^{62} \bmod 803 \equiv 2^{-28} \bmod 803$$ since $$62+28 = 90$$. As such $$2^{62/2} \equiv 2^{31}$$ and $$2^{-28/2} \equiv 2^{-14}$$

So


 * $$\frac{2^{31} + 2^{-31} \bmod 803}{2^{14} + 2^{-14} \bmod 803} \bmod 803 \equiv \sqrt{1} \bmod 803 \equiv 2^{45} \bmod 803$$

and


 * $$\frac{2^{31} - 2^{-31} \bmod 803}{2^{14} - 2^{-14} \bmod 803} \bmod 803\equiv -\sqrt{1} \bmod 803 \equiv -2^{45} \bmod 803$$

Also,

$$\frac{x^{2} - y^{2}}{x - y} \bmod n \equiv (y + x) \bmod n$$

Also,

$$(g^{p*q+1})^{p*q-1} + (g^{p*q+1})^{-(p*q-1)} \bmod p*q \equiv g^{p^{2} - q^{2}} + g^{q^{2} - p^{2}} \bmod p*q$$

Also,

$$g^{p*q-1} + g^{-(p*q-1)} \bmod p*q \equiv g^{p-q} + g^{q-p} \bmod p*q$$

and

$$g^{p*q-1} - g^{-(p*q-1)} \bmod p*q \equiv \sqrt{1} ( g^{p-q} - g^{q-p} ) \bmod p*q$$

Also,

$$g^{p*q} + g \bmod p*q \equiv g^{p} + g^{q} \bmod p*q$$

and

$$g^{p*q} - g \bmod p*q \equiv \sqrt{1} ( g^{p} - g^{q} ) \bmod p*q$$

Also,

$$((\sqrt{1}+1)^{2} + (\sqrt{1}-1)^2))^{even power} \bmod p q \equiv ((\sqrt{1}+1)^{2} - (\sqrt{1}-1)^2))^{even power} \bmod p q $$

Also, while the above equations usually show the sum of powers mod p*q, the terms, individually, usually show powers of p and q mod p or q. Thus,

$$g^{p q} \bmod p q \equiv g^{p} \bmod q$$

$$g^{p q -1} \bmod p q \equiv g^{p-q} \bmod q$$

Most of the above equations of sums of powers can be split up in the manner shown just above.

Also, $$(pq -1) \bmod pq \equiv \sqrt{1} \bmod q$$ This seems obvious since $$(pq-1) \bmod pq \equiv -1 \bmod q$$ and $$-1*-1 \bmod n \equiv 1 \bmod n$$ ,however, $$g^{(q-1)/2} \bmod q \equiv -1 \bmod q$$ many times

Also, $$\frac{g^{3x}+g^{-3x}}{g^{x}-g^{-x}} - \frac{g^{x}+g^{-x}}{g^{x}-g^{-x}} == g^{2x}-g^{-2x}$$

$$i + 1$$ as the base or generator for modular powers is also fun to do


 * $$\alpha = (i+1)^{p q} - (i+1) \bmod pq$$

will equal a complex number with the real or imaginary numbers sometimes being $$\alpha = -((2^{(p - 1)/2}) (-+) (2^{(q-1)/2})) + \sqrt{1}((2^{(p - 1)/2}) (+-) (2^{(q-1)/2}))i$$ or $$\alpha = -((2^{(p - 1)/2}) (-+) (2^{(q-1)/2}))i + \sqrt{1}((2^{(p - 1)/2}) (+-) (2^{(q-1)/2}))$$

It seems to vary with the semi-prime looked at.

$$(i+1)$$ as a generator is really wild and you should definitely check it out. In general the real and imaginary terms will equal the square roots of what the powers would produce if the generator was $$2$$.

Fun Math Observations for Modular Square Roots
1)
 * $$\frac{2^{p-q}+2^{q-p}}{2^{pq-1}+2^{-(pq-1)}} \bmod pq \equiv 1$$


 * $$\frac{2^{p-q}-2^{q-p}}{2^{pq-1}-2^{-(pq-1)}} \bmod pq \equiv \sqrt{1} \bmod pq$$

2)

As the power cycle is $$90$$ for the modulus $$803$$, then $$2^{62} \bmod 803 \equiv 2^{-28} \bmod 803$$ since $$62+28 = 90$$. As such $$2^{62/2} \equiv 2^{31}$$ and $$2^{-28/2} \equiv 2^{-14}$$

So


 * $$\frac{2^{31} + 2^{-31} \bmod 803}{2^{14} + 2^{-14} \bmod 803} \bmod 803 \equiv \sqrt{1} \bmod 803 \equiv 2^{45} \bmod 803$$

and


 * $$\frac{2^{31} - 2^{-31} \bmod 803}{2^{14} - 2^{-14} \bmod 803} \bmod 803\equiv -\sqrt{1} \bmod 803 \equiv -2^{45} \bmod 803$$

3)

You can take a modular square root of any odd composite modulus in square root of the modulus steps via:

Multiply the root by squares (i*i) until the resulting number mod the modulus is an actual square. At this point you can take the real square root, and modular divide by i (the root of the square you multiplied the left side with). This will give the modular square root.


 * $$i*i*modularsquare \bmod p*q \equiv $$
 * After which:
 * $$root \bmod p*q \equiv \frac{\sqrt{ }}{i} \bmod p*q$$

I have a way, which is similar but more complex, which introduces $$\alpha$$ and $$\beta$$ coefficients into the equation. By manipulating the coefficients you can get a small number of the right (after moding). This small number can be worked with something like the quadratic sieve to find a square root in less that $$\sqrt{modulus}$$ steps.

Sum Of Squares
Interestingly the sum of all the squares in a modulus is $$0$$. Thus:


 * $$\sum_{x=1}^{x=p*q-1} x^{2} \bmod{p*q}\equiv 0$$

This means that:


 * $$x^2 \bmod{p*q}\equiv -(\sum_{y=1}^{y=x-1} y^{2}+ \sum_{y=x+1}^{y=p*q-1} y^{2}) \bmod{p*q}$$

This means that any quadratic number (a square in mod p*q) is equal to the minus of all the sums of squares of all the other numbers

The well known sum of squares formula shows the sum of squares for the first $$t$$ squares.


 * $$t*(t + 1)*(2*t + 1)/6$$

The sum of all numbers in a modulus field is also 0. Since every number $$N$$ in a semiprime modulus field is countered by $$-N$$ on the other side of the field then this has to be.


 * $$\sum_{x=1}^{x=p*q-1} x \bmod{p*q}\equiv 0$$

Sum of Powers and RSA
Even though we don't know what $$m$$ is, when we are given $$m^{e}\bmod{p*q}$$, we do know that


 * $$m^{e}\bmod{p*q} \equiv -(\sum_{x=1}^{x=m-1} x^{e}+\sum_{x=m+1}^{x=p*q-1} x^{e})$$

You can take the sum of consecutive powers from 1 to N quite easily according to Faulhaber's formula. The mathematica for doing this follows:

Faulhaber[m_, p_, n_] := Module[{a1, a2}, a1 = 0; For[a2 = 0, a2 <= p, a2++, a1 += (-1)^a2 (Binomial[p + 1, a2]) BernoulliB[a2] (m^(p + 1 - a2)); ];     a1 /= (p + 1); Print[Mod[a1, n]]; ];

An Equation For A Modular Square Root
Since


 * $$\frac{2^{3x}-1}{2^{x}-1} \bmod p*q \equiv 2^{2x}+2^{x}+1$$

then every modular square is equivalent to:


 * $$\frac{(2^{3x}-1)}{(2^{x}-1)}-2^{x}-1 \bmod p*q \equiv 2^{2x}$$

and every power root is defined as:


 * $$\frac{(2^{3x}-1)}{(2^{x}-1)}-2^{2x}-1 \bmod p*q \equiv 2^{x}$$

Now viewers may say that $$\frac{(2^{3x}-1)}{(2^{x}-1)}$$ is a hard term to come up with, however, terms like this are possible. Note:


 * $$\frac{2^{804-402-3}}{2^{401}} \bmod 803 \equiv \frac{2^{15}(2^{93}-1)}{2^{5}(2^{31}-1)}$$

So terms like the one needed are almost instantly possible to generate from moduli of $$p*q$$.

The general equation is a polynomial where:


 * $$\frac{(2^{4x}-1)}{(2^{x}-1)} \bmod p*q \equiv 2^{3x} + 2^{2x} + 2^{x} + 1$$

The general equation is (Neal Koblitz reports this as well in ):


 * $$\frac{(2^{\alpha x}-1)}{(2^{x}-1)} \bmod p*q \equiv 2^{(\alpha - 1)x} + 2^{(\alpha - 2)x} + 2^{2x} + 2^{x} + 1$$

As well:


 * $$\frac{(2^{3x}-1)}{(2^{2x}-1)} \bmod p*q \equiv \frac{(2^{2x})}{(2^{x}+1)} + 1$$


 * $$\frac{(2^{4x}-1)}{(2^{3x}-1)} \bmod p*q \equiv \frac{(2^{2x}+1)}{\frac{(2^{2x})}{(2^{x}+1)} + 1}$$

A Link Between The Two Equivalent Modular Square Roots
If you take one modular square root, let's say $$16*16 \bmod 949 \equiv 256$$, you can get the other square root (in this case $$673*673 \bmod 949 \equiv 256$$, by:


 * $$ChineseRemainder[\{ 16, Mod[-16, 949] \},\{73, 13 \}]=673$$

You can get the modular square root of 1 by


 * $$ChineseRemainder[\{ 1, Mod[-1, p*q] \}, \{p, q \}]=\sqrt{1} \bmod p*q$$

You can get a quad root of 1 by


 * $$ChineseRemainder[\{ \sqrt{1} \bmod p*q \bmod p, \sqrt{-1} \bmod p*q \bmod q \}, \{ p, q \}]=1^{1/4} \bmod p*q$$

So, using this ChineseRemainder method you usually get the other root, but in the two cases just shown above you get the square root of the inputs.(Mathematica code is above). The last equation tends to indicate that there are no quad roots of 1 for 3 mod 4 semiprimes.

Square Root Of 1 mod P*Q Definition
Quoting from Wilson's theorem:

Gauss proved that if m > 2



\prod_{k = 1 \atop \gcd(k,m)=1}^{m} \!\!k \ \equiv \begin{cases} -1     \pmod{m}  & \text{if } m=4,\;p^\alpha,\;2p^\alpha \\ \;\;\,1 \pmod{m} & \text{otherwise} \end{cases} $$

where p is an odd prime, and $$\alpha$$ is a positive integer.

This means that the multiplication of all numbers up to (n-1)/2, where n=p*q, that are not factors of n will equal the square root of 1 mod p*q:



\prod_{k = 1 \atop \gcd(k,m)=1}^{(m-1)/2} \!\!k \ \equiv \begin{cases} \;\;\,\sqrt{1} \pmod{m} & \end{cases} $$

As in the following mathematica statement:

Mod[1 2 3 4 6 8 9 11 12 13 16 17, 35]=6

where 6*6 mod 35 === 1.

This works since, GAUSS has proven (see above) that Mod[1*2*3*4*6*8*9*11*12*13*16*17*18*19*22*23*24*26*27*29*31*32*33*34, 35]==1

and thus that Mod[1*2*3*4*6*8*9*11*12*13*16*17*-1*-2*-3*-4*-6*-8*-9*-11*-12*-13*-16*-17, 35]=== Mod[1*2*3*4*6*8*9*11*12*13*16*17*18*19*22*23*24*26*27*29*31*32*33*34, 35]==1

As such

Mod[1*2*3*4*6*8*9*11*12*13*16*17,35]===Mod[-1*-2*-3*-4*-6*-8*-9*-11*-12*-13*-16*-17, 35] and since Mod[1*2*3*4*6*8*9*11*12*13*16*17,35]*Mod[-1*-2*-3*-4*-6*-8*-9*-11*-12*-13*-16*-17, 35]==1

then Mod[1*2*3*4*6*8*9*11*12*13*16*17,35]===1^(1/2) mod 35

Definition Of Square Root Of -1 Mod P*Q
Working from Gauss' definition above, we can see that in the case of a prime modulus that, for instance:

Mod[1*2*3*4, 5]==-1==4 Thus since

Mod[1*2*-2*-1, 5]==Mod[1*2*3*4, 5]==-1==4

the same proof outlined just above can be applied to prime moduluses for $$\sqrt{-1}\bmod{p}$$. Namely, that:

Mod[1*2, 5]==2 where 2*2==4==-1 mod 5

As such (this is partially revealed in an earlier section):

ChineseRemainder[{Mod[1*2,5],Mod[1*2*3*4*5*6, 13]},{5,13}]==57 mod 5*13 where 57*57 mod 5*13 == -1

This can be rewritten, given the ChineseRemainder statement above, as the following Mathematica statement:

Mod[1 2 + (1 2) (3 4 5 6 - 1) 5 PowerMod[5 - 13, -1, 5 13], 5 13]=57 where 57*57 mod 5*13==-1

I've only tested this out for 1 mod 4 semiprimes.

Another Definition Of The Square Root of 1 Mod P*Q
Since the following two equations are the equations for the two square roots of -1: ChineseRemainder[{Mod[1*2,5],Mod[1*2*3*4*5*6, 13]},{5,13}] ChineseRemainder[{Mod[1*2,5],Mod[-1*2*3*4*5*6, 13]},{5,13}]

since the $$\sqrt{-1}_{1}*\sqrt{-1}_{2}\bmod{p*q}\equiv \sqrt{1}$$ then the following applies:

ChineseRemainder[{Mod[1*2,5],Mod[1*2*3*4*5*6, 13]},{5,13}]*ChineseRemainder[{Mod[1*2,5],Mod[-1*2*3*4*5*6, 13]},{5,13}]=14 this can be converted into the following equation below by observing that the muliply sign outside the ChineseRemainder symbols can be applied within them as such: Mod[ChineseRemainder[{(1 2)^2,-( 1 2 3 4 5 6)^2},{5, 13}], 5 13]=14 where 14*14 mod 65 === 1

and also where

Mod[ChineseRemainder[{(1 2)^2, ( 1 2 3 4 5 6)^2},{5, 13}], 5 13]=64 where 64 mod 65 === -1

The definition of the square root of 1 mod p*q shown in the first equation in this section can be rewritten, with knowledge of the Chinese Remainder theorum, to be:

Mod[(1 2)^2 + (1 2)^2 (-(3 4 5 6)^2 - 1) 5 PowerMod[5 - 13, -1, 5 13], 5 13]=14 where 14*14 mod 65 == 1

this semiprime works as well:

Mod[(1 2 3 4 5 6)^2 + (1 2 3 4 5 6)^2 (-(7 8)^2 - 1) 13 PowerMod[13 - 17, -1, 17 13], 17 13]=103 where 103*103 mod 17*13 = 1

P/(P-Q) mod P*Q Seems To Be A Special Number In the MOD P*Q Field
If you take $$p(p-q)^{-1} \bmod{p*q}$$ it has some unusual properties, the main one being that it is its own square and square root. For instance,

Mod[89 PowerMod[60, -1, 89 29], 89 29]=1335 where 1335*1355 mod 89*29===1335

Also,

Mod[29 PowerMod[-60, -1, 89 29], 89 29]=1247

$$-1335 \bmod{89*29}\equiv 1246$$ which is one off 1247.

This number has unusual properties.

By and large, any number that is $$0 \bmod{ p}$$ and $$1 \bmod{q}$$ will be its own square or square root.

The difference between 1335 and 1247 is 88 which is $$-\sqrt{1}\bmod{89*29}\equiv 88$$. Thus:


 * $$-(p*(p-q)^{-1})+1\bmod{p*q}\equiv (q*(q-p)^{-1})$$

and
 * $$(p*(p-q)^{-1})-(q*(q-p)^{-1})\bmod{p*q}\equiv -\sqrt{1}$$

Moreover, $$(p*(p-q)^{-1})\bmod{p*q}\equiv (p*(p+q)^{-1})$$

Because both self-square numbers described here for 89*29 (1247 and 1335) are either 0 mod p and 1 mod q or 1 mod p and 0 mod q, then the Product To Sum Theorum, described elsewhere in the blog, applies. Thus:


 * $$2^{p*q-1}\equiv 2^{p+q-2}\bmod{p*q} \equiv 2^{88+28}\bmod{89*29}\equiv 1247(2^{28}) + 1335(2^{88})\equiv 509\equiv 1247(2^{28}) - 1246(2^{88}) $$

where $$2*1247-1\bmod{89*29}\equiv -2*1335+1\equiv \sqrt{1}$$. This is another way to unwind the multiplication!

Because $$1247*1355 \bmod{89*29}\equiv 0$$ then:


 * $$ (1247(2^{14}) - 1335(2^{44}))^{2}\bmod{89*29}\equiv 1247(2^{28}) + 1335(2^{88})$$

and by switching the sign of one of the numbers the other square root is found. Thus:


 * $$1247(2^{14}) - 1335(2^{44})\bmod{89*29}\equiv \sqrt{1}*(1247(2^{14}) + 1335(2^{44}))$$

Constructing the Squareless Number and Algebra With The Squareless Number
The Squareless number has the Idempotent (ring theory) property for a P*Q modulus.

Quoting from the wiki article Idempotent (ring theory):

There are two nontrivial idempotent elements given by e = (1 − j)/2 and  e∗ = (1 + j)/2. Recall that idempotent means that ee = e and e∗e∗ = e∗. Both of these elements are null:
 * $$\lVert e \rVert = \lVert e^* \rVert = e^* e = 0 .$$

Zero divisor has the following quote:

An idempotent element e!= 1 of a ring is always a two-sided zero divisor, since e(1-e)=0=(1-e)e} e(1-e)=0=(1-e)e

There are two idempotent numbers in a P*Q modulus, and the multiplication of both mod p*q is equivalent to 0. These are the Zero Divisors that James Cockles spoke about in his Tessarines.

As well, according to Split-quaternion,

Unlike the quaternion algebra, the split-quaternions contain nontrivial zero divisors, nilpotent elements, and idempotents. (For example, $1⁄2$(1 + j) is an idempotent zero-divisor, and i − j is nilpotent.)

However, in modular arithmetic, there are no nilpotent numbers, according to the passage above:


 * $$(i-j)^{2}\bmod{p*q} \not{\!\!\equiv} 0\equiv (568-2493)^{2}\bmod{89*29}\equiv 1890$$

So nilpotentacy is not a thing in modular arithmetic for tessarines. As a result, there can't be any Unipotent numbers in the P*Q field either.

These items apply to the two SQUARELESS numbers of P*Q modula. $$j$$ in the above equations equals $$\sqrt{1}\bmod{p*q}$$

According to you can construct the squareless number via:


 * $$89*(89^{-1} \bmod 29)\bmod{89*29}\equiv 1335\equiv 89*15$$

or


 * $$p*(p^{-1} \bmod q)\bmod{p*q}$$

Moreover, these is a type of definition of any square with regard to the squareless number. If $$\alpha_{i}$$ are the two squareless numbers of $$p*q$$ then:


 * $$(\alpha_{1} + \beta)*(\alpha_{2}+\beta)\bmod{p*q}\equiv \beta^{2}+\beta$$

Thus, since the difference between the two squareless numbers is $$\pm \sqrt{1}\bmod{p*q}$$ then


 * $$(x^2) \bmod{p*q}\equiv (\alpha_{1}+\beta)(\alpha_{2}\pm \sqrt{1}+\beta) \equiv \beta^{2}+\beta \pm \sqrt{1}*x$$

This is a type of algebra. An example:


 * $$1360=1335+25$$, $$1360^2 \bmod{89*29}\equiv 1604 \equiv 25^2+25 - 2493* 1360$$

Idempotent Numbers And 3/2 mod p*q
Working with the residue as a modular complex number and working with the inverse definition of a complex number, one can derive the following equate for all p*q modulus:


 * $$(idempotent_{1}+1)^{-1}+(idempotent_{2}+1)^{-1}\bmod{p*q}\equiv 3*2^{-1}$$

and
 * $$\sqrt{1}((idempotent_{1}+1)^{-1}-(idempotent_{2}+1)^{-1})\bmod{p*q}\equiv 1*2^{-1}$$

Dropping into Mathematica to come up with examples: Mod[PowerMod[1335 + 1, -1, 89 29]+ PowerMod[1247 + 1, -1, 89 29], 89 29] = 1292

Mod[3 PowerMod[2, -1, 89 29], 89 29]= 1292

Mod[1335^2, 89 29]= 1335

Mod[1247^2, 89 29]= 1247

here's an example of the minus of the two items.

Mod[2493(PowerMod[1335 + 1, -1, 89 29]- PowerMod[1247 + 1, -1, 89 29]), 89 29]=1291

PowerMod[2,-1, 89 29]=1291

lets try another number

Mod[PowerMod[(6060 + 1), -1, 101 73] + PowerMod[(1314 + 1), -1, 101 73], 101 73]= 3688

Mod[3 PowerMod[2, -1, 101 73], 101 73]= 3688

Mod[6060^2, 101 73]= 6060

Mod[1314^2, 101 73]= 1314

lets try a 3 mod 4 semiprime

Mod[PowerMod[1027 + 1, -1, 79 19] + PowerMod[475 + 1, -1, 79 19], 79 19]=752

Mod[3 PowerMod[2, -1, 79 19], 79 19]=752

Mod[1027^2, 79 19]=1027

Mod[475^2, 79 19]=475

Determining that


 * $$(idempotent_{1}+1)^{-1}\bmod{p*q}\equiv (3+\sqrt{1})*4^{-1}$$

An example:

PowerMod[1335 + 1, -1, 89 29]=624

Mod[PowerMod[1335 + 1, -1, 89 29]+ PowerMod[1247 + 1, -1, 89 29], 89 29] = 1292

Mod[-(PowerMod[1335 + 1, -1, 89 29] - PowerMod[1247 + 1, -1, 89 29]), 89 29]=44= (-\sqrt{1}/2)

Mod[(1292 -44) PowerMod[2, -1, 89 29], 89 29]=624

Mod[((3 + 2493) PowerMod[4, -1, 89 29]), 89 29]=624

By symmetry
 * $$(idempotent_{2}+1)^{-1}\bmod{p*q}\equiv (3-\sqrt{1})*4^{-1}$$

Mod[((3 - 2493) PowerMod[4, -1, 89 29]), 89 29]=668

PowerMod[1247 + 1, -1, 89 29]=668

These numbers bear some similarity to Eisenstein integer.

Similarly,


 * $$(idempotent_{1}+2)^{-1}+(idempotent_{2}+2)^{-1}\bmod{p*q}\equiv (3*2^{-1}+1)*3^{-1}$$


 * $$\sqrt{1}((idempotent_{1}+2)^{-1}-(idempotent_{2}+2)^{-1})\bmod{p*q}\equiv 5*(3*2^{-1}+1)*3^{-1}-4$$(examples soon)

Dropping into Mathematica to come up with examples: Mod[PowerMod[1335 + 2, -1, 89 29]+ PowerMod[1247 + 2, -1, 89 29], 89 29] = (1292+1)/3 = 431

Mod[3 PowerMod[2, -1, 89 29], 89 29]= 1292

here's the example for the minus of the two squares: 2493 is square root of 1 mod 89*29

Mod[2493(PowerMod[1335 + 2, -1, 89 29]- PowerMod[1247 + 2, -1, 89 29]), 89 29]=2151

Mod[ 5 431-4, 89 29]=2151

lets try another number

Mod[PowerMod[(6060 + 2), -1, 101 73] + PowerMod[(1314 + 2), -1, 101 73], 101 73]= (3688+1)/3 = 6145

Mod[3 PowerMod[2, -1, 101 73], 101 73]= 3688

lets try a 3 mod 4 semiprime

Mod[PowerMod[1027 + 2, -1, 79 19] + PowerMod[475 + 2, -1, 79 19], 79 19]= (752+1)/3 = 251

Mod[3 PowerMod[2, -1, 79 19], 79 19]=752

Working with the definition of the Idempotent number in terms of P and Q given above we can make the following statements:


 * $$(P-Q)( ((N)*P-Q)^{-1} - ((N)Q - P)^{-1} )\bmod{P*Q}\equiv N^{-1}+1$$


 * $$((N-1)* P) (N* P - Q)^{-1} + ((N-1)* Q)(N *Q - P)^{-1}= -(N^{-1}-1)$$

Finally,


 * $$( P) (N* P - Q)^{-1} + ( Q)(N *Q - P)^{-1}\bmod{P*Q}\equiv N^{-1}$$

This above equation establishes a new relationship between a residue mod p*q and its inverse!

My math blog has previously defined numbers in terms of powers of p and q. This is the first time I have defined ordinary residues in terms of p and q (not powers of p and q).

Some examples follow:

Mod[(89 - 29) (PowerMod[ (1)89 - 29, -1, 89 29] -    PowerMod[ (1)29 - 89, -1, 89 29]), 89 29]= 2 now take the inverse of 1 PowerMod[1, -1, 89 29]= 1

now take 7 as the multiplier

PowerMod[7, -1, 89 29]=1475

Mod[(89-29) (PowerMod[7 89 - 29, -1, 89 29] -    PowerMod[7 29 - 89, -1, 89 29]), 89 29]=1476

this converts to

Mod[((-6 89) PowerMod[7 89 - 29, -1, 89 29] - (6 29) PowerMod[    7 29 - 89, -1, 89 29]), 89 29]=1474 or Mod[((6 89) PowerMod[7 89 - 29, -1, 89 29] + (6 29) PowerMod[    7 29 - 89, -1, 89 29]), 89 29]= -1474

Finally,

Mod[(( 89) PowerMod[7 89 - 29, -1, 89 29] + ( 29) PowerMod[ 7 29 - 89, -1, 89 29]), 89 29]=1475

now take 5 as the multiplier

PowerMod[5, -1, 89 29]=2065

Mod[(89-29) (PowerMod[5 89 - 29, -1, 89 29] -    PowerMod[5 29 - 89, -1, 89 29]), 89 29]=2066

Mod[(( 89) PowerMod[5 89 - 29, -1, 89 29] + ( 29) PowerMod[5 29 - 89, -1, 89 29]), 89 29]=2065

lets try a 3 mod 4 semiprime

Mod[60 (PowerMod[7 79 - 19, -1, 79 19] -    PowerMod[7 19 - 79, -1, 79 19]), 79 19]=430

Mod[ (79 PowerMod[7 79 - 19, -1, 79 19] + 19    PowerMod[7 19 - 79, -1, 79 19]), 79 19]=429

PowerMod[7, -1, 19 79]=429

Minusing the sign introduces the square root of 1 into the equation, as per some of my other examples:


 * $$(( P) (N* P - Q)^{-1} - ( Q)(N *Q - P)^{-1})\bmod{P*Q}\equiv -\sqrt{1}*N^{-1}$$

Mod[89 PowerMod[3 89 - 29, -1, 89 29] - 29 PowerMod[3 29 - 89, -1, 89 29], 89 29]= 1750

Mod[88 PowerMod[3, -1, 89 29], 89 29]= 1750

Mod[88 PowerMod[79, -1, 89 29], 89 29]= 1700

Mod[89 PowerMod[79 89 - 29, -1, 89 29] - 29 PowerMod[79 29 - 89, -1, 89 29], 89 29]= 1700

Finally, since there is a close relationship between the idempotent numbers and the square root of 1 mod p*q, we have the following equation

$$(-\sqrt{1}+3)^{-1}+(\sqrt{1}+3)^{-1}\bmod{p*q}\equiv 3*4^{-1}$$

2493 is the square root of 1 for the 89*29 modulus

Mod[PowerMod[-2493 + 3, -1, 89 29] + PowerMod[2493 + 3, -1, 89 29], 89 29]= 646

Mod[3 PowerMod[4, -1, 89 29], 89 29]= 646

The Relationship Between The Squareless Number And The Square Root Of -1
The relationship between the Squareless number and the two Square Roots of -1 mod p*q are shown in the following equations:


 * $$568 + 2*1247*945\bmod{89 *29}\equiv 945$$


 * $$-945 + 2*1335*568\bmod{89* 29}\equiv 568$$

where 568 and 945 are the two square roots of -1 mod 89*29 and 1247 and 1335 are the two squareless numbers of 89*29.

Thus:


 * $$\pm \sqrt{-1}_{1}+2*\alpha_{1}*\sqrt{-1}_{2}\bmod{p*q}\equiv \sqrt{-1}_{2}$$

where $$\alpha$$ is one of the squareless numbers.

The Relationship Between The Squareless Number And The Quad Root Of 1
Also, $$(1335+1247*568)^{2}\bmod{89*29}\equiv 88\equiv -\sqrt{1}$$

Thus this is the definition of the quad root of 1. The other quad root $$\sqrt[4]{1}\bmod{p*q}$$ is:


 * $$(1335-1247*568)\bmod{89*29}$$

Thus the idempotent numbers of the p*q modulus provide the coefficients for the modular complex definition of the quad roots of 1 (this is only for 1 mod 4 semiprimes now). You can swap the idempotent numbers and change the square root of -1 to get the other quad roots.

The Relationship Between The Squareless Number And g^(p-1)-1 mod p*q
Since, $$6060$$ and $$1314$$ are squareless numbers mod $$101*73$$, and $$6060+1314 \bmod{101*73}\equiv 1$$ then


 * $$ (6060+1314)*\alpha \bmod{101*73}\equiv \alpha \equiv 6060*\alpha + 1314*\alpha$$. Remember that since $$6060 \bmod{101}\equiv 0$$ and $$1314 \bmod{73}\equiv 0$$ any multiplication by $$\alpha$$ will keep the mod equivalents. In other words


 * $$6060*\alpha \bmod{101}\equiv 0$$ and $$1314*\alpha \bmod{73}\equiv 0$$

Thus since $$g^{p-1}-1\bmod{p}\equiv 0$$ and $$g^{q-1}-1\bmod{q}\equiv 0$$, and since $$g^{p*q-1}-1\bmod{p*q}\equiv (g^{p-1}-1)+(g^{q-1}-1)$$ then


 * $$SQUARELESS_{\bmod{p}\equiv 0}*(g^{p*q-1}-1) \bmod{p*q}\equiv g^{p-1}-1$$
 * $$SQUARELESS_{\bmod{q}\equiv 0}*(g^{p*q-1}-1) \bmod{p*q}\equiv g^{q-1}-1$$

or


 * $$6060*(2^{101*73-1}-1) \bmod{101*73}\equiv 2^{100}-1$$
 * $$1314*(2^{101*73-1}-1) \bmod{101*73}\equiv 2^{72}-1$$

Thus, probably all of the sums of $$x_{x \bmod{p}\equiv 0} + y_{y\bmod{q}\equiv 0}$$ are derivable from the squareless numbers. This is a conjecture but if each $$sum=X+Y$$ only has one $$x_{x \bmod{p}\equiv 0} + y_{y\bmod{q}\equiv 0}$$, then the conjecture is probably proved.

Thus the squareless numbers seem to be the anchors of the ring of numbers that are of the form: $$x_{i \bmod{p}\equiv 0} + y_{y\bmod{q}\equiv 0}$$.

As well as $$g^{p-1}-1 \bmod{p*q}\equiv X*p$$ and $$g^{q-1}-1 \bmod{p*q}\equiv Y*q$$ then the equation for $$X_{i}$$ and $$Y_{i}$$ is now known:


 * where $$g^{p-1}-1 \bmod{p*q}\equiv X*p$$ then $$X \bmod{p*q} \equiv \pm (p^{-1}\bmod{q})*(g^{p*q-1}-1) \bmod{q}$$
 * where $$g^{q-1}-1 \bmod{p*q}\equiv Y*q$$ then $$Y \bmod{p*q} \equiv \pm (q^{-1}\bmod{p})*(g^{p*q-1}-1)\bmod{p}$$

Implications For RSA
In another section of this blog there is the claim that


 * $$1145^{1010}\bmod{89*29}\equiv 37*(37^{9*89} + 37^{9*29} - 37^{9})\equiv 2458$$
 * where $$(23*1010-1)/(89*29)=9$$

With knowledge of the self-square numbers for $$89*29$$ of $$1247$$ and $$1335$$ then the above equation can be turned into:


 * $$1145^{1010}\bmod{89*29}\equiv 37^{10}*(1335*37^{9*88} + 1247*37^{9*28})\equiv 2458$$
 * where $$(23*1010-1)/(89*29)=9$$

or


 * $$1145^{1010}\bmod{89*29}\equiv 37^{10}*(1335*37^{88} + 1247*37^{28})^{9}\equiv 2458$$

Another equation that can be made from this melange is:


 * $$1335*37^{9*29} + 1247*37^{9*89}\bmod{89*29}\equiv 37^{9}\equiv 1639$$

all powers can be redrawn as sums of powers using P and Q

 * $$1335*37^{3*29} + 1247*37^{3*89}\bmod{89*29}\equiv 37^{3}\equiv 1614$$

where $$1335*37+1247*37\bmod{89*29}\equiv 37$$

The Base Can Be Changed
or we can change the base of the powers to $$1247*37$$ and $$1335*37$$


 * $$1145^{1010}\bmod{89*29}\equiv 37^{10}*( (1335*37)^{88} + (1247*37)^{28})^{9}\equiv 2458$$

In other words:


 * $$1335*37^{88}\bmod{89*29}\equiv (1335*37)^{88}$$

For instance,

Mod[ 1335 4^30, 89 29]=712

and

Mod[(4 1335)^30, 89 29]=712

Mod[(2 2493 - 2)^30, 89 29]=712 where 2493 is square root of 1 mod 89*29

For instance:

Mod[4^(88 + 28), 89 29]==981==Mod[1335 4^(88) + 1247 4^(28), 89 29]

and

Mod[ (2 2493 - 2)^(88) + (2 2493 + 2)^(28), 89 29]==981

For instance, with an rsa key of 23 then the base can be changed in the following equation:

Mod[(2 37)^(23 (89 29-1)), 89 29]==915==Mod[1335 (2 37)^(23 88) + 1247 (2 37)^(23 28), 89 29]

This equals

Mod[(37 2493 - 37)^(23 88) + (37 2493 + 37)^(23 28), 89 29]==915

The Product To Sum theorum of RSA semiprimes
If $$p$$ and $$q$$ are odd primes and
 * $$2^{x} \bmod p \equiv 1 or -1$$

and
 * $$2^{y} \bmod q \equiv 1 or -1$$

then the product of these
 * $$2^{x}2^{y} \bmod p*q \equiv \pm 2^{x} \pm 2^{y} \pm 1 \bmod p*q$$

The sum or subtraction of the powers will be one off the product of the powers. This type of equivalence happens for


 * $$2^{p-1}|2^{(p-1)/2}|2^{q-1}|2^{(q-1)/2}|\sqrt{1}$$

Basically, any combination of the $$p$$ and $$q$$ powers above will yield a similarity between the product of these powers and the sum of the powers. The signs of the sums will change according to whether the congruence is $$1$$ or $$-1$$.

Normally, the $$\sqrt{1}$$ is:
 * $$\sqrt{1}\bmod p*q \bmod p \equiv 1$$
 * $$\sqrt{1} \bmod p*q \bmod q \equiv -1$$

so it partakes of this relationship (theorum) as well.

Sometimes the quad root of 1 ($$1^{1/4} \bmod p*q$$ and $$1^{3/4} \bmod p*q$$) and also the square root of -1 ($$\sqrt{-1}_{x} \bmod p*q$$) also partake of this theorum as well.

Thus,


 * $$2^{p-q} \bmod p*q \equiv \pm 2^{p-1} \pm 2^{-(q-1)} \pm 1 $$

or


 * $$2^{72}+2^{-10}-1 \bmod 73*11 \equiv 2^{73-11}$$

as


 * $$2^{72} \bmod 73 \equiv 1$$
 * $$2^{-10} \bmod 11 \equiv 1$$

so both signs will be pluses.

Since


 * $$2^{36} \bmod 73 \equiv 1$$
 * $$2^{5} \bmod 11 \equiv -1$$

so


 * $$-2^{36}+2^{5} \bmod 73*11 \equiv 2^{36+5}-1 \bmod 73*11$$

as the sign of the terms is switched among the terms due to polynomial expansion since:


 * $$2^{36} \bmod 73 = \alpha 73 + 1$$
 * $$2^{5} \bmod 11 = \beta 11 - 1$$

and


 * $$2^{36} 2^{5} \equiv (\alpha 73 + 1)(\beta 11 -1) \bmod 73*11$$

Now


 * $$(\alpha 73)(\beta 11) \bmod 73*11 \equiv 0$$

The other three terms of the multiplication are:


 * $$(-1)(2^{36}-1) + (1)(2^{5}+1) -1 = -2^{36}+2^{5}+1$$

This resulting residual is equal to $$2^{41}$$

This theorum is a type of analogue, among modular powers, to the Parallelogram law, which works on squares.

Even RSA can be manipulated with the Product To Sum Theorum
If we take $$e=3$$ and $$p*q=89*29$$ then $$e^{-1} \bmod{89*29} \equiv 1721$$

Please note that $$(3*1721-1)/(89*29)=2$$ and for this example $$m=37$$:


 * $$m^{3}\bmod{89*29}\equiv 1614$$


 * $$1614^{1721} \bmod{89*29} \equiv 37^{1+2(89+29-1)}\equiv 902$$

If we divide the cipher, $$37^3$$, which we know, away from $$902$$ then:


 * $$37^{1+2(89+29-1)-3} \bmod {89*29} \equiv 37^{2(88+28)}\equiv 2137$$

This is perfect for the Product To Sum theorum shown in the just previous section. As such


 * $$37^{2*88}+37^{2*28} \bmod{89*29} \equiv 2137+1 $$

So either $$m^{2*(p-1)+2*(q-1)} \bmod{p*q}$$ or $$m^{2*(p-1)}+m^{2*(q-1)} \bmod{p*q}$$ can be derived from a public encryption key of 3.

With the example given, note that $$2*88 \bmod 3 \equiv 2$$ and $$2*28 \bmod 3 \equiv 2$$ as well, although $$2*(89*29 - 1) - 3\bmod 3 \equiv 0 $$

All modular cube roots could be expressed again as the sum of powers of 2(p-1) and 2(q-1). Thus the cube root, or the base, can be expressed as more than one power, not just one.

With A Public Key of 23
Using $$e=23$$,$$m=37$$ modulus of $$89*29$$,$$c=37^{23}\bmod{89*29}\equiv 1145$$(which is known) and noting that $$23^{-1} \bmod{89*29} \equiv 1010$$ then, after some steps of algebra I am not showing:


 * $$1145^{1010}\bmod{89*29}\equiv 37*(37^{9*89} + 37^{9*29} - 37^{9})\equiv 2458$$
 * where $$(23*1010-1)/(89*29)=9$$

Thus, it looks like the general equation where any nth root, given $$root^{power}\bmod{p*q}$$ can be rewritten in terms of the powers of p and q is:


 * $$c^{e^{-1} \bmod{p*q}}\bmod{p*q}\equiv m*(m^{x*p} + m^{x*q} - m^{x})$$
 * where $$(e*(e^{-1}\bmod{p*q})-1)/(p*q)=x$$ and x and c are known.

This accords with the section directly below this post which says that all modular powers are the sum or subtraction of 3 other modular powers!

A definition of One mod p*q
By the Product To Sum theorum given above, it follows that one is:


 * $$g^{P - 1} + g^{Q - 1} - g^{P + Q - 2}\bmod{p*q}\equiv 1$$

It thus follows that all bases of powers, ie.,$$g^{1}\bmod{p*q}$$, can be defined as:


 * $$g^{P} + g^{Q} - g^{P + Q - 1}\bmod{p*q}\equiv g$$

and that all powers of $$g^{n}\bmod{p*q}$$ can be defined as:


 * $$g^{P-1+n} + g^{Q - 1+n} - g^{P + Q - 2+n}\bmod{p*q}\equiv g^{n}$$

Since $$g^{e}\bmod{p*q}$$ is an RSA operation, this has implications for RSA.

All Modular Powers are the sum or subtraction of three powers (of moduli RSA Semiprimes)
As in the preceding section:


 * $$2^{p-q} \bmod p*q \equiv \pm 2^{p-1} \pm 2^{-(q-1)} \pm 1 $$

or


 * $$2^{72}+2^{-10}-1 \bmod 73*11 \equiv 2^{73-11}$$

it follows that any power can be expressed via $$2^{p-q}2^{x}$$. Thus,


 * $$2^{p-q}2^{x} \bmod p*q \equiv \pm 2^{p-1+x} \pm 2^{-(q-1)+x} \pm 2^{0+x} $$

or
 * $$2^{72+20}+2^{-10+20}-2^{20} \bmod 73*11 \equiv 2^{62+20}$$

As such, since $$2^{90} \bmod 803 \equiv 1$$ and $$2^{41} \equiv 2^{31} + 2^{5} - 2^{-5} \bmod 803$$ then:


 * $$1 \bmod 803 \equiv 2^{80} + 2^{54} - 2^{44} \bmod 803$$


 * $$\sqrt{1} \bmod 803 \equiv 2^{35} + 2^{9} - 2^{-1} \bmod 803$$

This result seems to be like, for modular numbers, Legendre%27s_three-square_theorem.

With the Use of a Small Third Prime, X, you can find candidates of the equivalency of (p-1 mod (x-1)) and (q-1 mod (x-1)) when only p*q is known
Iterate all the possibilities of $$x_{1}$$ and $$x_{2}$$ through the equivalency:


 * $$x_{1} x_{2} + x_{1} + x_{2} \bmod (x-1) \equiv p q -1 \bmod (x-1)$$

The mathematica code for this follows:

Some code executions follow:

Some Notes: Approximately, half the square root of all the possibilities for the pairs of $$p-1 \bmod x-1$$ and $$q-1 \bmod (x-1)$$ are shown of $$p*q$$ where $$p$$ and $$q$$ are not known. Among this list of candidates for $$ p-1$$ and $$q-1$$, $$1/4$$ of these number of possibilities will be the candidates for $$p-q \bmod x-1$$.

Thus for $$x=37$$ there will be:


 * 6 possibilities for $$p-1 \bmod x-1$$ and $$q-1 \bmod x-1$$ when $$p-1 \bmod 6 = 4$$ and $$q-1 \bmod 6 = 0$$ or vice versa. Of these 6 possibilities there will be agreement on $$p+q \bmod 12$$ and either $$p-q \bmod 36$$ or $$q-p \bmod 36$$ will be definitely known.


 * 8 possibilities for $$p-1 \bmod x-1$$ and $$q-1 \bmod x-1$$ when $$p-1 \bmod 6 = 4$$ and $$q-1 \bmod 6 = 4$$ or when $$p-1 \bmod 6 = 0$$ and $$q-1 \bmod 6 = 0$$.

My question is: in the case of the 6 possibilities for the $$x=37$$ is definite knowledge of $$p$$ and $$q$$ known since $$p+q \bmod 12$$ is known and either $$p-q \bmod 36$$ or $$q-p \bmod 36$$ is known.

As it turns out, $$5077+857 \bmod 12$$ can be derived from $$p*q$$ via:


 * $$5077*857\bmod 4 = 1$$ or $$1*1$$ or $$3*3$$
 * $$5077*857\bmod 3 = 2$$ or $$1*2$$
 * by taking the Chinese Remainder of mods 4 and 3 (to get 12 as the result mod) you will get 6 for both possibilities.

So while this algorithm knows $$p+q \bmod 12$$ this is not new knowledge. That means that the claim that either $$p-q \bmod 36$$ or $$q-p \bmod 36$$ remains possible new knowledge.

By decomposing $$p-q\bmod 36$$, using the Chinese Remainder Theorum, into $$p-q\bmod 4$$ and $$p-q\bmod 9$$ it can be shown that $$p-q\bmod 3$$ or $$q-p\bmod 3$$ is derivable from examination of $$p*q\mod 3$$. As such, it appears any new knowledge from the algorithm above would be in the form of $$p-q\bmod 9$$ or $$q-p\bmod 9$$. Since $$p-q\bmod 3$$ is known therefore the new knowledge would either be $$(p-q\bmod 3)+0$$, $$(p-q\bmod 3)+3$$ or $$(p-q\bmod3)+6$$. If there is a way to derive $$p-q\bmod 9$$ and/or $$q-p\bmod 9$$ then the algorithm I show above would not have new knowledge in the case of $$x=37$$. But if this sum were not derivable from examination of $$p*q$$, then this algorithm would show new knowledge.

By solving the following problem in Mathematica:


 * Since $$5077*857 \bmod 9 = 2$$ and:



you get the following answers:

As can be seen all the $$a-b$$ and $$b-a$$ resolve to $$1$$ or $$-1$$. This is what we get from $$8 \bmod 36$$ or $$-8 \bmod 36$$, so, amazingly, there is  NO new knowledge in the case of $$x=37$$ that is not derivable from $$p*q$$.

There is still the reduced set of $$p$$'s and $$q$$'s.

A Third Modulus Transforms the Hard P*Q division problem into a B*E modular residue problem
A Third Modulus Transforms the Hard P*Q division problem into a B*E modular residue problem that is solvable when


 * 1) $$(p-q)/4 < \sqrt{q}$$
 * 2) the resulting $$B*E \bmod p-b*4$$ residue is a square (as a product, not necessarily as a residue).
 * 3) Combined Divisor Methods

Considering that all RSA semiprimes are $$3 \bmod 4$$ you can pick a modulus between $$P$$ and $$Q$$ (try the $$3 \bmod 4$$ number closest to $$\sqrt{p*q}$$). The resulting new modulus, $$x$$, is $$x=p-b*4=q+e*4$$. Given this new modulus, the following equation holds:


 * $$-P*Q*16^{-1} \bmod X \equiv B*E \bmod X$$ where $$X=P-B*4$$ and $$X=Q+E*4$$

and


 * $$(P*Q)^{2}*64^{-1} \bmod X^{2} \equiv B*E(-2*b*q-12*b*e+2*e*p) \bmod X^2$$ where $$X=P-B*4$$ and $$X=Q+E*4$$ and where $$(p*q-x^2)/4 == -b*q+e*p-4*b*e$$

When P And Q Are Close Enough Together
When P and Q are close together, $$(p-q)/4 < \sqrt{q}$$, then $$B*E \bmod X$$ is a product, not a residue. As such it can be factored and two of the divisors of this factorisation will either be $$B$$ and the other $$E$$. With $$B$$ known and $$P-B*4$$ known, it is easily possible to discover $$P$$.

Example:


 * Take $$P=5003$$ and $$Q=4831$$
 * $$(5003-4831)=172 < \sqrt{4831}$$ (around $$220$$).


 * Next take the first number that is 3 mod 4 before the square root of 5003*4831 (that's the modulus we are studying)


 * $$4903$$ is close enough.


 * Then we do the following simple equation (expressed in mathematica)


 * Mod[-4831 5003 PowerMod[16, -1, 4903], 4903]=450


 * $$450$$, in this case, is the product: $$18*25=450$$


 * As such the following equation is true:


 * $$4903=4831+4*18=5003-25*4$$
 * or
 * $$Q+4*e=P-B*4=4903$$


 * so $$E=18$$ and $$B=25$$


 * As such we can take


 * $$4903-18*4=4831$$
 * or
 * $$4903+25*4=5003$$

When B*E Is A Square
When $$B*E \bmod X$$ is a square (the product which the residue represents is a square, the residue doesn't need to be a square), $$P$$ and $$Q$$ are often discoverable as well.

Example:


 * $$Q=4003$$ $$P=221603$$
 * $$X=Q+120*120*4=P-200*200*4=61603$$
 * $$E=120*120$$
 * $$B=200*200$$


 * The Mathematica for this is:


 * Mod[-4003 221603 PowerMod[16, -1, 61603], 61603] = 11950 (in mathematica)


 * (notice the residue, 11950, is not a square but it represents a product that is a square)


 * Now take the modular square root (which we can do because 61603 is a prime):


 * $$\sqrt{11950} \bmod 61603 \equiv 24000$$


 * Now, simply, square this above number to get our B*E as a product, not a residue


 * $$24000*24000 = 57600000=120*120*200*200=b*e$$ (as a product, not a residue).

Pretty simple isn't it. So the mighty P*Q (of large prime numbers) does have some holes in it. Some P*Q combinations (no matter how big) are easily factorable. So start out with a modulus near the square root of P*Q, take the modular square root and see if the answer was a square. If it isn't, increment the modulus by 4 and try again. After approximately $$\sqrt{P-Q}$$ attempts you will have a product, $$B*E$$, that is a square and you will have your answer (if $$B*E \bmod X$$ does have a modular square root!).

I roughly estimate that when $$P$$ is approximately 2 times $$Q$$ that the numbers of modulus you need to try is $$(P*Q)^{1/4}$$. However, a word of caution: the modular square root operation is a relatively slow operation, and the factoring and seiving of the divisors is also relatively slow.

Combined Divisor Methods
According to once either $$p \bmod Y_{1}$$ and $$q \bmod Y_{2}$$ is known, one can pick a modulus, $$X$$, which is both $$X \bmod Y_{1} \equiv p \bmod Y_{1}$$ and $$X \bmod Y_{2} \equiv q \bmod Y_{2}$$. When this happens then $$p-X$$ will be a multiple of $$Y_{1}$$, and $$X-q$$ will also be a multiple of $$Y_{2}$$. As such it will be possible to divide by $$Y_{1}*Y_{2}$$ and reduce, or implode, the product. If $$Y_{1}*Y_{2}$$ is big enough, then the remainder of $$b_{1}*e_{1}$$ stops being a remainder and starts being a product. At this point you can factor $$b_{1}*e_{1}$$ and reconstitute


 * $$p=X+b_{1}*Y_{1}$$
 * $$q=X-e_{1}*Y_{2}$$

Note: This method of deriving $$p$$ or $$q$$ is equivalent to the traditional Chinese Remainder Methods where $$p \bmod Y_{1}$$ and $$p \bmod Y_{2}$$ are known and used to derive $$p \bmod Y_{1}*Y_{2}$$. This is because, knowing $$q \bmod Y_{2}$$ one can always derive $$p \bmod Y_{2}$$ via the equation:


 * $$(p_{x1}-1)(q_{x2}-1)+(p_{x1}-1)+(q_{x2}-1) \bmod Y \equiv P*Q-1$$

However, there are two cases where this method of imploding the product is superior to traditional Chinese Remainder methods.

Factors of X can't divide B*E, except P and Q
Besides $$p$$ and $$q$$ no factor of the modulus, $$X$$, can evenly divide $$b*e$$ in the following equation:


 * $$-p*q \bmod X \equiv b*e$$

As a factor of the modulus, $$X$$, is by definition $$0 \bmod X$$ and only $$p$$ and $$q$$ are $$0 \bmod p*q$$ where $$p$$ and $$q$$ are both primes.

People may legitimately ask whether it is possible for a factor of modulus $$X$$ to divide a sum under that modulus. This is true, but the theorum is still relevant because the factor of $$X$$ can't be a factor, not just that it can be a factor that can't be divided by.

Factors Of P*q-1 Are Candidates To Divide B*E
Since common factors of (p-1) and (q-1) are also present in the factorisation of p*q-1, factors of p*q-1 are candidates for divisors of B*E when $$X\equiv 1 \bmod Y$$ where $$Y$$ is a common factor of (p-1) and (q-1), and thus also a factor of p*q-1.

How To Find Common Factors Of P-Q or P+Q At Twice The Random Rate
As it works out


 * $$(p - m) (q - n) + (p + m) (q + n)==2*p*q+2*m*n$$

and


 * $$(p - m) (q + n) + (p + m) (q - n)==2*p*q-2*m*n$$

Most times, though you are interested in the case where $$m*n$$ is a square as in $$n*n$$. In this case


 * $$(p - n) (q - n) + (p + n) (q + n)==2*p*q+2*n^2$$

and


 * $$(p - n) (q + n) + (p + n) (q - n)==2*p*q-2*n^2$$

In the first equation when there is a common factor between $$(p-n)$$ and $$(q+n)$$ this common factor will appear in the whole sum: $$2*p*q+2*n^2$$. This common factor will also be a factor of $$p+q$$ since $$p-n+q+n==p+q$$.

Likewise when there is a common factor between $$(p+n)$$ and $$(q-n)$$ this common factor will also appear in $$2*p*q+2*n^2$$.

Since there are two possible common factors at play, then it is twice as common as random that a factor of $$(p+q)$$ will appear in an iteration of, say, $$2*p*q+2*n^2$$ where $$n=1$$ to $$30$$. In this way it is quite easy to come up with a small factor of $$(p+q)$$, although a big factor is still hard to obtain.

Likewise, taking the equation:


 * $$(p - n) (q + n) + (p + n) (q - n)==2*p*q-2*n^2$$

it is twice as likely that a factor of $$(p-q)$$ will appear in an iteration of the above equation (where n goes from 1 to 30, say). In this case common factors may appear in $$(p-n)$$ and $$(q-n)$$. The subtraction of these: $$(p-n)-(q-n)==(p-q)$$.

Both factors of $$(p+q)$$ and $$(p-q)$$ can be evenly divided from the sum $$-p*q \bmod X$$. Factors of $$(p+q)$$ can be divided once and factors of $$(p-q)$$ can be divided twice (by the square).

A Factor Of (p-q) and A Factor of (p+q) combined together is the following
If you take a factor of $$(p-q)$$, a factor of $$(p+q)$$, and divide them, you get the following:


 * when $$(89-29)=60=12*5$$ and $$(89+29)=118=2*59$$ then


 * $$59*5^{-1}\bmod{89*29}\equiv -2493*(12)*2^{-1}\bmod{89 *29}\equiv 528$$

Since:


 * $$((89-60)/12)^{-1}*(89+29)/2)\bmod{89*29}\equiv 5^{-1}*59$$

and


 * $$(89-60)^{-1}*(89+29)\bmod{89*29}\equiv 2493\equiv \sqrt{1}$$

and


 * $$2^{-1}*(12^{-1})^{-1}==2^{-1}*12$$ thus the switch between the denominator and the numerator of the other factors.

If you square this then you get:


 * $$12^{2}*2^{-2}\bmod{89*29}\equiv 36$$ which are the other factors of (p-q) and (p+q) besides 5 and 12.

As well:

$$\sqrt{1}\bmod{89*29}\equiv \pm (p-q)(p+q)^{-1} \equiv \pm (p+q)(p-q)^{-1}$$

Since the section above shows how to get a few possible small candidates of factors of (p-q) and factors of (p+q), we can get the fraction of the large factors of (p-q) and (p+q).

If we take [| RSA768], the largest RSA number factored so far, the factorization of (p-q) is:

{{3, 1}, {13, 1}, {2663267, 1}, {1220501291, 1}, {1841645951176282753,  1}, {13997633621862976969633164898062916727, 1}}

and the factorisation of (p+q) is:

{{863, 1}, {39685579, 1}, {57151500641,  1}, {35876917512866434717253057870281548347589681335861687, 1}}

If we can iterate the factors of (p+q) and the factors of (p-q) at twice the random rate then we can find 13 and 863, the least of the factors involved in the two sums, in around (1 million)/4 possibilities (and 500 factorizations of p*q+n^2 and 500 factorisations of p*q-n^2), which is possibly achievable using Mathematica or any other number of math packages.

Equivalent Square Considerations
Take a mathematica equation showing the iteration of $$p*q+n^2$$ below. Note that the factorisation of this sum is important.

Table[{x, GCD[(1013 - x), (331 + x)], GCD[(1013 + x), (331 - x)], FactorInteger[1013 331 + x^2]}, {x, 0, 30}] // Grid

0	1	1	{{331,1},{1013,1}} 1	4	6	{{2,3},{3,2},{4657,1}} 2	3	7	{{3,1},{7,2},{2281,1}} 3	2	8	{{2,4},{19,1},{1103,1}} 4	1	3	{{3,1},{111773,1}} 5	336	2	{{2,5},{3,1},{7,1},{499,1}} 6	1	1	{{41,1},{8179,1}} 7	2	12	{{2,3},{3,1},{89,1},{157,1}} 8	3	1	{{3,3},{12421,1}} 9	4	14	{{2,3},{7,1},{53,1},{113,1}} 10	1	3	{{3,2},{83,1},{449,1}} 11	6	64	{{2,6},{3,1},{1747,1}} 12	7	1	{{7,1},{173,1},{277,1}} 13	8	6	{{2,4},{3,1},{29,1},{241,1}} 14	3	1	{{3,1},{111833,1}} 15	2	4	{{2,3},{41941,1}} 16	1	21	{{3,1},{7,1},{19,1},{29,2}} 17	12	2	{{2,3},{3,2},{59,1},{79,1}} 18	1	1	{{37,1},{47,1},{193,1}} 19	14	24	{{2,4},{3,4},{7,1},{37,1}} 20	3	1	{{3,1},{317,1},{353,1}} 21	32	2	{{2,7},{43,1},{61,1}} 22	1	3	{{3,1},{19,1},{43,1},{137,1}} 23	6	28	{{2,3},{3,1},{7,1},{1999,1}} 24	1	1	25	4	6	{{2,3},{3,1},{13997,1}} 26	21	1	{{3,2},{7,1},{5333,1}} 27	2	16	{{2,5},{10501,1}} 28	1	3	{{3,2},{107,1},{349,1}} 29	24	2	{{2,4},{3,1},{47,1},{149,1}} 30	1	7	{{7,1},{48029,1}}

Note in the fifth iteration that there is a factor of seven. Seven also appears as a factor in the 12th iteration, or the (5+7) iteration.

If we were to multiply the 5th iteration with the 12th, we would have a case where the 7 factor was now a square. If we were then to take the (5+3) iteration (since there is a 3 factor in the fifth iteration) and multiply it with the 5th were would have a case where the resulting equation had a 3 as a square. Don't forget that $$n^2$$ is always a square. If we were to take some time and using this method construct a equation that was totally a square then we would have equivalent squares. Equivalent squares is usually enough to factor $$p$$ and $$q$$.

Example 1
Given:


 * 1) $$p=50021$$
 * 2) $$q=45007$$
 * 3) $$50021 \bmod 53 \equiv 42$$
 * 4) $$45007 \bmod 59 \equiv 49$$

Now make the modulus, $$X$$, via


 * $$46364 \bmod 53 \equiv 42$$ and $$46364 \bmod 59 \equiv 49$$

Taking the naiive equation:


 * $$-50021*45007 \bmod 46364 \equiv 3657*1357 \equiv 1601$$

Now take the augmented equation:


 * $$-50021*45007*(53*59)^{-1} \bmod 46364 \equiv 69*23 \equiv 1587$$\

Note that $$69*53=3657$$ and that $$23*59=1357$$

Thus, the product (not the remainder) has been successfully divided, or imploded, to a smaller product and that:


 * $$p = 46364+69*53$$
 * $$q = 46364-23*59$$

Example 2: When Y Is A Factor Of P-Q
This method of imploding the product is superior to Traditional Chinese Remainder Methods when the divisor, $$Y$$, is a divisor of $$p-q$$. In this situation then $$p \bmod Y \equiv q \bmod Y$$ and $$Y^{2}$$ can be used as the divisors. Thus, if $$Y \approx \sqrt{p-q}$$ then $$p$$ and $$q$$ can be determined from $$p*q$$

Given:


 * 1) $$p=50021$$
 * 2) $$q=45007$$
 * 3) $$46$$ is a divisor of $$50021-45007$$
 * 4) $$50021 \bmod 46 \equiv 19$$
 * 5) $$45007 \bmod 46 \equiv 19$$

Now make the modulus, $$X$$ where $$X \bmod 46 \equiv 19$$ then $$47445$$ will do.

Now note that the naiive equation is:


 * $$-50021*45007 \bmod 47445 \equiv 2576*2438\equiv 17548$$

and the augmented equation is:


 * $$-50021*45007*46^{-2} \bmod 47445 \equiv 56*53\equiv 2968$$

and that:


 * $$p=47445+56*46$$
 * $$q=47445-53*46$$

Note that you cannot determine $$p$$ and $$q$$ solely from knowledge of $$50021-45007 \bmod 46 \equiv 0$$ and $$50021 \bmod 46 \equiv 19$$ solely using the Chinese Remainder Theorum!

When X Is A Factor Of P-Q
Note that when the third modulus, X, is a factor of P-Q, then both B and E can be determined by a modula square root of $$-B*E\bmod{ X}$$.


 * $$5003-2003=3000=2^{ 3}* 3* 5^{ 3}$$

As such let's take $$125=5^{3}$$ to be the modulus, which is a factor of P-Q:


 * $$-5003*2003\bmod{125}\equiv 116$$

Note that


 * $$(5003-125)=4878=b$$
 * $$(125-2003)=-1878=e$$
 * $$4878*(-1878)\bmod{ 125}\equiv 116$$

Since $$b+e=p-q$$ and $$5003-2003\bmod{125}\equiv 0$$then $$4878+(-1878)\bmod{125}\equiv 0$$ then,


 * $$-4878\bmod{125}\equiv -1878$$

and so:


 * $$-116\bmod{125}\equiv 4878^{2} \equiv (-1878)^{2}$$

As such we can take the modular square root of the modulus, since it's prime factorisation is known, and:


 * $$\sqrt{-116}\bmod{125}\equiv 3$$

Thus, $$b\equiv 3$$and $$e \equiv (-3)\bmod{125}\equiv 122$$.

Thus, if a factor of $$P-Q$$ is known then $$B$$ and $$E$$ can be worked out. Note that it is possible to find at twice the random rate the factors of $$P-Q$$. This is worked out in the section Common Factors of P-Q at twice the random rate

When X Is A (Factor Of P-Q)^2
Let's take, from the above example, the case where $$125*125$$ is the modulus, $$X$$ for $$P=5003$$ and $$Q=2003$$.

Since $$125*125-5003*2003=(-4878+(-1878))*125+4878*(-1878)=-10005384$$, then $$b=4878$$ and $$e=-1878$$.

Since $$4878\bmod{125}\equiv 3$$ and $$-1878\bmod{125}\equiv -3$$ then the equation above can be rewritten for the modulus: $$125*125$$ as: $$(-3-3)*125+4878*(-1878)\bmod{125*125}\equiv 10241$$. So adding $$6*125+10241\bmod{125*125}\equiv 4878*(-1878)\equiv 10991\equiv b*e$$.

From $$b*e\bmod{125*125}\equiv 10991$$ we can construct $$b-e \bmod{125*125}$$ by the following manner:


 * $$b\bmod{125*125}\equiv 39*125+3$$
 * $$e\bmod{125*125}\equiv -15*125-3$$

Thus:


 * $$10991\bmod{125*125}\equiv (39*125+3)(-15*125-3)$$

So:


 * $$10991-(-3)(3)\bmod{ 125*125}\equiv (-3)*(39*125)+3*(-15*125)\equiv 11000$$

If we divide by the common term, 3, and minus by 6 (the addition of 3 and 3) then we get:

$$-(39*125)-3+(-15*125)-3\bmod{125*125}\equiv 8869 \equiv -4878+(-1878)\equiv -b+e$$

As such we can minus $$-10005384-8869*125\bmod{125^3}\equiv 604741\equiv 4878*(-1878)\bmod{125^3}\equiv b*e\bmod{125^3}$$

The Bad Stuff That Happens When There Are Common Factors Between (P-1) and (Q-1)
If there is a common factor between $$p-1$$ and $$q-1$$, then this will also be a factor of $$p*q-1$$, since


 * $$p*q-1 == (p-1)*(q-1)+(p-1)+(q-1)$$

Accordingly, any common factor of $$p-1$$ and $$q-1$$ will appear also in $$p*q-1$$. Many factors of $$p*q-1$$ will not be factors of $$p-1$$ and $$q-1$$ but all common factors will be.

As well any common factor of $$p-1$$ and $$q-1$$ will also be a factor of $$p-q$$! As such, the square of any such factor can be divided as per the example just above this section.

Furthermore, the square of a common factor, shown just above, is a factor of the totient of $$p*q$$, and it is possible to find out the decryption key of an RSA triple (Encypt key, Decrypt key, Modulus) mod the square of the common factor:

Example 1
Given:


 * $$P=39343$$ $$P-1=2*3*79*83$$
 * $$Q=8467$$ $$Q-1=2*3*17*83$$
 * $$P*Q=39343*8467$$ $$P*Q-1=2^{2}*3^{2}*5*11*83*2027$$

As you can see above, $$83$$ is the common factor. Common factors will always appear in the factorisation of $$p*q-1$$ but not every factor of this sum will be a common factor. McKee and Pinch also note that the common factor of p-1 and q-1 can be found in the factorisation of p*q-1

The Implications For RSA
This common factor will have implications for RSA.

Given:


 * $$e=23$$
 * $$n=8467*39343$$
 * $$8466=102*83$$
 * $$39342=474*83$$
 * $$d \bmod (83*83) \equiv 23^{-1} \bmod (83*83) \equiv 6290$$
 * $$totient=8466*39342=48348*(83*83)$$
 * $$d=318588095 \bmod 39342*8466$$
 * $$318588095 \bmod (83*83) \equiv 6290$$
 * $$46245*83*83+6290==318588095$$
 * $$8467*39343+1 \bmod (83*83) \equiv 8467+39343 \bmod (83*83) \equiv 6476$$

So some information about the private key is leaked, specifically $$d \bmod CommonFactor^2$$. As well, a factor of $$p-q$$ is revealed so my product implosion scheme is invoked.

So it is never a good idea to have a common factor between $$p-1$$ and $$q-1$$ except perhaps 2 or 3. I have looked at current RSA key generation methods and none of them explicitly mention that common factors between $$p-1$$ and $$q-1$$ should be avoided. I think that the RSA key generation protocols should include this prohibition! KoblitZ also enjoins against large GCD(p-1,q-1) in his public key cryptography book  The original RSA paper also made note of this

Looking At The Openssl RSA Key Generation Code For Common Factors
I have checked through the key generation code of the openssl ssl code. I hacked it to report the greatest common divisor of p-1 and q-1. I then ran 100 key generations. It only had greatest common divisors of 2, 4, 8, and 16. There were no other primes reported besides small powers of 2.

Viktor Dukhovni, from the openssl-dev@openssl.org newsgroup, reports, after looking at the rsa key generation code of openssl, that p-1 and q-1 are both checked for the first 2048 factors (up to 17863). As such they are not possible as factors of either p-1 or q-1. However, common factors higher than 17863 are possible as factors of both p-1 and q-1, however it takes 20,000 key generations (not in safe mode) before such an event happens. He managed to get a common factor of gcd(p-1,q-1) = 2 * 28559 from the following 1024 bit rsa generated key (factorisation of p*q-1 is shown):


 * n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 *

5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628 67234233761906471233193768567784328338581360170038166729050302672416075037390699071355182394190448204086007354388034161296410061846686501 4941425056336718955019


 * Any rsa key generation in SAFE mode will always have a gcd(p-1,q-1)=2, so SAFE mode always avoids common factors. The conclusion is that openssl code can have common factors (must be above 17863) in its rsa keys every 20,000 key generations or so when not generated in SAFE mode, and that at this time approximately 30 bits of the totient will be revealed out of the 1024 bits of the full totient.  There is, of course, no way of knowing which of the 20,000 key generations will have the common factors, but since OpenSource SSL generates at least 20,000 rsa keys each week, it can be surmised, from the test above, that 30 bits of the rsa totient are leaked every week somewhere around the world.

Splitting the message into two products of the cipher
Let's say that the message is $$37$$ and that the cipher is $$37^{23} \bmod{ 8467* 39343} \equiv 148815052$$, because $$6290 \bmod{83*83}\equiv d$$ and that $$d \equiv 46245*(83*83) + 6290$$ then the message, $$37$$ can be split into two powers based on the cipher such as:


 * $$148815052^{6290}* 148815052^{46245*83*83}\bmod{ 8467* 39343} \equiv 37$$

Therefore:


 * $$148815052*148815052^{-6290}\bmod{ 8467* 39343}\equiv 37^{22}*148815052^{46245*83*83}\equiv 146993011$$

or


 * $$148815052*148815052^{-13* 6290}\bmod{ 8467* 39343}\equiv 37^{10}*148815052^{13*46245*83*83}\equiv 285574110$$

or


 * $$148815052*148815052^{-23* 6290}\bmod{ 8467* 39343}\equiv 148815052^{23*46245*83*83}\equiv 253503289$$

Now:


 * $$148815052*148815052^{-22* 6290}\bmod{ 8467* 39343}\equiv 37*148815052^{22*46245*83*83}\equiv

82921582$$ and $$22*46245*83*83*23+1 \bmod{23}\equiv 1$$ note- not a power multiple of 23!.

Isolating the Message itself, with another term
253503289===148815052^(23(totient-6290)) see above

Solve[253503289 2^23 + x 3^23 == 0, {x}, Modulus -> 8467 39343]

See Australian Innovation Patent 2018100919 for explanation of this following equation

Mod[253503289 2^22 PowerMod[201204739 3^22, -1, 8467 39343], 8467 39343]=166558589

see equations above

Mod[148815052^6290 166558589, 8467 39343]= 67952848

Notice the message with the 23rd root of another number has been found

Mod[37 PowerMod[201204739, -1/23, 8467 39343], 8467 39343]= 67952848

Since $$2^{2}$$ is always a multiple of the totient, we can apply 4 to the equations always instead of 83 as we have in the above example:


 * $$23^{ -1}\bmod{ 4}\equiv 3$$


 * $$148815052*148815052^{-(22* 3)}\bmod{8467* 39343}\equiv 331864148$$


 * $$37*148815052^{ 22* 4 *79647023}\bmod{ 8467* 39343}\equiv 331864148$$

Thus, it is always possible to get the secret message to a power that is not a multiple of the public key!

Including the math in User:Endo999, we can see that we have the $$c^{e*x}\bmod{p*q}$$ and the $$m*c^{(e-1)*x}\bmod{p*q}$$ which allow us to apply in part the math from "A Close Call On RSA":

get cipher1

Mod[37^23, 8467 39343]= 148815052

Mod[ 148815052 PowerMod[148815052, -22 3, 8467 39343], 8467 39343]= 331864148

Mod[37 PowerMod[37, 23 22 4 79647023, 8467 39343], 8467 39343]= 331864148

get cipher2

Mod[41^23, 8467 39343]= 330768180 Mod[330768180 PowerMod[330768180, -22 3, 8467 39343], 8467 39343]= 98398282 Mod[41 PowerMod[41, 23 22 4 79647023, 8467 39343], 8467 39343]= 98398282

solve x power1^e + y power2^e===0

Solve[ x PowerMod[37, 23 23 4 79647023, 8467 39343] + y PowerMod[41, 23 23 4 79647023, 8467 39343] == 0, {x, y}, Modulus -> 8467 39343]=

Mod[-PowerMod[37, 23 23 4 79647023, 8467 39343] PowerMod[ 41, -23 23 4 79647023, 8467 39343], 8467 39343]=136895256

apply x power1^(e-1) (y power2^(e-1))^(-1) to get (x/y)^(1/e)

Mod[ 2^23 331864148 PowerMod[136895256 2^23 98398282, -1, 8467 39343], 8467 39343]= 186681852

get m1/(m2 136895256^(1/e))

Mod[ 37 PowerMod[41 PowerMod[136895256, 1/23, 8467 39343], -1, 8467 39343], 8467 39343]= 186681852

this number is also

Mod[-PowerMod[37, 23 3, 8467 39343] PowerMod[41 , -23 3, 8467 39343], 8467 39343]=186681852

This is a transformative equation since it makes knowing the division of two secret messages to be the taking the eth root of another number, whose cipher is calculable

The RSA cipher can now be attacked by a Discrete Logarithm Algorithm
Now that we have


 * $$148815052^{23*46245*83*83}\equiv 253503289$$

and we know the cipher, or $$148815052$$ we can use Pollard's Kangaroo Discrete Logarithm Algorithm to solve the log (which is a factor of $$23*83*83$$). As such we can take the base for the discrete logarithm algorithm to be $$148815052^{23*83*83} \bmod{39343*8467}\equiv 134420949$$ and that $$134420949^{46245}\equiv 253503289$$ (with us knowing $$134420949$$ and $$253503289$$), we can solve for $$46245$$ in $$\sqrt{46245}$$. If the common factor is high enough we can actually do this, however, most of the time the term will still be too high. However, the RSA cipher is transformed since $$46245*83*83+6290==d$$, so the decryption key can be determined using this method.

2 is always a Common Factor of (p-1) and (q-1) so Pollard's Algorithm Can Always Be Applied to Any RSA Cipher
Since $$e*d \bmod{2} \equiv 1$$ and e is odd, then d must be odd and the same equations can be applied to any RSA cipher as in the section above. Seeing that $$e=23$$ and $$d\bmod{2}\equiv 1$$, then


 * $$148815052*148815052^{-23*1} \bmod{39343*8467} \equiv 152505560$$

and


 * $$148815052^{(318588095-1)*23}\bmod{ 39343 *8467} \equiv 152505560$$ where $$318588095==d$$

Therefore, since $$148815052^{23}\equiv 158806108$$,


 * $$158806108^{(318588095-1)}\bmod{ 39343 *8467} \equiv 152505560$$ where $$318588095==d$$

(Note that $$158806108$$ and $$152505560$$ are known).

Thus, you can apply Pollard's Kangaroo Algorithm to any RSA Cipher to get $$d$$.

General Equation Applied
Take $$c*c^{-e}\bmod{p*q}\equiv f$$ then $$(c^{e})^{(d-1)} \bmod{p*q}\equiv f$$ is true. Since $$c^{e}$$ and $$f$$ are known then $$d-1$$ can be found using Pollard's Kangaroo Discrete Logarithm Algorithm.

Since $$c^{e} \bmod{p*q}\equiv m^{e*e}$$ then $$c^{e}$$ is in the same power ring as $$m$$ and the power ring length for both sums will be the same. In fact the power ring length for 37 ($$m$$), 148815052 ($$m^{23}$$) and 158806108 ($$m^{23*23}$$) is the same: 668814. Since $$318588094 \bmod{668814}\equiv 232630$$, then the actual logarithm to be found by the Kangaroo algorithm will be $$232630$$. However, $$(37^{23})^{232630+1}\bmod{39343*8467}\equiv 37$$, so finding $$(d-1)$$ for $$m^{e*e}$$ is also finding the $$(d-1)$$ for $$m^{e}$$.

Seeing that the power ring length of the message, in this example, is $$668,814$$ and the modulus is $$333,117,181$$, one can see that often in practice the power ring length is 2/3 in bit length of the modulus, and that the Kangaroo algorithm will only take 1/3 the bit length of the modulus to find an appropriate power (in our example, $$232630$$). Thus, properly calibrated, the Kangaroo algorithm will often be a $$\Omega (1/3)$$ algorithm, and not $$\Omega (1/2)$$ as you would naively think.

Every Base Can Be Used In This Equation
It's always possible to get an equation like that above with any base. Take $$2$$ for instance.


 * $$2^{e}*2^{-e*e} \bmod{p*q} \equiv (2^{e*e})^{(d-1)}$$

The math in this section is totally theroretical since you can always use Pollard's RHO method to factor P*Q in $$N^{1/4}$$ time.

The Dedekind Psi Function of (p-2)(q-2) is sometimes the Totient of p*q
If p-2 is a prime, and q-2 is a prime and both p and q are primes (twin prime) then the Dedekind_psi_function($$\psi$$) is the totient of p*q. For instance, the Dedekind PSI function of the primes 107*137 would be (107+1)(137+1)=(109-1)(139-1) so this number would be the totient function of 109*139, a semiprime.

Since common factors of p-1 and q-1 will be factors of p*q-1, then these common factors will be factors of (p-2+1) and (q-2+1) in the case of common factors of the RSA semiprime totient(p-1)*(q-1) a factor of the Dedekind PSI function of (p-2)*(q-2) can become known.

Interestingly, Dickson in his vol 3 of "History Of The Theory Of Numbers" doesn't seem to remark on Dedekind's PSI function, which deals with modular forms. The Third volume of Dickson's work is devoted to Modular forms.

Dickson does refer to the Dedekind PSI function at Vol 1, p123 where he states:

R. Dedekind proved that, if n is decomposed in every way into a product ab and if e is the g.c.d. of a,b then
 * $$\sum_{a} (a/e) \Phi {e}  = n \prod_{p|n}\left(1+\frac{1}{p}\right)$$

where a ranges over all divisors of n and p over the prime divisors of n. note that $$\Phi$$ is the totient function.

For the purposes of semiprimes then the addition of the factors, 1, n, p, q will equal the multiplicative PSI function (p+1)(q+1). Thus, this equation of Dedekind's unwinds the multiplication of the right side (with the prime factors) and equates this with the addition of the divisors on the left side of the equation. A change in operation from multiplication to addition is thus seen.

For RSA Semiprimes, Common Factors of p+1 and q+1 can be found by factoring p*q+1
For RSA semiprimes, a square factor of the Dedekind PSI function of P*Q can be found by factoring p*q+1.

This will reveal common factors of p+1 and q+1, if there are any besides two.

The square of these common factors is then a factor of the Dedekind PSI value of P*Q

When Primes Are Twin, Common Factors of Related Primes Can Be Found
The common factors of p-3 and q-3 can be found by factoring p*q-9.

See User:Endo999 here for a more complete explanation of common factors in p-1 and q-1 in rsa.

With knowledge of a common factor for both p-3 and q-3 then 0 mod (commonfactorofp-3)*(commonfactorofq-1) can be found.

which will be a factor of p*q-p-3q+3. Running -p*q mod n|(p*q-p-3q+3) will establish p+3q-3 mod n|(p*q-p-3q+3). By knowledge that p (and also q)mod commonfactorofp-3 === 3 and p(and also q) mod commonfactorofq-1 === 1 then it will be possible to establish p+q mod n|(p*q-p-3q+3). Indeed, if we ever knew when a p-x and q-x had common factors, then this could be used, via the Chinese Remainder Theorum to establish p+q mod alargenumber. However, we don't know when the common factor arises, we just know candidates for it, if it is there.

This could work for cousin prime as well (when p, q, p-4, and q-4 are all primes). In fact the math shown just above could work for any combination of primes (p, q, p-x,q-x) when p-1 and q-1 have common factors and p-x and q-x have common factors.

A Close Call ON RSA
According to if:


 * $$1010* 2^{23} + 1652* 3^{23}\bmod{ 89 *29}\equiv 0$$

then


 * $$1010* 2^{22} (1652* 3^{22})^{-1}\bmod{89*29}\equiv 1289$$

which is both


 * $$1010^{1/23}*1652^{-1/23}\bmod{89*29}\equiv 1289$$

as well as being


 * $$-3*2^{-1}\bmod{89*29}\equiv 1289$$

It is remarkable that such a humdrum equivalence as $$-3*2^{-1}\bmod{89*29}$$ could also have such a remarkable equivalence as $$1010^{1/23}*1652^{-1/23}\bmod{89*29}$$.

Thus if I could take token $$1010$$ from Joe, and convince Joe that I am signing the 1010 divided by 1652 (which I have obtained from the equation above), then I could convince Joe that I have RSA signed with Jack's secret key, even though I am Brad, and I only know Jack's modulus.


 * $$1010^{1/e}*1652^{-1/e}\bmod{p*q}\equiv 1010^{d}*1652^{-d}$$

even though $$1289\bmod{89*29}\equiv -3*2^{-1}$$

Again according to if


 * $$2441* 2^{23} + 3^{23}\bmod{ 89* 29}\equiv 0$$

then RSA is broken for the token 2441, since:


 * $$2441* 2^{22}*3^{-22}\bmod{89*29}\equiv 1289$$

and


 * $$1289^{23}\bmod{89*29}\equiv 2441$$

It is hard to set this equation though.

Thus it is very important that when the RSA user presents a number for his opponent to sign that that opponent DOES NOT add a divisor of his own to this number. This can fool the unwary.

Now you could achieve the same spoof by 1) select a residue randomly:A, 2) increase this residue to the 23rd power:B, 3) take the number given by the other party (C) (the number to be signed) and find the other number that transforms this to B: D, 4) then say you are signing C divided by D by providing A.

Although this is quite similar to the process I have described above, in my process, I derive both B and C before I derive A, that is the root is determined AFTER the powers, not BEFORE.

Example 3: When A Multiplier Makes P Look Like Q To The Modulus X
This method of imploding the product is superior to Traditional Chinese Remainder Methods when a multiplier, $$m$$, is used to make $$p$$ look like $$q$$ to the modulus $$X$$.

According to, the multiplier is defined as:


 * $$(p \bmod Y)^{-1}*(q \bmod Y) \bmod Y$$

When this is multiplied to $$p*q$$ then the remainder can safely be divided by $$Y^{2}$$.

Given:


 * 1) $$p=5003$$
 * 2) $$q=2003$$
 * 3) $$Y=151$$.
 * 4) $$5003 \bmod 151 \equiv 20$$
 * 5) $$2003 \bmod 151 \equiv 40$$

Now make the Multiplier:


 * $$20^{-1}*40 \bmod 151 \equiv 2$$ (This is the lowest possible multiplier).

Now make the modulus, $$X$$ where $$X \bmod 151 \equiv 40$$ then $$3966$$ will do.

Now note that the naiive equation is:


 * $$-5003*2003 \bmod 3966 \equiv 1037*1963 \equiv 1073$$

and the augmented equation is:


 * $$-50021*45007*2*151^{-2} \bmod 3966 \equiv 40*13\equiv 520$$

and that:


 * $$b_{1}=(5003*2-3966)/151=40$$
 * $$e_{1}=(3966-2003)/151=13$$

and that $$40*13=520$$

and that


 * $$(40*151+3966)/2 == 5003 == p$$
 * $$(3966-13*151)==2003 == q$$

Note that when the multiplier is very low then this method is superior to traditional Chinese Remainder Theorums.

When P Is Approximately 5 Times Q
When $$p$$ is approximately $$5$$ times (or any power of 5) greater than $$q$$, then it is possible to factor a number (by guessing one number within the square root of q from q). Example:


 * $$p=10559$$
 * $$q=2063$$
 * $$thirdmodulus=2103$$
 * note that $$10559-5*2103=4*11$$
 * note that $$2103-2063=4*10$$


 * $$-10559*2063*16^{-1} \bmod 2103 \equiv 110 \equiv 10*11$$


 * $$10559==2103*5+11*4$$
 * $$2063==2103-10*4$$

This works because in RSA semiprimes (Internet HTTPS RSA keys) are always $$3 \bmod 4$$ and $$3*5 \bmod 4 \equiv 3$$.

When P Is Less Than 3 Times P-4*B
In the above discussion a multiple of 5 was used for the modulus, and this affected the $$B$$ coefficient. If the modulus is redefined from $$p-4*b==q+4*e$$ to $$p-2*b==q+2*e$$, then a multiple of 3 can be used for the modulus. Example:


 * $$-5003*2003*16^{-1} \bmod 3167 \equiv 555 \equiv 459*291$$


 * $$5003*2003*4^{-1} \bmod 3167 \equiv 947 \equiv 2249*(2*291)$$

Thus, we can divide by 2 again to get another multiple of the $$e$$ term, which is $$291$$ in the above equation.


 * $$5003*2003*8^{-1} \bmod 3167 \equiv 2057 \equiv 2249*291$$

In the above case, $$2249==(3*3167-5003)/2$$ since $$3*3167>5003$$ or $$3*Modulus > p$$.

So it is possible to come up with different multiples of $$e$$, and then perform arithmetic operations on them. In this case above,


 * $$5*459*291-2249*291 \bmod 3167 \equiv 46*291$$

Note that the actual product has declined to a tenth by this operation. For small numbers it is possible to actually change the $$B*E \bmod X$$ to an actual product, which can be factored, leading to $$b$$ and $$e$$ discovery.

An Analysis Of X*Y-P*Q
If we take a slight deviation from our normal equation of $$X^{2}-P*Q$$ and say the following:


 * $$p=5003 \equiv 5 \bmod{17}$$
 * $$q=2003 \equiv 14 \bmod{17}$$
 * $$Y=17$$
 * $$X=3400 \equiv 0 \bmod{17}$$
 * $$X_{1}\equiv 3405 \equiv 5\bmod{17}$$
 * $$X_{2}\equiv 3414 \equiv 14\bmod{17}$$
 * $$X_{3} =3405+3414$$

and create an equation like this:


 * $$X_{1}*X_{2} - P*Q$$
 * $$3405*3414-5003*2003=1603661$$
 * $$5003-3405=1598=94*17$$
 * $$3414-2003=1411=83*17$$

then the following equations hold:


 * $$1603661 \bmod{3405+3414} \equiv 3405*(1598+1411)+1411*1598=12500423 = 1598 (3405 + 3414) + 1603661$$
 * $$1603661 \bmod{3405+3414} \equiv -3414*(1598+1411)+1411*1598=-8017948=-1411(3405+3414)+1603661$$
 * $$2*1603661 \bmod{3405+3414} \equiv -9(1598+1411)+2*1411*1598=(1598-1411)*(3405+3414)+2*1603661$$ where $$14-5=9$$

Most of the other equations feature $$3405(-1598+1411)$$ not $$3405(1598+1411)$$ as we have above. Plus if we minus 9*3405, where we know 9, we get:


 * $$1603661-9*3405 \bmod{3405+3414} \equiv 3405*(5003-2003)+1411*1598$$
 * $$1603661+9*3414 \bmod{3405+3414} \equiv -3414*(5003-2003)+1411*1598$$
 * $$2*1603661+9*9 \bmod{3405+3414} \equiv -9(5003-2003)+2*1411*1598$$ where $$14-5=9$$

This new behavior, where we get $$P-Q$$ in one of the terms of the equation, is a totally new feature of the equations we have been establishing. Mostly, we get $$P+Q$$ when we have equations of the term: $$X^{2}-P*Q$$

We get $$p+q$$ in the following equations:


 * $$1603661 \bmod{3405+3414}\equiv -(5003 + 2003)*3414 + 1411*1589$$
 * $$1603661 \bmod{3405+3414} \equiv -(5003 + 2003)*3405 + 1402*1598$$

These above residues can actually be shown as full sums. For instance:


 * $$(3405^{2} - 5003*2003) + 9*3405 - 3405*(3405 + 3414)=-(5003+2003)*3405+1402*1598=-21615034$$

so


 * $$3405*3414-5003*2003=1603661$$

can produce equations featuring both $$p+q$$ and $$p-q$$

Extending The Modulus
Extending the modulus to $$3405*(3405+3414)+3414$$ gives us an unusual property that is explained below:


 * $$3405*(3414^2 - 5003*2003 + 3405^2 - 5003*2003)\bmod{3405*(3405+3414)+3414}\equiv 6815985$$

or
 * $$ -(1598 - 1411)*3405(3405+3414) + 3405*(1402*1598 + 1411*1589 + 81)\bmod{3405*(3405+3414) + 3414}$$

which can be turned into (by reversing the sign).
 * $$ (1598 - 1411)*3414 + 3405*(1402*1598 + 1411*1589 + 81)\bmod{3405*(3405+3414) + 3414}$$

Thus, the multiplier in the sum for one of the terms is sharply reduced, from $$3405(3405+3414)$$ to $$3414$$.

The best I have been able to do with this sum above is to turn it into


 * $$ 3405*1402*1598 + 3406*1411*1589 + 3405*81\bmod{3405*(3405+3414) + 3414}$$

If we could indeed create both terms to the exact same coeficient then we could reduce the term to


 * $$ 1402*1598 + 1411*1589 \bmod{3405*(3405+3414) + 3414}$$

which is not a residue but an actual sum. Alas, I have not been able to do this.

Pollard's Kangaroo Algorithm can solve for B*E in square root of (4B-4E) time
You can get $$b-e$$ and thus solve $$(e-b)x + 4*b*e == (x^2 - p*q)/4$$ to retreive $$b*e$$ by


 * solving for $$g^{4*e-4*b} \bmod p*q \equiv g^{2*x-p*q-1} \bmod p*q$$, which can be done in $$\sqrt{4*e-4*b}$$ time according to Pollard%27s_kangaroo_algorithm where $$x=p-b*4=q+e*4$$.

Once you know $$b-e$$ you don't actually have to factor $$b*e$$, which saves much time. You can create two numbers, $$a$$ and $$b$$, separate them by $$b-e$$and then increment them until they either match or exceed $$b*e$$.

Generalising to g^(Z*e-Z*b)
In the case where $$\alpha$$ is a factor of $$p-q$$ (see earlier section for this algorithm), then
 * $$g^{\alpha *e- \alpha *b} \bmod p*q \equiv g^{2*x-p*q-1} \bmod p*q$$

Pollard's excellent Kangaroo algorithm can be adapted to leap in $$\alpha$$ bounds instead of $$1$$ bounds, as it normally does.

The time to compute will be $$\Omega(\sqrt{e-b})$$ dividing the total time to do by $$\alpha$$ instead of  $$\Omega(\alpha *\sqrt{e-b})$$ as when the bound for the Kangaroo algorithm is 1. When the earlier $$p-q$$ product implosion algorithm still doesn't create a product out of the remainder, then this algorithm can still be used as it can process the quotient part of the product in $$\sqrt{quotient}$$.

For instance, for a 1000 bit modulus, $$\alpha*(e-b)$$ will be a 500 bit number. If $$\alpha$$ is a 125 bit number then the answer can be found in $$\sqrt{375}$$ bit operations. This is approximately $$2^{190}$$ operations. To find a $$p \bmod Y$$ that is 125 bits in length will entail approximately $$2^{125}$$ operations. To iterate this to $$P$$, using Traditional Chinese Remainder methods, will take around $$2^{375}$$ operations for a combined total of $$2^{500}$$ operations.

However, to take the $$p \bmod Y$$ that is 125 bits and then apply the extended Pollard algorithm to the equation above will entail $$2^{125+190}$$ operations, that is approximately $$2^{315}$$.

It looks like the earlier naiive version of the algorithm (when $$\alpha=4$$) is the best since it will take $$2^{250}$$ operations. But anytime you have a $$p \bmod Y$$ on hand the new method will be faster.

When the Third Modulus is higher than P: ie., when x = p+b*4
When the third modulus is $$x= p+b*4$$ no $$e$$ is required. The equation is:


 * $$-P*Q*16^{-1} \bmod (P+B*4) \equiv B*(P-Q)/4 + B^{2}$$ where $$x>p$$

This also works when the modulus is $$X < Q$$. The equation is:


 * $$P*Q*16^{-1} \bmod (Q-E*4) \equiv E*(P-Q)/4 + E^{2}$$


 * where $$P > Q$$.

A Definition of Residues 1 off each other
One way to define numbers one off each other is via:


 * $$36*14^{-1} \bmod 73*11 \equiv 404$$
 * $$(36-14)*14^{-1} \bmod 73*11 \equiv 403$$
 * $$(36-2*14)*14^{-1} \bmod 73*11 \equiv 402$$

Thus, the general equation is:


 * $$\alpha \beta^{-1} \bmod p*q \equiv \gamma$$
 * $$(\alpha - \delta * \beta)*\beta^{-1} \bmod p*q \equiv \gamma - \delta $$

The Curious Case Of The Square Root of -1 mod p*q
Sometimes, there is, indeed, a $$\sqrt{-1} \bmod p*q$$, a type of modular imaginary number. It only seems to appear for semiprimes that are both $$1 \bmod 4$$. The following treatment of this number is similar to Euler's factorisation method: [].

If there are two of these modular imaginary numbers, as there often are, then both have an intimate relationship with $$\sqrt{1} \bmod p*q$$. The following group of equations summarises this:


 * $$\sqrt{-1}_{1} * \sqrt{-1}_{2} \bmod p*q \equiv \sqrt{1} \bmod p*q$$
 * $$\sqrt{-1}_{1} * \sqrt{1} \bmod p*q \equiv \sqrt{-1}_{2}$$
 * $$\sqrt{-1}_{1} + \sqrt{-1}_{2}$$ is a multiple of one of the factors $$p$$ or $$q$$
 * $$\sqrt{-1}_{1} - \sqrt{-1}_{2}$$ is a multiple of the other factor, either $$p$$ or $$q$$

The inverse of the I number is its negative number


 * $$\sqrt{-1}^{-1} \bmod p*q \equiv -\sqrt{-1}$$

For $$P*Q=13*73=949$$ and $$\sqrt{-1}_{1} \bmod 949 \equiv 538$$ and $$\sqrt{-1}_{2} \bmod 949 \equiv 684$$ and $$\sqrt{1} \bmod 949 \equiv 220$$, then:


 * $$538*220 \bmod 949 \equiv 684$$
 * $$684*220 \bmod 949 \equiv 538$$
 * $$684*538 \bmod 949 \equiv 220$$
 * $$538+684 = 94*13$$
 * $$684-538 = 2*73$$

As well, there is a intimate relationship between $$1^{1/4} \bmod p*q$$, and $$\sqrt{1} \bmod p*q \bmod p$$ and $$\sqrt{-1} \bmod p*q \bmod q$$. The Chinese Remainder of these last two residues will either be $$1^{1/4}\bmod p*q$$ or $$1^{3/4} \bmod p*q$$. Thus


 * $$ChineseRemainder[\sqrt{1} \bmod p*q \bmod p, \sqrt{-1} \bmod p*q \bmod q] \equiv 1^{1/4} | 1^{3/4} \bmod p*q$$

The other combination will reveal another quad root of 1. Thus if the equation above revealed $$ 1^{1/4} \bmod p*q$$, then


 * $$ChineseRemainder[\sqrt{1} \bmod p*q \bmod q, \sqrt{-1} \bmod p*q \bmod p] \equiv 1^{3/4} \bmod p*q$$

This is, in effect, a definition of two of the square roots of $$\sqrt{1} \bmod p*q$$, and tends to indicate that there are no quad roots of 1 for 3 mod 4 semiprimes. This conjecture is shown to be probably true in Mathematica test code. (There are quad roots when 1 semiprime is 1 mod 4 and the other is 3 mod 4).

The Complex Square Root Function Does Have An Analogue In Modular Arithmetic
I was able to get the complex square root function to work, in modular arithmetic. This work is only done on 1 mod 4 semiprimes. Please consult this link Complex_number,  for the formula. My work is as follows:

Take $$\sqrt{227}\bmod{101*73}\equiv 2126$$. Construct a simple complex form: $$227 \bmod{101*73}\equiv 4580 + 1*3020$$ where $$3020\bmod{101*73}\equiv \sqrt{-1}_{1}$$ and $$192\bmod{101*73}\equiv \sqrt{-1}_{2}$$.

Construct (according to the complex square root formula):


 * $$\sqrt{4580^{2}+1^{2}}\bmod{101*73}\equiv 1988$$
 * $$\sqrt{(4580 + 1988)*2^{-1}}\bmod{101*73}\equiv 2090$$
 * $$\sqrt{(-4580 + 1988)*2^{-1}}\bmod{101*73}\equiv 461$$

Now we have the intermediate terms of the complex moduluar number. Instead of $$\sqrt{-1}\bmod{101*73}\equiv 3020$$ use the other $$\sqrt{-1}\bmod{101*73}\equiv 192$$:


 * $$2090 + 461*192\bmod{ 101* 73}\equiv 2126$$

Thus, the complex square root equation does have an analogue in modular arithmetic, but we need to know one of the square roots of -1 mod p*q and we need to take three modular square roots in order to derive the sum.

In an example that will show that sometimes you can use the same $$\sqrt{-1}_{i}\bmod{p*q}$$, we will show the case where the root is of the type: $$X + X*\sqrt{-1}\bmod{p*q}$$

Take the form of $$227=0+149*3020$$. This simplifies the three square roots that are to be taken considerably. As we only need to take one square root:


 * $$\sqrt{0^{2}+149^{2}}\bmod{101*73}\equiv 149$$
 * $$\sqrt{(0 + 149)*2^{-1}}\bmod{101*73}\equiv 1942$$
 * $$\sqrt{(-0 + 149)*2^{-1}}\bmod{101*73}\equiv 1942$$

Now that we have the intermediate term of $$1942$$ then the root can be made as:


 * $$-(1942 + 1942*3020)\bmod{ 101* 73}\equiv 2126$$

We don't even need to take a modular square root if we construct the square as:


 * $$2*NATURALSQUARE*\sqrt{-1}_{1} \bmod{p*q}$$

In this case the square root is:


 * $$ROOTOFNATURALSQUARE + ROOTOFNATURALSQUARE*\sqrt{-1}$$

or the square is:


 * $$2*81*3020\bmod{101*73}\equiv 2622$$

and the root is:


 * $$9+9*3020\bmod{101*73}\equiv 5070$$ where $$5070^2\bmod{101*73}\equiv 2622$$

This all works because $$(1+\sqrt{-1}_{1})^2 \bmod{p*q}\equiv 2*\sqrt{-1}_{1}$$

Pythagorean Triples Can Provide The Parameters To Populate The Complex Square Root formula
According to, Pythagorean Triples can populate the Complex Square Root formula in modular arithmetic without taking a modular square root for the intermediate values. The intermediate values all derive to natural squares.

Quoting from :

More specifically, the Pythagorean Triples should be primitive Pythagorean Triples or primitive Pythagorean Triples multiplied by squares.

The equation for the square root, of the square $$(a+b*\sqrt{-1})\bmod{p*q}$$, will resolve to $$(a_{1}+b_{1}*\sqrt{-1}_{1})*\sqrt{2}^{-1}\bmod{p*q}$$. Therefore the square $$2*(a+b*\sqrt{-1})\bmod{p*q}$$, will resolve to $$(a_{1}+b_{1}*\sqrt{-1}_{1})\bmod{p*q}$$.

$$3^{2}+4^{2}=5^{2}$$ is the most famous Pythagorean Triple. If we pass these parameters into the Complex Square Root formula we get the following calculations:

$$\sqrt{3^{2}+4^{2}}\bmod{113*257}\equiv 5$$

$$\sqrt{(4 + 5)*2^{-1}}\bmod{113*257}\equiv 3*2^{-1/2}$$

$$\sqrt{(5-4)*2^{-1}}\bmod{113*257}\equiv 1*2^{-1/2}$$

As such $$\sqrt{(4+3*\sqrt{-1})}\bmod{113*257}\equiv (3+1*\sqrt{-1})*\sqrt{2}^{-1}$$

or $$(4+3*13123)\bmod{113*257}\equiv 10332$$, $$(3 + 1*13123) *13077\bmod{113*257}\equiv 16392$$ and $$16392^2 \bmod{113*257}\equiv 10332$$.

Please note that $$13077 \bmod{113*257}\equiv \sqrt{2}^{-1}$$ and $$13123\bmod{113*257}\equiv \sqrt{-1}$$.

Therefore $$\sqrt{2*(4+3*\sqrt{-1})}\bmod{113*257}\equiv (3+1*\sqrt{-1})$$

$$2*(4+3*\sqrt{-1})\bmod{113*257}\equiv 20664$$, $$(3 + 1*13123) \bmod{113*257}\equiv 13126$$, and $$13126^{2}\bmod{113*257}\equiv 20664$$.

It is possible to work this formula out with the the ComplexExpand[...] command of mathematica, as in:

ComplexExpand[((a + b) + (a - b) (-1)^(1/2))^2] // this is the root formula 4 a b + I (2 a^2 - 2 b^2)                       // this is the formula for the square

However, if you can describe the square (with knowledge of $$\sqrt{-1}\bmod{p*q}$$) using the parameters of the pythagorean triple, you can instantly derive the square root. Thus knowledge of one of the $$\sqrt{-1}_{i}\bmod{p*q}$$ allows large numbers of modular square roots to be instantly taken.

Since $$(3+\sqrt{-1})^2\bmod{p*q}\equiv 8+6*\sqrt{-1}$$ then $$(3*\sqrt{-1}-1)^2\bmod{p*q}\equiv -(8+6*\sqrt{-1})$$.

A Generalization Of The Pythagorean Triples Method Of Finding A Square Root
As mentioned in, the following equation generalizes the taking of a square root using the Pythagorean Method mentioned above:


 * $$(a_{1}+b_{1}*\sqrt{I})^2\bmod{p*q}\equiv 2*a+(I+1)*b_{1}^{2}+2*b*\sqrt{I}$$ where $$I$$ is any number that has a known $$\sqrt{I}\bmod{p*q}$$. In other words find the root first and then square it to get the square.

For instance, for Pythagorean Triple $$8^{2} + 15^{2} == 17^{2}$$ where $$a=8$$ and $$b=15$$ and $$a_{1}=\sqrt{8+17}=5$$ and $$b_{1}=\sqrt{17-8}=3$$, then take any root square combination, such as: $$1010^{2}\bmod{89*29}\equiv 605$$. In this case:


 * $$2*8 + (605 + 1)*3^2 + 2*15 *(1010)\bmod{89*29}\equiv 2217$$

and
 * $$(5 + 3* (1010))^2\bmod{89*29}\equiv 2217$$

This works for the negative root as well:


 * $$2*8 + (605 + 1)*3^2 + 2*15 *(-1010)\bmod{89*29}\equiv 980$$

and
 * $$(5 + 3* (-1010))^2\bmod{89*29}\equiv 980$$

This equation is close to the regular binomial square formula, except that you can go from the square to the root.

Interestingly, the product of both these answers, $$980$$ and $$2217$$, is the subtraction of two squares, and its square root is also the subtraction of two squares.


 * $$((16 + 606* 9) + 30 *1010) ((16 + 606* 9) - 30* 1010)\bmod{ 89* 29}\equiv 308^{2} - 1909^{2}\equiv 2039$$

and this sums square root is:


 * $$((5 + 3 *1010) (5 - 3* 1010))^{2}\bmod{89* 29}\equiv (5^{2} - 449^{2})^{2}\equiv 2039$$

Thus this number forms the second part of a Pythagorean Triple:


 * $$(-2* 449 *5)^{2} + (5^{2} - 449^{2})^{2} == (5^{2} + 449^{2})^{2}$$

With $$1909 + 308\bmod{ 89* 29}\equiv 2217$$ and $$(449+5)^2\bmod{89*29}\equiv 2217$$

and


 * $$1909 - 308\bmod{ 89* 29}\equiv 1601$$ and $$(449-5)^2\bmod{89*29}\equiv -1601$$

we have some roots and some squares.

An RSA Cipher Has A Polar Coordinate Root If It Is A Pythagorean Root
If $$e=23$$ and $$c=m^{23}\bmod{p*q}$$, and m is a Pythagorean Triple (ie., $$a_{1}+b_{1}*\sqrt{-1}\bmod{p*q}\equiv m$$(a Modular Complex Number), then the cipher, $$c$$ has a secret message that can be deciphered as such:

ComplexExpand[(3 + I)^23] 138606163968 + 284232882176 I or (3+I)^23 mod p*q= 138606163968 + 284232882176 I

Just remember to take the pythagorean triple and create the root modular complex number via the method shown above. In this case, above, $$3^{2}+4^{2}=5^{2}$$ and $$3=\sqrt{4+5}$$ and $$1=\sqrt{5-4}$$. Thus if $$m^{2}\bmod{p*q}\equiv a+b*\sqrt{-1}$$ where $$a^{2}+b^{2}=c^{2}$$.

Not Always Necessary To Factor some P*Q to do Modular Square Roots
The Quadratic residue article on Wikipedia says that taking modular square roots of p*q modulus is equivalent to factoring the p*q modulus.

If the complete factorization of n is not known, and $$\left(\tfrac{a}{n}\right)=1$$ and n is not congruent to 2 modulo 4, or n is congruent to 2 modulo 4 and $$\left(\tfrac{a}{n/2}\right)=1$$, the problem is known to be equivalent to integer factorization of n (i.e. an efficient solution to either problem could be used to solve the other efficiently).

By way of a counter example I will show that some modular imaginary numbers are quite easy to find. For instance,


 * $$675*675 + 1 == 2*409*557$$ or in other words $$\sqrt{2*409*557-1}==675\equiv \sqrt{-1}_{1}\bmod{409*557}$$

Now that we know $$675$$ as one of the two imaginary numbers of modulus $$409*557$$, we are still not in any condition to factor $$409*557$$, for we need two imaginary numbers to do that. However, using the Pythagorean method of populating the complex square root theorum, and knowing one of the $$\sqrt{-1}\bmod{p*q}$$, we can take almost unlimited numbers of modular square roots almost instantly, via the mathematical reasoning shown just above.

Therefore, for some P*Q 1 mod 4 semiprimes, it is not necessary to factor the modulus to find $$\sqrt{-1}\bmod{p*q}$$ and thereafter many modular square roots can quicky be taken. The conjecture quoted above is shown not to be fully correct.

Quoting from the Quadratic residue article on Wikipedia again:

"The above discussion indicates how knowing the factors of n allows us to find the roots efficiently. Say there were an efficient algorithm for finding square roots modulo a composite number. The article congruence of squares discusses how finding two numbers x and y where $x^{2} ≡ y^{2} (mod n)$ and $x &ne; ±y$ suffices to factorize n efficiently. Generate a random number, square it modulo n, and have the efficient square root algorithm find a root. Repeat until it returns a number not equal to the one we originally squared (or its negative modulo n), then follow the algorithm described in congruence of squares. The efficiency of the factoring algorithm depends on the exact characteristics of the root-finder (e.g. does it return all roots? just the smallest one? a random one?), but it will be efficient."

Please note that I have shown:


 * 1) an efficient way to take modular square roots of numbers that can be described as complex numbers (populated with coefficients from Pythagorean triples).
 * 2) a way to quickly find the $$\sqrt{-1}_{1}\bmod{p*q}$$ that occurs not usually but does occur sometimes.
 * 3) I do not have any efficient way to factor P*Q but I do have a way to efficiently take the square root of large amount of numbers.

I cannot


 * 1) take a number and square it, and then take the modular square root, hoping it will be a different number than the root I first came up with. I cannot do this because I cannot quickly equate the square I produced with a pythagorean triple pair (in a complex modular number).

Therefore, I cannot use my ability to take a modular square root to find the other square root. Therefore, although I can take a square root I cannot factor the semiprime.

Another Formula For Generating Pythagorean Triples Besides The Famous Euclidean One
Euclid's famous formula for generating Pythagorean Triples is the following:


 * $$(2* x* y)^{2} + (x^{2} - y^{2})^{2} == (x^{2} + y^{2})^{2}$$

I've come up with another formula for generating Pythagorean Triples. The math has to do with multiplying in the SQUARELESS number I have spoken of in other parts of this blog.

There are two such squareless numbers in a p*q modulus. They have several properties that make them interesting to applying to the Pythagorean Triples method of using the Complex Square Root formula in modular arithmetic.


 * $$SquareLessNumber_{1}*SquareLessNumber_{2}\bmod{p*q}\equiv 0$$
 * $$SquareLessNumber^{n}\bmod{p*q}\equiv SquareLessNumber$$
 * $$SquareLessNumber_{1}-SquareLessNumber_{2}\bmod{p*q}\equiv\pm \sqrt{1}$$
 * $$SquareLessNumber_{1}+SquareLessNumber_{2}\bmod{p*q}\equiv 1$$

Replacing the equations above with equations involving the squareless numbers, we can see that the coefficients for the square are:


 * $$a = 2*(X*SquareLessNumber_{1}+Y)*(X*SquareLessNumber_{2}+Y)$$
 * $$b=(X*SquareLessNumber_{1}+Y)^{2}-(X*SquareLessNumber_{2}+Y)^{2}$$
 * $$c=(X*SquareLessNumber_{1}+Y)^{2}+(X*SquareLessNumber_{2}+Y)^{2}$$

and the coefficients (and equation) for the root are:


 * $$((X*SquareLessNumber_{1}+Y)+(X*SquareLessNumber_{2}+Y))+((X*SquareLessNumber_{1}+Y)(X*SquareLessNumber_{2}+Y))*\sqrt{-1})*\sqrt{2}^{-1}$$

We can reduce these equations for $$2mn$$, and $$m^{2}-n^{2}$$ to:


 * $$2*(X*SquareLessNumber_{1}+Y)*(X*SquareLessNumber_{2}+Y) \bmod{p*q}\equiv 2 (x* y + y^{2})$$
 * $$(X*SquareLessNumber_{1}+Y)^{2}-(X*SquareLessNumber_{2}+Y)^{2}\bmod{p*q}\equiv (x^{2} + 2 x*y)*\sqrt{1}$$
 * $$((X*SquareLessNumber_{1}+Y)^{2}+(X*SquareLessNumber_{2}+Y)^{2}) \bmod{p*q} \equiv x^{2}+2*x*y+2*y^{2}$$

The equations for the coefficients of the roots also simplify


 * $$((X*SquareLessNumber_{1}+Y)+(X*SquareLessNumber_{2}+Y)) \bmod{p*q}\equiv x + 2 *y$$


 * $$((X*SquareLessNumber_{1}+Y)-(X*SquareLessNumber_{2}+Y)) \bmod{p*q} \equiv x*\sqrt{1}$$

You will notice that the imaginary coefficients for both the square and the root involve $$\sqrt{1}\bmod{p*q}$$, which is unknown. There is an intimate relationship between the square root of 1 and the two square roots of -1. It is $$\sqrt{1}*\sqrt{-1}_{1} \bmod{p*q}\equiv \sqrt{-1}_{2}$$.

Thus the $$\sqrt{1}$$ term cancels out when we apply the known $$\sqrt{-1}$$ to it. Thus the working equations for the imaginary coefficient for the square modular square is:


 * $$ (x^2 + 2 x *y)$$

and the working equation for the imaginary coefficient of the root is:


 * $$x$$

This SQUARELESS number cancels out eventually leaving the following formula:


 * $$(2*x*y + 2*y^{2})^{2} + (x^{2} + 2* x* y)^{2} == (x^{2} + 2* x *y + 2* y^{2})^{2}$$

or
 * $$(-2*x*y + 2*y^{2})^{2} + (x^{2} -2* x* y)^{2} == (x^{2} - 2* x *y + 2* y^{2})^{2}$$

The coefficients for the root, considering that the square matches the coefficients given above is:


 * $$ROOT=(x \pm 2* y) + x*\sqrt{-1} \bmod{p*q}$$

Bottari, in 1908, as reported by Dickson's History Of Numbers vol 2 p169, does show a more general form of my equations shown here for the Pythagorean Triple, but, most probably, he did not use the SQUARELESS number to derive the equations. Thus, although the equations have been worked out before, the way they are derived is probably unique. See here for the relevant quote from Dickson of Bottari's work.

Modular Imaginary Numbers Are Close To Quaternions
Looking at the definition of Quaternion which has its definition of the three imaginary numbers of the system:



It does seem that the $$\sqrt{-1}_{1}\bmod{p*q}$$,$$\sqrt{-1}_{2}\bmod{p*q}$$, and $$-\sqrt{1}\bmod{p*q}$$ come close to this definition, but they do not quite make the definition.


 * $$\sqrt{-1}_{1}*\sqrt{-1}_{2}(-\sqrt{1})\bmod{p*q}\equiv -1 \equiv \sqrt{-1}^{2}_{1}\equiv \sqrt{-1}^{2}_{2}\equiv -\sqrt{1}^{2}$$

This is close to the Quaternion imaginary definition. However, I was not able to make the Quaternion inverse work with modular arithmetic, nor was I able to make the Hamilton Product work with modular arithmetic. The definitions for the imaginary numbers are close to Hamilton's so I suspect an analogue operation may eventually be found.

Looking at my definition of the quad root of 1, it seems that this definiton is close to a quaternion (with all the coefficients being the same):


 * $$ 2^{-1}*(1+\sqrt{-1}_{1})(1+\sqrt{-1}_{2})\equiv 2^{-1}(1+\sqrt{-1}_{1}+\sqrt{-1}_{2}+\sqrt{1})$$

This above number is a type of Hurwitz quaternion, which is defined as:

a Hurwitz quaternion (or Hurwitz integer) is a quaternion whose components are either all integers or all half-integers (halves of an odd integer; a mixture of integers and half-integers is excluded).

Cockle's Tessarines very close to Modular Quaternions
After some research in the Wikipedia, it does seem that the imaginary units I have put forth have been written of already as Bicomplex number or tessarines by James Cockle (lawyer) in 1848.

Quoting from Bicomplex number:

In 1848 James Cockle introduced the tessarines in a series of articles in Philosophical Magazine.

A tessarine is a hypercomplex number of the form


 * $$t = w + x i + y j + z k, \quad w, x, y, z \in \mathbb{R}$$

where $$ i j = j i = k, \quad i^2 = -1, \quad j^2 = +1 .$$ Cockle used tessarines to isolate the hyperbolic cosine series and the hyperbolic sine series in the exponential series. He also showed how zero divisors arise in tessarines, inspiring him to use the term "impossibles." The tessarines are now best known for their subalgebra of real tessarines $$ t = w + y j \ $$, also called split-complex numbers, which express the parametrization of the unit hyperbola.

In the case of modular tessarines, then $$i=\sqrt{-1}_{1}\bmod{p*q}$$, $$j=\sqrt{1}\bmod{p*q}$$ and $$k=\sqrt{-1}_{2}\bmod{p*q}$$.

Quoting the imaginary multiplication table from Bicomplex number:

There are some minor differences, but mostly the same for the two systems.

The Modular Quaternion Worked Out And Demonstrated
I was able to come up with an analogue, for this Quaternion-like system, for both the conjugate, the form, and the multiplicative inverse. Given $$\sqrt{-1}_{1}\bmod{p*q}\equiv i$$, $$\sqrt{-1}_{2}\bmod{p*q}\equiv j$$ and $$\sqrt{1}\bmod{p*q}\equiv k$$, then the conjugate of $$(a + b* i + c* j + d *k)$$ would be:


 * $$(a - b* i - c* j + d *k)$$

There is a norm to this (which isn't great) of:


 * $$(a^{2} + b^{2} + c^{2} + d^{2} - 2*\sqrt{1}* (b*c - a*d))$$

and so the multiplicative inverse is:


 * $$(a - b* i - c* j + d *k)*(a^{2} + b^{2} + c^{2} + d^{2} - 2*\sqrt{1}* (b*c - a*d))^{-1}\bmod{p*q}$$

(It can be seen from the above definition that the norm of modular quarternions where $$a=b=c=d$$, or $$b*c==a*d$$, is indeed the norm of quaternions: $$a^{2}+b^{2}+c^{2}+d^{2}$$ and thus, looking at the definition of the quad root of 1 mod p*q, as a modular quaternion (see above), the norm is $$(1/2)^{2}+(1/2)^{2}+(1/2)^{2}+(1/2)^{2}=1$$. This makes the quad root of 1 a unit quaternion. I suspect that all roots of 1 have norms of 1, since the cube root of 1 also has a norm of 1)

Since we know the norm of the quad root of 1 to be 1, we can take a stab at the inverse of the quad root of 1:

In[6]:= Mod[PowerMod[2, -1, 89 29] (1 + 568 + 945 + 2493), 89 29]

Out[6]= 713

In[7]:= PowerMod[713, -1, 89 29]

Out[7]= 1781

and the inverse of the quad root of 1 is:

In[9]:= Mod[(1 - 568 - 945 + 2493) PowerMod[2, -1, 89 29], 89 29]

Out[9]= 1781

Thus the inverse of the quad root of 1, after considering it as a modular quaternion, is:


 * $$2 *(1 - \sqrt{-1}_{1} - \sqrt{-1}_{2} + \sqrt{1})*4^{-1}\bmod{p*q}\equiv (1-\sqrt{-1}_{1})*(1-\sqrt{-1}_{2})*2^{-1}$$

See User:Endo999 for the cube root of -1 shown as a quaternion, and it's inverse successfully computed. An example, showing a conjugate, norm, and multiplicative inverse, follows:

A modular quaternion for $$89*29$$ is:


 * $$(29 + 13 *568 + 17 *945 + 23* 2493)\bmod{89* 29}\equiv 806$$

The conjugate is:


 * $$(29 - 13 *568 - 17 *945 + 23* 2493)\bmod{89* 29}\equiv 366$$

The norm(it's odd) is:


 * $$(29^{2} + 13^{2} + 17^{2} + 23^{2} - 2* 2493* (13* 17 - 29* 23))\bmod{89*29}\equiv 762$$

and the multiplicative inverse of quaternion $$806$$, given above, is:


 * $$(29 + 13* 568 + 17* 945 + 23* 2493)^{-1}\bmod{89*29}\equiv 806^{-1}\equiv 366*762^{-1}\equiv 285$$

Multiplication follows the following rule:

Mod[(29 + 13 568 + 17 945 + 23 2493) (39 + 23 568 + 27 945 +    33 2493), 89 29]==2172

In[15]:= Mod[k (a w + b x + c y + d z) + j ( -b w + a x - d y + c z) + i (-c w - d x + a y + b z) + d w - c x - b y + a z,  89 29] /. {k -> 2493, i -> 568, j -> 945, a -> 29, b -> 13, c -> 17, d -> 23, z -> 39, y -> 23, x -> 27, w -> 33}

Out[15]= 2172

It is somewhat similar to the Hamilton Product but is different regarding the non i,j,k items.

The Log And The Exp Functions Of Modular Quaternions
Quoting from Quaternion:

 Exponential, logarithm, and power Given a quaternion,
 * $$ q= a+ bi + cj + dk = a + \mathbf{v} $$

the exponential is computed as
 * $$\exp(q) = \sum_{n=0}^\infty \frac{q^n}{n!}=e^{a} \left(\cos \|\mathbf{v}\| + \frac{\mathbf{v}}{\|\mathbf{v}\|} \sin \|\mathbf{v}\|\right) $$


 * $$\ln(q) = \ln \|q\| + \frac{\mathbf{v}}{\|\mathbf{v}\|} \arccos \frac{a}{\|q\|}$$.

It follows that the polar decomposition of a quaternion may be written
 * $$q=\|q\|e^{\hat{n}\theta} = \|q\| \left(\cos(\theta) + \hat{n} \sin(\theta)\right),$$

where the angle $$\theta$$ and the unit vector $$\hat{n}$$ are defined by:
 * $$a=\|q\|\cos(\theta)$$

and
 * $$\mathbf{v}=\hat{n} \|\mathbf{v}\|=\hat{n}\|q\|\sin(\theta).$$

Any unit quaternion may be expressed in polar form as $$e^{\hat{n}\theta}$$.

The power of a quaternion raised to an arbitrary (real) exponent $$\alpha$$ is given by:
 * $$q^\alpha=\|q\|^\alpha e^{\hat{n}\alpha\theta} = \|q\|^\alpha \left(\cos(\alpha\theta) + \hat{n} \sin(\alpha\theta)\right).$$

Dealing with the Logarithm, it would be particularly attractive if a LOG2 could be taken of a Quaternion, in that the Diffie Hellman Key Exchange Protocol deals with discrete logs, and the prime modulus of the key exchange would help in taking the square roots in this regard. However, my initial researches into this matter show that the ARCCOS[x] function that is part of the LOG function, seen above, always returns a nonrational number. In general, all numbers that are part of a modular equation need to be rational.

However, we can create modular Quaternions that have natural squares for both the Norm of the Quaternion and the norm of the vector part of the Quaternion. We simple zero out A and C, for instance, and set B and D to be parameters of a Pythagorean Triple, such as Quaternion[0,3,0,4] where the $$N=\sqrt{3^{2}+4^{2}}==5$$ and the norm of the vector for this Quaternion equals 5 as well. So we are almost at the point where the LOG2[Quaternion[0,3,0,4]] could be taken, alas, the ARCCOS[0] returns $$PI/2$$ which is not rational. However, the log2[Quaternion[0,3,0,4]] returns:


 * $$-\infty+[3,0,4]*\pi/(2*5)$$

In modular arthmetic, the $$Log2[0]==0$$ but the PI value cannot be instantiated in a MOD P*Q scheme.

So it looks like there is no LOG2 analogue for a modular quaternion.

Dealing with the de moivre square like formula of Quaternions, things look a bit better. Getting the $$\theta$$ of the Quaternion[0,3,0,4] is okay:


 * $$a=\|q\|\cos(\theta)$$ or $$ArcCos[0/\|q\|]==\pi/2$$

where the formula for the square is:


 * $$q^\alpha=\|q\|^\alpha e^{\hat{n}\alpha\theta} = \|q\|^\alpha \left(\cos(\alpha\theta) + \hat{n} \sin(\alpha\theta)\right).$$

Setting $$\alpha=1/2$$ then $$\cos(\alpha\theta)=\cos(\pi/4)=1/\sqrt{2}$$. This happens for the $$\sin(\alpha\theta)=\sin(\pi/4)=1/\sqrt{2}$$ as well.

However, my inital enquiries show that there is no analogue for the demoivre theorum. Using $$4801*1201$$ as the modulus I get the equation:

Mod[372155 (1574679 + (3 1574679 246254 + 4 1574679 1925202) PowerMod[     5, -1, 1201 4801]), 1201 4801] =1342976 where 372155 is the square root of 5 1574679 is the inverse square root of 2 246254 is the square root of -1 1925202 is the square root of 1

However,

PowerMod[Mod[3 246254 + 4 1925202, 4801 1201], 1/2, 4801 1201]

2118921

(2)^(1/2)+3^(1/2) In Modular Arithmetic
According to YouTube Mathologer video [], the number PI can be expressed as $$\sqrt{2}+\sqrt{3} \approx \pi$$.

Working with this I was able to get a rough relationship with SIN[PI/4] and SIN[PI/8] and the sum given above.

Mod[PowerMod[3, 1/2, 97 47] + PowerMod[2, 1/2, 97 47], 97 47] = 2110

I'm still working out the properties of this modular number but there is one I can point out right now.

There is often a direct relationship between the SIN[PI/4] and SIN[PI/8] and sqrt{2}+sqrt{3}.

$$4*SIN[\pi /4] \bmod{p*q}\equiv (\sqrt{2}+\sqrt{3})-(\sqrt{2}+\sqrt{3})^{-1}$$

and

$$8*SIN[\pi /8]-4 \bmod{p*q}\equiv (\sqrt{2}+\sqrt{3})-(\sqrt{2}+\sqrt{3})^{-1}$$

This relationship happens around half the time that there is a modular square root for 2 and for 3 in the P*Q modulus.

I have constructed a Mathematica function here that will demonstrate this relationship:

try222a[p_, q_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a21, a22, a23, a24, a25, a26, a27, a28, a29, a210, pq}, a1 = NextPrime[p, 1]; a7 = 0; a8 = 0; a11 = 0; a12 = 0; For[a2 = 1, a2 < 100, a2++, a1 = NextPrime[a1, 1]; a3 = NextPrime[q, 1]; For[a4 = 1, a4 < 100, a4++, a7++; If[1 == 1, If[IntegerQ[PowerMod[2, 1/2, a1 a3]] && IntegerQ[PowerMod[3, 1/2, a1 a3]], a8++; Print[{a1, a3}]; pq = a1 a3; a21 = Mod[PowerMod[2, 1/2, pq] + PowerMod[3, 1/2, pq], pq]; a22 = PowerMod[2, -1/2, pq]; a23 = Mod[4 a22, pq]; a24 = Mod[a21 - PowerMod[a21, -1, pq], pq]; a29 = Mod[a21 + PowerMod[a21, -1, pq], pq]; a25 = Mod[PowerMod[2 - PowerMod[2, 1/2, pq], -1, pq] PowerMod[ 2, -1, pq], pq]; a210 = Mod[PowerMod[2 + PowerMod[2, 1/2, pq], -1, pq] PowerMod[ 2, -1, pq], pq]; a26 = Mod[a25 8, pq]; a210 = Mod[a210 8, pq]; a27 = Mod[(PowerMod[3, 1/2, pq] - 1) PowerMod[ 2 PowerMod[2, 1/2, pq], -1, pq], pq]; a28 = Mod[12 a27, pq]; Print[{a21, a22, a23, a24, a25, a26, a28, a29, Mod[-a210, p q]}]; a13 = 0; If[a23 == a24 && a23 + 4 == a26, a11++; a12++;, If[a23 + 4 == a26, a12++; ];];      ];     ];     a3 = NextPrime[a3, 1]; ];  ];  Print[{a7, a8, a11, a12}]; ]

If you run this function, and iterate through 10,000 P*Q semiprimes, of all descriptions, you get

try222a[88, 28]

{9801,506,269,269}

This output is one of totals. There are 9801 semiprimes tested, 506 have both modular square roots for both 2 and 3, and 269 of them have both relationships shown above. That's about half of the possible candidates. I have no explanation yet while this is so, but the prevalence of the relationships between the SIN[PI/X] and ~PI-~PI^{-1} is very strong. Possibly, the roots for the other half of the nonmatching candidates are not in alignment (square root of 1 in the way). This would nicely account for the other half of the candidates that don't match.

Modular Square Root Of Two Definition
Working with a modified mathematica procedure, I was able to come up with this definition of the modular square root of 2 mod p*q.


 * $$\sqrt{2}\bmod{p*q}\equiv \sqrt{3}-(\sqrt{2}+\sqrt{3})^{-1}$$

I give the following Mathematica procedure to show this as examples:

try222b[p_, q_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a21, a22, a23, a24, a25, a26, a27, a28, a29, a210, pq}, a1 = NextPrime[p, 1]; a7 = 0; a8 = 0; a11 = 0; a12 = 0; For[a2 = 1, a2 < 100, a2++, a1 = NextPrime[a1, 1]; a3 = NextPrime[q, 1]; For[a4 = 1, a4 < 100, a4++, a7++; If[1 == 1, If[IntegerQ[PowerMod[2, 1/2, a1 a3]] && IntegerQ[PowerMod[3, 1/2, a1 a3]], a8++; Print[{a1, a3}]; pq = a1 a3; a21 = Mod[PowerMod[2, 1/2, pq], pq]; a22 = Mod[PowerMod[3, 1/2, pq] - PowerMod[PowerMod[2, 1/2, pq] + PowerMod[3, 1/2, pq], -1, pq], pq]; If[(a21 == a22), a11++;, ];        ];     ];     a3 = NextPrime[a3, 1]; ];  ];  Print[{a7, a8, a11}]; ]

try222b[88, 28] {9801,506,506}

Some of the output shown above of this procedure shows that among 9801 semiprimes, 506 had both modular square roots of both 2 and 3 and that all 506 of these had the definition of the modular square root of 2 given above.

A Definition Of All Modular Square Roots Mod P*Q
Working on the definition of the modular square root of 2 mod p*q found in the previous section, it seems that this type of definition of the square root of r in terms of the square root of r+1 applies to all modular square roots mod p*q.


 * $$\sqrt{r}\bmod{p*q}\equiv \sqrt{r+1}-(\sqrt{r}+\sqrt{r+1})^{-1}$$

I give the following Mathematica procedure to show this as examples:

try222c[p_, q_, r_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a21, a22, a23, a24, a25, a26, a27, a28, a29, a210, pq}, a1 = NextPrime[p, 1]; a7 = 0; a8 = 0; a11 = 0; a12 = 0; For[a2 = 1, a2 < 100, a2++, a1 = NextPrime[a1, 1]; a3 = NextPrime[q, 1]; For[a4 = 1, a4 < 100, a4++, a7++; If[1 == 1, If[IntegerQ[PowerMod[r, 1/2, a1 a3]] && IntegerQ[PowerMod[r + 1, 1/2, a1 a3]], a8++; (*Print[{a1,a3}];*) pq = a1 a3; a21 = Mod[PowerMod[r, 1/2, pq], pq]; a22 = Mod[PowerMod[r + 1, 1/2, pq] - PowerMod[ PowerMod[r, 1/2, pq] + PowerMod[r + 1, 1/2, pq], -1, pq], pq]; If[(a21 == a22), a11++;, ];        ];     ];     a3 = NextPrime[a3, 1]; ];  ];  Print[{a7, a8, a11}]; ]

try222c[88, 28, 3] {9801,2304,2304}

try222c[88, 28, 4] {9801,2256,2256}

try222c[88, 28, 101] {9801,395,395}

A very interesting definition of the modular square root mod p*q if I don't say so myself.

It is not remarkable that:


 * $$-\sqrt{r}\bmod{p*q}\equiv \sqrt{r+1}-\sqrt{r}-\sqrt{r+1}$$

In fact, it is algebra. However, the inverse operation is supposed to scramble the terms, but instead it seems to function, $$-(\sqrt{r}+\sqrt{r+1})^{-1}$$ as the difference between the two squares or r and (r+1).

By taking advantage of natural squares sometimes we can simplify this equation. Take for example the case when $$r^{2}=4$$:


 * $$\sqrt{5} - (2 + \sqrt{5})^{-1}\bmod{ 89 *29}\equiv 2$$

Taking the other root as a natural we get:


 * $$9 - (\sqrt{80} + 9)^{-1}\bmod{ 89* 29}\equiv 102\equiv \sqrt{80}$$

Since the definition of the inverse of a complex number is described here, as


 * $$\frac{1}{z} = \frac{\bar z}{z \bar z} = \frac{\bar z}{\|z\|^2} = \frac{a - bi}{a^2 + b^2} = \frac{a}{a^2 + b^2} - \frac{b}{a^2+b^2}i.$$

Now the modular definition of the complex number means that, for instance, $$\sqrt{5}^{2} \equiv -5$$ then the inverse of the two adjacent square roots is:


 * $$(\sqrt{r}+\sqrt{r+1})^{-1}\bmod{p*q}\equiv (\sqrt{r}-\sqrt{r+1})*(-1)^{-1}$$

As such the difference of the squares becomes apparent.

For the difference when the roots are n integers apart then:


 * $$(-\sqrt{r}+\sqrt{r+n})\bmod{p*q}\equiv (-r+(r+n))*(\sqrt{r}+\sqrt{(r+n)})^{-1}$$

Roots Of Adjacent Squares Found From Any Residue
Thus, knowing the sum of squares that are 1 apart, allows the knowing of the difference of the squares, and thus of the two individual squares themselves. Since this is because of the complex definition of the inverse then it will also work for knowing the difference of the two squares.


 * $$(\sqrt{r}-\sqrt{r+1})^{-1}\bmod{p*q}\equiv (\sqrt{r}+\sqrt{r+1})*(-1)^{-1}$$

337 is the modular square root of 5 mod 89*29

get the sum of the two roots whose squares are adjacent to each other

Mod[(2 + 337)*(-1)= 2242

invert the difference of two roots

PowerMod[(2 - 337), -1, 89 29]= 2242

As such you should be able to take any residue mod p*q and invert it and then find the two adjacent squares whose roots equal the residue involved.

If we take the example shown just above, where $$-335^{-1}\bmod{89*29}\equiv -339$$

So $$-335\equiv \sqrt{x}-\sqrt{x+1}$$ and $$-339\equiv \sqrt{x}+\sqrt{x+1}$$

therefore $$339-335\equiv \sqrt{x}*2$$ and halving 4 gets 2, so 2 is one of the roots and 337 is the other root. Sure enough $$2^{2}\equiv 4$$ and $$337^{2}\bmod{89*29}\equiv 5$$. This process can basically happen for any residue of p*q.

We'll take another example of this:

PowerMod[1011, -1, 89 29]= 1399 Mod[-1011, 89 29]= 1570 Mod[-1399, 89 29]= 1182

find the two roots

(1570 - 1182)/2= 194 1182 + 194= 1376

confirm the squares are adjacent to each other

Mod[194^2, 89 29]= 1502 Mod[1376^2, 89 29]= 1503

Roots From Squares N Apart
Extending the formula given above for the inverse of square roots 1 apart to N apart we get:


 * $$(\sqrt{r}-\sqrt{r+n})^{-1}\bmod{p*q}\equiv (\sqrt{r}+\sqrt{r+n})*(-n)^{-1}$$


 * $$(\sqrt{r}+\sqrt{r+n})^{-1}\bmod{p*q}\equiv (-\sqrt{r}+\sqrt{r+n})*(-n)^{-1}$$

From this the following Mathematica routine will find squares N apart from any residue

aa is sum of the roots o is difference of the squares

try222b[aa_, p_, q_, o_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, pq}, pq = p q; a1 = PowerMod[aa, -1, pq]; a2 = Mod[o^2 a1 + o aa, pq]; a3 = Mod[a2 PowerMod[2 o, -1, pq], pq]; a4 = Mod[aa - a3, pq]; Print[{{a3, a4}, {Mod[a3^2, pq], Mod[a4^2, pq]}}]; ]

calling this routine we get squares 2 apart

try222b[1011, 41, 73, 2]

{{1179,2825},{1289,1287}}

now we get squares 6 apart

try222b[1011, 41, 73, 6]

{{2526,1478},{2593,2587}}

Feeding in either -1 or 1 as the residue gives us roots as apart as the squares are:

try222b[41 73 - 1, 41, 73, 6]

{{1493,1499},{2257,2251}}

try222b[1, 41, 73, 6]

{{1500,1494},{2257,2251}}

Knowing the difference between two square roots allows the finding of both square roots
Focusing on work done on the difference between two modular square roots, where it has been decided that


 * $$(-r+(r+n))(\sqrt{r}+\sqrt{r+n})^{-1}\bmod{p*q}\equiv -\sqrt{r}+\sqrt{r+n}$$

it is easily seen that knowing the difference between the two roots will reveal both the roots, if you know the squares.

Take the Mathematica Expand command and the proof is easy to see:

Expand[(a + b)^2 - a^2 - (d + b)^2 + d^2] = 2 a b - 2 b d Knowing 2(a-d) it is easy to find b. An example follows:

PowerMod[34, 1/2, 89 29]= 482 PowerMod[45, 1/2, 89 29]= 1011

so the difference between the two roots is 529 1011-482 = 529

take 500 as a guess for 34^(1/2), add 529 to it to get 1029

Mod[(500^2) - 34 - (1029^2) + 45, 89 29]= 1604

Mod[1604 PowerMod[2 529, -1, 89 29], 89 29]= 2563=-18

so 500-18=482, the answer and 1029-18=1011 the answer

De Moivre's formula seems to have an analogue of sorts in Modular Arithmetic
After experimenting with De Moivre's formula I was able to take a type of square root and even a cube root when $$sin(\Theta) $$ and $$cos(\Theta)$$ can be expressed as a rational number (a fraction). This work is probably restricted to 1 mod 4 semiprimes and to 1 mod 4 primes.

My work, showing two examples where division of the $$\Theta$$ makes for a square or even cube root.

Since $$sin(\Pi/4)\bmod{p*q}\equiv \sqrt{2}^{-1}$$ and $$sin(\Pi/4)=cos(\Pi/4)$$, then the coefficients for the complex number are $$\sqrt{2}^{-1}\bmod{113*257}\equiv 13077$$.

Since the complex coefficients for $$\Pi/2$$ would equal the $$\sqrt{-1}\bmod{p*q}$$, then the complex equation:


 * $$13077+13077*13123\bmod{113*257}\equiv 19279$$

and


 * $$19279^{2}\bmod{113*257}\equiv 13123$$

then we have found the quad root of -1.

Back to our original quest for a square root, since this is modular arithmetic let's try $$13077*\sqrt{1}\bmod{113*257}\equiv 13591$$.


 * $$\sqrt{1}*(\sqrt{2}^{-1}+\sqrt{2}^{-1}*\sqrt{-1})\bmod{p*q}\equiv 13591+13591*13123 \equiv 27503$$

Since we are dividing $$\Theta$$ by 2, then the sine and cosine formulas are:


 * $$cos(\Pi/8)\bmod{p*q}\equiv \sqrt{2 + \sqrt{2}}*2^{-1}\bmod{p*q}\equiv 15689 \bmod{113*257}$$
 * $$sin(\Pi/8)\bmod{p*q}\equiv \sqrt{2 - \sqrt{2}}*2^{-1}\bmod{p*q}\equiv 18310 \bmod{113*257}$$

After some play with the coefficients I had to switch the sin and cos parameters, giving:


 * $$(-18310 + 15689*241)^{2}\bmod{113*257}\equiv 27503$$

Thus the square root of the coefficients for $$\Theta/4$$ are the coefficients, sort of, for the $$\Theta/8$$. Please note that I had to switch the two square roots of -1 in the root and square.


 * $$\sqrt{-1}_{1}\bmod{113*257}\equiv 13123$$
 * $$\sqrt{-1}_{2}\bmod{113*257}\equiv 241$$

I believe the switching of the sin and cos coefficients and the change of the square root of -1 mod p*q have to do with the reflection around the four axis of the polar coordinates.

Taking the Cube Root
For people reading the following examples the wikipedia math article Root_of_unity is quite applicable. The following two examples show that there are roots of unity in modular arithmetic.

I was able to take the cube root of -1 mod p*q in the following example:

Since $$sin(\Pi/2)=1$$ and $$cos(\Pi/2)=0$$ the math is considerably simplified. The sin and cos values for $$\Pi/6$$ are:


 * $$cos(\Pi/6)\bmod{p*q}\equiv \sqrt{3}*2^{-1}\bmod{p*q}\equiv 15648 \bmod{337*577}$$
 * $$sin(\Pi/6)\bmod{p*q}\equiv 2^{-1}\bmod{p*q}\equiv 97225 \bmod{337*577}$$

And, interestingly, the following equation is the cube root of -1.


 * $$(97225 + 15648*133263)^{3}\bmod{ 337 *577}\equiv -1$$ where $$133263\bmod{337*577}\equiv \sqrt{-1}$$

Please note that if the number shown above is $$X\equiv (2^{-1}*(1+\sqrt{-3}))$$ then the cube root of any negative number can be derived if the cube root of its positive number is known: $$(X*\sqrt[3]{Y})\bmod{p*q} \equiv \sqrt[3]{-Y}$$

Taking the 5th Root Of 1
To take the 5th Root of 1, first take the sin and cos of $$\Pi/10$$,


 * $$Sin(\Pi/10)\bmod{401*101}\equiv (1/4)*(\sqrt{5}-1)\equiv (1/4)*(2985-1)\equiv 746$$
 * $$Cos(\Pi/10)\bmod{401*101}\equiv \sqrt{(\sqrt{5}+5)/8}\equiv \sqrt{(2985+5)/8}\equiv 11367$$

With $$\sqrt{-1}_{1}\bmod{401*101}\equiv 4030$$ and $$\sqrt{-1}_{2}\bmod{401*101}\equiv 25644$$

Then:


 * $$(746 + 4030*11367)\bmod{401* 101}\equiv 3125$$ and $$3125^{5}\bmod{101*401}\equiv 1$$
 * $$(746+25644* 11367)\bmod{ 401* 101}\equiv 10397$$ and $$10397^{5}\bmod{101*401}\equiv 1 $$

Thus the fifth root of 1 has polar coordinates.

The Square Root Of 5 mod p*q is found with the following addition and subtraction of the fifth roots of unity, as can be seen from the Square root of 5 wiki article:

The field $i^{2} = j^{2} = k^{2} = ijk = −1,$, like any other quadratic field, is an abelian extension of the rational numbers. The Kronecker–Weber theorem therefore guarantees that the square root of five can be written as a rational linear combination of roots of unity:
 * $$\sqrt5 = e^{\frac{2\pi}{5}i} - e^{\frac{4\pi}{5}i} - e^{\frac{6\pi}{5}i} + e^{\frac{8\pi}{5}i}. \, $$

Thus:


 * $$(3125 - 3125^{2} - 3125^{3} + 3125^{4})\bmod{401 *101}\equiv 2985\equiv \sqrt{5}$$
 * $$(10397 - 10397^{2} - 10397^{3} + 10397^{4})\bmod{401 *101}\equiv 2985\equiv \sqrt{5}$$

Interestingly, 9045 is the other square root of 5 mod 401*101, but I was unable to come up with any permutation of the root of unity, 3125, to equal 9045. Use the other fifth root of 1, 10498, to get this figure.

$$10498-10498^{2}-10498^{3}+10498^{4} \bmod{ 401* 101}\equiv 9045$$ and $$10498^{5}\bmod{401*101}\equiv 1$$

In this case the other root of 5 is used to calculate the complex coefficients.


 * $$Sin(\Pi/10)\bmod{401*101}\equiv (1/4)*(\sqrt{5}-1)\equiv (1/4)*(9045-1)\equiv 2261$$
 * $$Cos(\Pi/10)\bmod{401*101}\equiv \sqrt{(\sqrt{5}+5)/8}\equiv \sqrt{(9045+5)/8}\equiv 15710$$


 * $$(2261 + 4030*15710)\bmod{401* 101}\equiv 10498$$ and $$10498^{5}\bmod{101*401}\equiv 1$$
 * $$(2261+25644* 15710)\bmod{ 401* 101}\equiv 6054$$ and $$6054^{5}\bmod{101*401}\equiv 1 $$

See here for an example of the modular square root of -3 being equal to the sum of the two roots of unity of 3.

Consult Hilbert's twelfth problem where the article says:

Kronecker's Jugendtraum or Hilbert's twelfth problem, of the 23 mathematical Hilbert problems, is the extension of the Kronecker–Weber theorem on abelian extensions of the rational numbers, to any base number field. That is, it asks for analogues of the roots of unity, as complex numbers that are particular values of the exponential function; the requirement is that such numbers should generate a whole family of further number fields that are analogues of the cyclotomic fields and their subfields.

Now we have successfully showed that the 5th root of unity per modulus p*q can be written in polar coordinates, or as modular complex numbers. Are modular complex numbers a contribution to extending the Kronecker-Weber theorem beyond the abelian extensions of the rational numbers? Clearly, the integer values of the modular numbers shown here are subfields of Q, but now that their polar coordinates have been revealed, has a contribution to Hilbert's twelfth problem been shown? Perhaps, an interesting example of the permutation of roots of unity in regular mod p*q fields has been shown.

The Golden Ratio As A Modular Number
Since, according to Golden ratio, the Golden Ratio is $$(1+\sqrt{5})/2 \bmod{p*q}$$, then if the modulus $$p*q$$ has a square root of 5, then there is a golden ratio for the modulus.

And examination shows that some of the properties of the Golden Ratio do hold, although the ways to approximate the golden ratio do not.


 * $$(1+\sqrt{5})/2 \bmod{89*29}\equiv 169$$

And the quadratic equation $$x^{2}-x\equiv 1 \bmod{p*q}$$ holds as well as in the following mathematica solve command:

Solve[a^2 - a == 1, {a}, Modulus -> 89 29]

{{a -> 169}, {a -> 633}, {a -> 1949}, {a -> 2413}}

One of the solutions will always be the golden ratio.

As well the well known identity with the Golden Ratio:


 * $$ \frac nm = \frac{m}{n-m}.\qquad (*) $$

For instance,

Mod[1318 100, 89 29]=169

PowerMod[100, -1, 89 29]=2039

Mod[2039 PowerMod[1318 - 2039, -1, 89 29], 89 29]=169

Mod[1318 PowerMod[2039, -1, 89 29], 89 29]=169

According to Golden ratio:

This illustrates the unique property of the golden ratio among positive numbers, that


 * $${1 \over \varphi} = \varphi - 1,$$

And this is true in modular arithmetic since: $$169^{-1}\bmod{89*29}\equiv 168$$.

Golden Ratio Times Square Root Of 2
If we take the Golden Ratio, whose inverse is 1 less, and the square root of 2, whose inverse is half, then $$(GR*SQRT2)/2 - (GR*SQRT2)^{-1}\bmod{p*q}\equiv SQRT2^{-1}$$. Dropping into Mathematica we can see this holds for the modulus: $$599*601$$

PowerMod[5, 1/2, 599 601 ]=67039 PowerMod[2, 1/2, 599 601]=16606

Mod[((1 + 67039) PowerMod[2, -1,      599 601] 16606) PowerMod[2, -1, 599 601] - PowerMod[((1 + 67039) PowerMod[2, -1, 599 601] 16606), -1, 599 601], 599 601]=8303

Mod[16606 PowerMod[2, -1, 599 601], 599 601]=8303

Complex Conjugate Of Root Of Unity Is Modular Inverse
Quoting from the Wikipedia article Complex conjugate:

"In polar form, the conjugate of $$\rho e^{i \phi}$$ is $$\rho e^{-i \phi}$$. This can be shown using Euler's formula."

As such, since polar coordinates have an analogue in modular arithmetic, we can see that


 * $$(97225 + 15648*133263)^{-1}\bmod{ 337 *577}\equiv (97225 - 15648*133263) \equiv 68877$$

This happens to be the case for this sum above.

I was able to get another modulus to work with this sum:


 * $$(194281 + 36879*87768)^{3}\bmod{ 337* 1153}\equiv -1 \equiv (2^{-1}+\sqrt{3}*2^{-1}*\sqrt{-1}_{i})^{3}\bmod{p*q}$$

Now that we have a formula for taking the cube root of -1, we can apply this to prime modula instead of semiprime modula. In this case it is easy to find the square root of 3 mod p. Thus if $$337$$ is the modulus in the equation above instead of $$337*1153$$ then the equation becomes:


 * $$(169 + 191*148)^3\bmod{ 337}\equiv -1\equiv (2^{-1}+\sqrt{3}*2^{-1}*\sqrt{-1})^{3}$$

Reducing this further, per the mod p, we get:


 * $$(169 (1 + 80))^3\bmod{ 337}\equiv -1 \equiv (2^{-1}*(1+\sqrt{-3}))^{3}\bmod{p}$$

This above equation (on the right) is very close to an Eisenstein integer.

Dropping into Mathematica and trying the prime modulus $$1153$$ we find the formula works as well:

Mod[(PowerMod[2, -1, 1153] (1 + PowerMod[-3, 1/2, 1153]))^3, 1153]== -1

The Third Root Of -1 And RSA With E Equals 3
If we have knowledge of $$\sqrt{-3}\bmod{p*q}$$ as in $$8505 \equiv \sqrt{-3}\bmod{577*337}$$, and the RSA plaintext can be expressed as $$X+X*(2^{-1}(1+\sqrt{-3})$$, then my example below shows that you can derive $$X^{3}\bmod{p*q}$$.

Take $$(27 + 27*4253)^3\bmod{ 577* 337}\equiv 144427$$ where $$2^{-1}(1+\sqrt{-3})\bmod{577*337}\equiv 4253$$

Now the cipher text expands out, and certain terms cancel out:


 * $$(27 + 27*4253)^3\bmod{ 577* 337}\equiv (27^{3}-27^{3}+3*27*27^{2}*4253 + 3*27^{2}* 27 *4252)$$ since $$4253^{2}\bmod{577*377}\equiv 4252$$

And so, dividing by 3:


 * $$(27 + 27*4253)^3\bmod{ 577* 337}\equiv (27*27^{2}*4253 + 27^{2}* 27 *4252)\equiv 177775$$

This equals also:


 * $$(27 + 27*4253)^3\bmod{ 577* 337}\equiv (2*4253 - 1) 27^{3}\equiv 177775$$

Divding by $$(2*4253-1)$$ which is known, gives:


 * $$27^{3}\bmod{577*337}\equiv 19683$$

Thus, if $$\sqrt{-3}\bmod{p*q}$$ is known, then the cube root of -1 can be known and the RSA (with E=3) ciphertext can be rewritten as $$(X+X*\sqrt[3]{-1})^{3}\bmod{p*q}$$. From here $$X^{3}\bmod{p*q}$$ can be derived.

Root Of -3 Mod P*Q Is Sum Of Two Cube Roots Of -1 Mod P*Q

 * Note that $$\sqrt[3]{-1}^{2}\bmod{p*q}\equiv \sqrt[3]{-1}-1$$ and also

$$\sqrt{-3}\bmod{p*q}\equiv \sqrt[3]{-1}+\sqrt[3]{-1}^{2}$$

Or


 * $$4253+4252\bmod{337*577}\equiv 8505\equiv \sqrt{-3}$$

Square Root Of 2 Mod P*Q Is Twice That Of Its Inverse
According to Square root of 2:

"One-half of $ℚ[√−5]$, also the reciprocal of $√2$"

and this is true in modular arithmetic:


 * $$\sqrt[-2]{2}\bmod{337*577}\equiv 24251$$
 * $$\sqrt[2]{2}\bmod{337*577}\equiv 48502\equiv 2*24251$$

Can Often Find The Cube Root of -1 By Taking A Square Root
However, we can note that $$(1+\sqrt[3]{-1})^{6}\bmod{p*q}\equiv -27$$ so it is possible to get $$X^{6}\bmod{p*q}$$ as in:


 * $$((27 + 27*4253)^{3})^{2}\bmod{ 577* 337}\equiv (-27)*27^{6}\equiv 30752\equiv (-27)*78081$$

Thus if we take a modular square root of $$\sqrt{X^{6}}\bmod{p*q}\equiv X^{3}$$, we can then divide $$X^{3}(1+\sqrt[3]{-1})^{3}*X^{-3}\bmod{p*q}$$. At this point we have $$(1+\sqrt[3]{-1})^{3}\equiv (6*\sqrt[3]{-1}-3)\bmod{p*q}$$ so it is easy to derive $$\sqrt[3]{-1}\bmod{p*q}$$ from this sum.

Since $$(1+\sqrt[3]{-1})^{6}\bmod{p*q}\equiv -27$$ and the square root of $$\sqrt{-27}\bmod{p*q}\equiv 3*\sqrt{-3}$$, then $$(1+\sqrt[3]{-1})^{3}\bmod{p*q}\equiv 3*\sqrt{-3}$$.

So to derive the cube root of -1 from a cube:


 * 1) square the cube: $$(X^{3}(1+\sqrt[3]{-1}))^{2}\bmod{p*q}\equiv (-27)*X^{6}$$
 * 2) divide by (-27) and then take a modular square root: $$\sqrt{X^{6}}\bmod{p*q}\equiv X^{3}$$
 * 3) divide the cube by $$X^{3}$$ deriving $$(1+\sqrt[3]{-1})^{3}\bmod{p*q}$$
 * 4) Since $$(1+\sqrt[3]{-1})^{3}\bmod{p*q}\equiv 6*\sqrt[3]{-1}-3$$ then add 3 and divide by 6 giving $$\sqrt[3]{-1}$$
 * 5) Note: You might have to get the right modular square root for this procedure to work.

There is only a cube root of -1 mod p*q when there is a square root of -3 mod p*q
For modula of 1 mod 4, based upon proofs in the wiki article, Eisenstein integer, there is only a cube root of -1 mod p*q when there is also a square root of -3 mod p*q.

The Formula of 2^(-1)*(1+(-3)^(1/2)) mod p*q
(-1)^(1/3) Seems To Work For 3 Mod 4 Semiprimes As Well===== If we try 3 mod 4 semiprimes with the formula: $$2^{-1}*(1+\sqrt{-3})\bmod{p*q}\equiv \sqrt[3]{-1}$$ we find that the equation works for these semiprimes as well:

Try this Mathematica function try888[p_, q_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a1 = NextPrime[p]; For[a2 = 1, a2 <= 10, a2++, a3 = NextPrime[q]; For[a4 = 1, a4 <= 10, a4++, If[Mod[a1, 4] == 3 && Mod[a3, 4] == 3, If[IntegerQ[PowerMod[-3, 1/2, a1 a3]], a6 = PowerMod[-3, 1/2, a1 a3]; a5 = Mod[PowerMod[2, -1, a1 a3] (1 + a6), a1 a3]; Print[{{a1, a3}, a6, a5, Mod[-(a5)^3, a1 a3]}]; a3 = NextPrime[a3]; ];    ];    a1 = NextPrime[a1]; ];  ];  ]

and get the following answers:

try888[72, 66] P, Q, (-3)^(1/2), (-1)^(1/3}, 1 {{79,67},126,2710,1} {{127,67},1817,909,1} {{199,67},611,306,1} {{271,67},1683,842,1} {{283,67},477,239,1} {{367,67},2002,13296,1} {{439,67},343,172,1} {{487,67},11666,22148,1} {{547,67},1013,507,1} {{607,67},6491,3246,1}

Notes On Polar Coordinates Of Roots Of -1 In 3 Mod 4 Semiprime Modula
Although we have found a case above where the 3 mod 4 semiprime had the third root of -1, according to the DeMoivre's Theorum, this will usually not be the case in 3 mod 4 semiprimes, for two reasons:


 * 3 mod 4 semiprime modula cannot have arithmetic inverses both be quadratic numbers. Thus if $$X^{2}\bmod{p*q}$$ exists then $$-X^{2}\bmod{p*q}$$ will not have a square root.  Thus there can be no quad roots of -1 since the polar coordinates are necessarily 1) $$\sqrt{2}^{-1}$$ and $$\sqrt{2}^{-1}*\sqrt{-1}\equiv \sqrt{-2}^{-1} $$. Since if there is a $$\sqrt{2}\bmod{p*q}$$ there cannot be a $$\sqrt{-2}\bmod{p*q}$$ for 3 mod 4 semiprime modula, then there cannot be quad roots of -1 in 3 mod 4 semiprime modula


 * Since there cannot be $$\sqrt{-1}\bmod{p*q}$$ for 3 mod 4 semiprime modula, then any appearance of this term, by itself, within the Sin(Theta/n) or Cos(Theta/n) coefficients will necessarily mean that the Nth root of -1 cannot happen in 3 mod 4 semiprime modula.

Quest For The Third Root of -1
If $$\sqrt[3]{-1}\bmod{p*q}=a$$ and $$(1+\sqrt[3]{-1})^{3}\bmod{p*q}=(1+a)^{3}\equiv 6*a-3$$ due to the fact that $$a^{2}\bmod{p*q}\equiv a-1$$, then


 * $$a(a-1)\bmod{p*q}\equiv -1$$ ('a' is the cube root of -1 mod p*q).

By empirical observation I also note that:


 * $$(1+a)^{-1}\bmod{p*q}\equiv (-3*x-1)$$ and $$(1+a)^{-3}\bmod{p*q}\equiv (-2*x-1)$$

Also note that $$(1+a)^{2}\bmod{p*q}\equiv 3*a$$ and that $$(3*a)^{-1}\bmod{p*q}\equiv (-a+1)^{-1}*3^{-1}\equiv (-3*x-4*3^{-1})$$

This means that the following sequence of equations can be made to solve for $$a$$ and $$x$$ (See Mathematica below):

PowerMod[3,-1, 337 577]==129633

Reduce[(a + 1) (-3 x - 1) == 1 && (6 a - 3) (-2 x - 1) == 1 && a - 9 x == 5 && (3 a) (-3 x - 4 129633) == 1, {a, x}, Modulus -> 337 577] (a == 4253 && x == 472) || (a == 68877 &&   x == 180496) || (a == 125573 && x == 13952) || (a == 190197 &&    x == 193976)

Mod[4253^3, 337 577]==-1

Also note that

a == 9*x+5 ==9*472+5==4253

This above equation seems to hold for all 1 mod 4 semiprime modula. The general equation to solve for $$x$$ seems to be:

Solve[81 (x + 1) x == -21, {x}, Modulus -> 337 577] {{x -> 472}, {x -> 13952}, {x -> 180496}, {x -> 193976}}

(with Gauss's modular quadratic work, it is necessary to solve for the square root of (-3/81)).

and the general equation to solve for the cube root of -1 for the modulus $$337*577$$ (noting that $$2^{-1}\bmod{337*577}\equiv 97225$$) seems to be:

Expand[(a + 1) (-3 (a - 5) 97225 - 1) - (6 a - 3) (-2 (a - 5) 97225 - 1)] 4375121 - 5250145 a + 875025 a^2 == 0 for modulus 337*577.

Equations With X when 9*x+5 is cube root of -1
Since $$\sqrt[3]{-1}+\sqrt[3]{-1}^{2} \bmod{p*q}\equiv \sqrt{-3}$$ then $$9*x+5+9*x+4\bmod{p*q}\equiv 18*x+9\equiv \sqrt{-3}$$

Some more formulas for $$x$$ where $$9*x+5\bmod{p*q}\equiv \sqrt[3]{-1}$$ are


 * $$125 + 675 *x + 1215* x^{2} + 729* x^{3}\bmod{p*q}\equiv -1$$
 * $$7*(27 x^{2})^{-1} + x^{-1}\bmod{p*q}\equiv -1$$
 * $$(540 *x^{2} + 729* x^{3})\bmod{p*q}\equiv 49$$
 * $$(-540 *x + 729* x^{3})\bmod{p*q}\equiv 189$$
 * $$-(-60*\sqrt[3]{-1} + 729* x^{3})\bmod{p*q}\equiv 111$$
 * $$(4* \sqrt[3]{-1} + 5) (\sqrt[3]{-1} + 13) (\sqrt[3]{-1} - 2)\bmod{p*q}\equiv -183$$
 * $$1350 + 6669* x + 8829* x^{2} + 2916* x^{3}\bmod{p*q}\equiv -183$$
 * $$(4*\sqrt[3]{-1} - 9) (\sqrt[3]{-1} - 14) (\sqrt[3]{-1} + 1)\bmod{p*q}\equiv 183$$
 * $$-594 - 2241 *x - 81* x^{2} + 2916* x^{3}\bmod{p*q}\equiv 183$$
 * $$5 + 39* x + 99* x^{2} + 81* x^{3}\bmod{p*q}\equiv 3^{-1}$$
 * $$x*(x+1)\bmod{p*q}\equiv -21*81^{-1}$$
 * $$(3* x + 1) (3* x + 2)\bmod{p*q}\equiv 2 + 9 *x+9*x^{2}\equiv -3^{-1}$$
 * $$(9*x+4)(9*x+5)\bmod{p*q}\equiv -1$$
 * $$(1 + 5 *x + 6* x^{2}) (9* x + 4)\bmod{p*q}\equiv 4 + 29* x + 69* x^{2} + 54* x^{3}\equiv 9^{-1}$$
 * $$(-3* x - 4*3^{-1}) (9* x + 5)\bmod{p*q}\equiv 3^{-1}$$
 * $$-7*x^{-1}-27*x\bmod{p*q}\equiv 27$$
 * $$7*x^{-2} + 27* x^{-1}\bmod{p*q}\equiv -27$$
 * $$7*x^{-1}+27*(x+1)\bmod{p*q}\equiv 0$$


 * $$(7*x^{-1}-27*(x))^{-1}\bmod{p*q}\equiv 2*x+1\equiv -(1+\sqrt[3]{-1})^{-3}$$


 * $$7*x^{-1}+3*(\sqrt[3]{-1}+4)\bmod{p*q}\equiv 0$$
 * $$7*x^{-1}+3*\sqrt[3]{-1}\bmod{p*q}\equiv -12$$
 * $$7*x^{-1}+(-3* x - 4*3^{-1})^{-1}\bmod{p*q}\equiv -12$$

(Factoring $$(27*(-7^{-1} \bmod{p*q})(x+x^{2})\equiv x*x^{-1}$$ will reveal both x and x^{-1} but we don't have the full sum of $$x+x^{2}$$, only the residue).


 * $$((20/(3 *x)) + (7/(3* x^{2})))* (\sqrt[3]{-1} + 4)\bmod{p*q}\equiv -21$$
 * $$(20)*(3* x)^{-1} + 7*(3* x^{2})^{-1} + 5 \bmod{p*q}\equiv \sqrt[3]{-1}$$
 * $$7*x^{-3} + 20*x^{-2}\bmod{p*q}\equiv 27$$
 * $$13* (x^{2} - x)\bmod{p*q}\equiv 54*x^{4}+7$$
 * $$(50* x - 52* (-21*81^{-1}) - 7) (-54* x - 7)^{-1}\bmod{p*q}\equiv -25*27^{-1}$$
 * $$(7 (x^{-1}) + 18) (\sqrt[3]{-1} + 1)\bmod{p*q}\equiv 9$$
 * $$(7* x^{-1} + 15) (\sqrt[3]{-1})\bmod{p*q}\equiv 3$$
 * $$(7*x^{-1} + 12)\bmod{p*q}\equiv -3*\sqrt[3]{-1}$$
 * $$7*x^{-1} + 20\bmod{p*q}\equiv 27*x^{2}$$
 * $$7 + 20*x\bmod{p*q}\equiv 27*x^{3}$$
 * $$81*\sqrt{-3} + 42*\sqrt{-3}*x^{-1}\bmod{p*q}\equiv 27$$

You'll notice with the following three equations for x that x increments by (3*x+1) and the sum is (3*x+1)(3*x+2). That is an unusual pattern, and if the sum were known instead of the residue it would be trivial to figure out x.


 * $$x*(x+1)\bmod{p*q}\equiv -21*81^{-1}$$
 * $$(3* x + 1) (3* x + 2)\bmod{p*q}\equiv 2 + 9 *x+9*x^{2}\equiv -3^{-1}$$
 * $$(9*x+4)(9*x+5)\bmod{p*q}\equiv -1$$
 * $$(27* x + 13) (27* x + 14) \bmod{p*q}\equiv -7$$

The inverse definition is $$(1+\sqrt[3]{-1})^{-1}\bmod{p*q}\equiv -(1+\sqrt[3]{-1})*3^{-1}+1$$ so the inverse is almost exactly -1/3 of the sum.

The inverse $$(1+\sqrt[3]{-1})^{-2}\bmod{p*q}\equiv -(\sqrt[3]{-1})^{2}*3^{-1}\equiv -(\sqrt[3]{-1}-1)*3^{-1}$$ so the inverse is almost exactly -1/9 of the sum.

The inverse $$(1+\sqrt[3]{-1})^{-3}\bmod{p*q}\equiv -(1+\sqrt[3]{-1})^{3}*27^{-1}\equiv -(2*x+1)$$ so the inverse is almost exactly -1/27 of the sum.

These last three equations unwind the exponentiation to become division in the inverses.

These formulas are remarkable in that all 1 mod 4 semiprimes seem to have these equations equal 49 or 189.

Mathematica Procedure To Find Cube Roots of -1 Of Large Prime Modula
The following Mathematica procedure will isolate x from 1/x or x^2. It will find


 * $$( 7* a /((a + x)) - 7)) (x + 1)$$

where $$x+a==500$$ (this is the guess for the value of x). It starts with the remarkable facts that $$7/x-27 x \bmod{p*q}\equiv 27$$ and $$x^{2}+x\bmod{p*q}\equiv -21*81^{-1}$$.

This is another way of solving


 * $$x^{2}+x \bmod{p*q}\equiv -21 *81^{-1}$$

In fact if the guess, $$x+a=7$$ then the equation reduces to
 * $$(a-7)(x+1)$$ which is easier to work with.

If we use the following Mathematica command: Factor[Expand[(a-7)(x+1)+7-(a+x)+8(x+a)]] we get the equation $$a(x+8)$$

try888[a_, m_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a1 = Mod[-21 PowerMod[81, -1, m], m]; (* x^2+x *); a2 = a;   (* x+a *); a3 = Mod[a (27 + a2 27) - 7, m]; (* (x+a)(7/x+27 a) *); a4 = Mod[a3 PowerMod[27 a2, -1, m], m]; (* 7 a /(x(27 a2)) + a *); a5 = Mod[a4 - a2, m]; (* (7 a/(x (27 a2)) - x *);   a6 = Mod[a5 27 - 27, m];    (* ( 7a /(x( a2))-7/x *); a7 = Mod[a6 a1, m]; (* ( 7 a /((a2))-7))(x+1) *);  (* x is isolated from 1/x or x^2 *);  (* Solve for x *);  a8 = Solve[(7 aa1 PowerMod[27 a, -1, m] 27 - 7) (x + 1) == a7 &&      x + aa1 == a, {x, aa1}, Modulus -> m];   Print[{a8}];  (* Verify (9 x +)^3 === -1 *);  Print[{Mod[-(9 (x) + 5)^3, m] /. a8}];   ]

Some runthrus

try888[500, 337 577]

p768 = 334780716989568987860441698482126908177047949837137685689124313\ 88982883793878002287614711652531743087737814467999489

q768 = 367460436667995904282446337996279526322791581643430876426760322\ 83815739666511279233373417143396810270092798736308917

In[7]:= p7 = NextPrime[p768, 1]

Out[7]= 33478071698956898786044169848212690817704794983713768568912431\ 388982883793878002287614711652531743087737814467999749

In[8]:= q7 = NextPrime[q768, 1]

Out[8]= 36746043666799590428244633799627952632279158164343087642676032\ 283815739666511279233373417143396810270092798736309087

try888[500, q7 ]

try888[500, p7 ]

To isolate a where x+a is known try the following procedure

try888[a_, m_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20}, a1 = Mod[-21 PowerMod[81, -1, m], m]; (*x^2+x*); a2 = a; (*x+a*); a3 = Mod[a (27 + a2 27) - 7, m]; (*(x+a)(7/x+27 a)*); a4 = Mod[a3 PowerMod[27 a2, -1, m], m]; (*7 a/(x(27 a2))+a*); a5 = Mod[a4 - a2, m]; (*(7 a/(x (27 a2))-x*); a6 = Mod[a5 27 - 27, m];  (*(7a/((a2))-7)/x*);  a7 = Mod[a6 a1, m]; (* ( 7 a /((a2))-7))(x+1) *); a10 = Mod[7 PowerMod[a2, -1, m], m]; a11 = Mod[a2^2 a10, m]; a12 = Mod[a11 - 2 a7, m]; (* (7/a2)(x^2+a^2)-2 (7/a2) a +14 (x+1)*) a14 = Mod[a10 (472^2 + 28^2) - (a10) 2 28 + 14 473, m]; a15 = Mod[(a12) - a10 (-21 PowerMod[81, -1, m] + a2) - 14 a2, m]; a16 = Mod[a10 (28 + 28^2) - 2 (a10 28) - 14 28, m]; (* a is isolated *) a17 = Solve[a10 (ab + ab^2) - 2 (a10 ab) - 14 ab == a15, {ab}, Modulus -> m]; (* (7/guess)(a+a^2)-2(7/guess)a-14 a *) Print[{a12, a14}]; (* answer for modulus 337*577 found *) Print[{a15, a16}]; (* solve for a for large prime modula *) Print[a17]; ] a runthrough try888[500, 337 577]

{159088,159088}

{74287,74287}

{{ab->28},{ab->973},{ab->14453},{ab->180997}}

This procedure will find the guess (a) in the form of


 * $$(7/guess) (a + a^2) - 2 (7/guess) a - 14 a$$
 * where $$guess=x+a$$

If the guess is 7 then the equation reduces to


 * $$a^{2}-15*a$$

which is easier to work with.

The Following Powers Of X equal 0
A fascinating feature of X is that the sum of various powers of x always equals 0.

The Mathematica below shows this. Note the equations are always $$7*x^{n}+27(x^{n+1}+x^{n+2}) \bmod{p*q}\equiv 0$$:

Table[{x, Mod[PowerMod[472, -(x + 2), 337 577] 7 + 27 (PowerMod[472, -(x + 1), 337 577] +        PowerMod[472, -(x), 337 577]), 337 577]}, {x, 1, 10}] // Grid

(Debug) Out[12]= \!\( TagBox[GridBox[{ {"1", "0"}, {"2", "0"}, {"3", "0"}, {"4", "0"}, {"5", "0"}, {"6", "0"}, {"7", "0"}, {"8", "0"}, {"9", "0"}, {"10", "0"} },

and

Table[{x, Mod[PowerMod[472, x, 337 577] 7 + 27 (PowerMod[472, (x + 1), 337 577] +        PowerMod[472, (x + 2), 337 577]), 337 577]}, {x, 1, 10}] // Grid

{"1", "0"}, {"2", "0"}, {"3", "0"}, {"4", "0"}, {"5", "0"}, {"6", "0"}, {"7", "0"}, {"8", "0"}, {"9", "0"}, {"10", "0"} },

Various Equations For (7/x+27 x)^2
If we take the realisable equation (the sum, not the residue)

(7 PowerMod[472, -1, 337 577] + 27 472)^2

37799914084 Since this sum is always the residue of (-27)^2, no matter what the p*q, then this sum is quickly realisable within 34 possible numbers.

This sum is also the following equation 1 4 27 337 577 472 -  4 27 27 (472^2 + 472) + (-7 PowerMod[472, -1, 337 577] + 27 472)^2

37799914084

Notice another low modulus

(7 PowerMod[1720, -1, 97 73] + 27 1720)^2

4057944804

9   4 27 1720 73 97 -  4 27 27 (1720^2 + 1720) + (-7 PowerMod[1720, -1, 97 73] + 27 1720)^2

4057944804

Notice how the multiplier in red is always low, my researches indicate it will always be between 1 and 27, no matter how large the number is

Another low modulus

(7 PowerMod[844, -1, 67 73] + 27 844)^2

859603761

6 4 27 844 73 67 - 4  27 27 (844^2 + 844) + (-7 PowerMod[844, -1, 67 73] + 27 844)^2

859603761

Now let's take a large number. Interestingly the large RSA numbers of around 600 bits to 750 bits don't have cube roots of -1 (no square roots of -3). Perhaps they were designed not to. However, we can try out primes adjacent to these numbers, which will have cube roots of -1 mod p*q.

let's take RSA-768 which was factored a few years ago.

qq = \ 3674604366679959042824463379962795263227915816434308764267603228381573\ 9666511279233373417143396810270092798736308917

pp = 33478071698956898786044169848212690817704794983713768568912431388\ 982883793878002287614711652531743087737814467999489

now get x number

Solve[81 (x^2 + x) == -21, {x}, Modulus -> NextPrime[qq, 1]]

{{x -> 1085902225714292909528405924005436342997206389671207865063712474965\ 6480166883451577930018604815010297714820350940868},

}

Solve[81 (x^2 + x) == -21, {x}, Modulus -> NextPrime[pp, 1]]

{{x -> 9908924269737473060489962247148555494388931671897720886095195362894\ 007181408094477524590786903090300437941505529569}, {x -> }

SS is the X number associated with the cube root of -1

ss = ChineseRemainder[{\ 1085902225714292909528405924005436342997206389671207865063712474965648\ 0166883451577930018604815010297714820350940868,   9908924269737473060489962247148555494388931671897720886095195362894\ 007181408094477524590786903090300437941505529569}, {NextPrime[qq, 1], NextPrime[pp, 1]}]

4375045719360799277111179417581904093171804109852946387918123\ 7779057042900790184181770653489280098352117595833705399124586219099662\ 8280520656291170940173641183140966763633985007962962933885697665175242\ 118352407342905904895300576268

create the modulus (it's not an RSA number but close to an actual RSA number

mo = NextPrime[pp, 1] NextPrime[qq, 1] 1230186684530117755130494958384962720772853569595334792197322\ 4521517264005072636575187452021997864693899564749427893090894673831236\ 3127456739364769363131942239210345690548131094423078477949267226430938\ 3518878918414737015987902419163

create the (7/x+27x)^2 sum (not the residue)

n1 = (7 PowerMod[ss, -1, mo] + 27 ss)^2 1513359278795203462908039994573225983635087960749583410587171\ 4438024587283531274752137527463757233272031971826952289102948803903822\ 3917106024833705284808208639947404748563975464966277329159186123596368\ 0716549697555137108153732037194637287966619458314178093014467221966369\ 8081590541083770294744287928011199456090725133365037403696451491888971\ 4120305912820533025681483173054808399518010039376732015590690386893522\ 370474704678084235130730749195439444679177307655709609

get the number in the above sum that is a multiple of 4 27 p q x

n2 = n1 + 4 27 27 (ss^2 + ss) - (-7 PowerMod[ss, -1, mo] + 27 ss)^2 5812692827221597331851013445025210565593955729649624284393586\ 4660278304216343007746509463826095556032893247149222779236409443300877\ 3604164579791094387152090749860509534324980834525552731784172358572341\ 9685295413208802853376799827036569030424254321102258334756199509532351\ 8681734085031736277755372871097557994214597499542946255781936520491782\ 7849944397315644355891105464327580185274955215111850497926629058719544\ 474956898565206613925783812076356419828800001121578720

confirm that the multiplier of this above term is between 1 and 27, even though the number is a 750 bit number

n3 = n2/(mo 4 27 ss)

10

Estimates of X can be had from (7/x+27 x)^2
Given

(7 PowerMod[472, -1, 337 577] + 27 472)^2

37799914084

37799914084/4

9449978521

(4 27 337 577 - 4 27 27 ) 450

9448909200 You can see that in the above sum the estimate of 450 is close to the answer of 472, around 5 percent.

My examinations of the four examples for (7/x+27 x)^2 yield a multiplier of (1/4, 1/3, and 3) in order to achieve an estimate of X around 95 percent correct. In other words around 16 possiblities (1/4, by 1/4 up to 3) fits all four of my examples.

The next example will have a multiplier of 3 6 4 27 844 73 67 - 4 27 27 (844^2 + 844) + (-7 PowerMod[844, -1, 67 73] + 27 844)^2

859603761

3 859603761

2578811283

(6 4 27 67 73 - 4 27 27) 844

2672485488

(6 4 27 67 73 - 4 27 27) 815

2580658380 Again an estimate of around 95 percent. If you split 337*577 into 20 equally distant numbers and your answer was 472, then the closest estimate would have been 9000, a lot further away from the answer than 450 we arrived at with our calculation. So the rough estimate is better than random.

Another small example 9 4 27 1720 73 97 - 4 27 27 (1720^2 + 1720) + (-7 PowerMod[1720, -1, 97 73] + 27 1720)^2

4057944804

(3 4 27 73 97 - 4 27 27) (1750)

4009824000 So the estimate again with 5 percent of the number The multiplier was 1/3 in this case

A big example follows. The multiplier is 3 in this case

xx = 15133592787952034629080399945732259836350879607495834105871714438\ 0245872835312747521375274637572332720319718269522891029488039038223917\ 1060248337052848082086399474047485639754649662773291591861235963680716\ 5496975551371081537320371946372879666194583141780930144672219663698081\ 5905410837702947442879280111994560907251333650374036964514918889714120\ 3059128205330256814831730548083995180100393767320155906903868935223704\ 74704678084235130730749195439444679177307655709609

mo = \ 1230186684530117755130494958384962720772853569595334792197322452151726\ 4005072636575187452021997864693899564749427893090894673831236312745673\ 9364769363131942239210345690548131094423078477949267226430938351887891\ 8414737015987902419163

1230186684530117755130494958384962720772853569595334792197322\ 4521517264005072636575187452021997864693899564749427893090894673831236\ 3127456739364769363131942239210345690548131094423078477949267226430938\ 3518878918414737015987902419163

Multiply the hidden sum by three

3 10 4 27 mo ss

Out[49]= 1743807848166479199555304033507563169678186718894887285318075\ 9398083491264902902323952839147828666809867974144766833770922832990263\ 2081249373937328316145627224958152860297494250357665819535251707571702\ 5905588623962640856013039948110970709127276296330677500426859852859705\ 5604520225509520883326611861329267398264379249862883876734580956147534\ 8354983319194693306767331639298274055582486564533555149377988717615863\ 3424870695695619841777351436229069259486400003364736160

Now print the (7/x+27 x)^2 number In[44]:= xx = \ 1513359278795203462908039994573225983635087960749583410587171443802458\ 7283531274752137527463757233272031971826952289102948803903822391710602\ 4833705284808208639947404748563975464966277329159186123596368071654969\ 7555137108153732037194637287966619458314178093014467221966369808159054\ 1083770294744287928011199456090725133365037403696451491888971412030591\ 2820533025681483173054808399518010039376732015590690386893522370474704\ 678084235130730749195439444679177307655709609

It may be hard to see from the printout of the mathematica but the order of the two numbers is the same and the first three digits of both are 151 and 174, which is around 15 percent off. If the multiplier was 2.75 then the calculation would have been less than 1/15 off.

Thus (7/x+27 x)^2 can be used to give a rough estimation of the X number.

If Mathematica Can Factor The Modulus X Can Be Determined With The Following Command
In[15]:= Reduce[ 7/x^3 + 27/x^2 + 34/x + 27 x == 7/x^2 + 27/x == -27, {x}, Modulus -> 337 577]

Out[15]= x == 472 || x == 13952 || x == 180496 || x == 193976

13*x+27*x^4 obtained
Understanding that $$(7/x)+27*x \bmod{p*q}\equiv -27$$ then $$(-27)^{2}-2*7*27\bmod{p*q}\equiv (49/x^{2})+27^{2}*x^{2}$$. Multiplying (-27)^2-2*7*27 by $$x^{2}+x\bmod{p*q}\equiv -21/81$$ get


 * $$49+(49/x)+27^{2}*x^{4}+27^{2}*x^{3}$$. Subtracting 49 and $$7*((7/x)+27*x)$$ and dividing by 27 we get
 * $$-7x+27*x^{4}+27*x^{3}$$. Knowing that $$(x^{2}+x)^{2}\bmod{p*q}\equiv x^{4}+2*x^{3}+x^{2}$$ we suddenly

construct:


 * $$2*(-7*x+27*x^{4}+27*x^{3})-27*(x^{2}+2*x^{3}+x^{4})\bmod{p*q}\equiv 27*x^{4}-27*x^{2}-14*x$$

Thus:


 * $$27*x^{4}-27*x^{2}-14*x+27*(x^{2}+x)\bmod{p*q}\equiv 27*x^{4}+13*x$$

oh yea,


 * $$13* (x^{2} - x)\bmod{p*q}\equiv 54*x^{4}+7$$

Formulas for x, x^2, and x^3 where 9*x+5 is the cube root of -1
An example of how formulas for x, x^2 and x^3 can be found where 9*x+5 is the cube root of -1 mod p*q follows:

I have first of all determined that:


 * $$35*9^{-1}+8*x-12*x^{2}-27*x^{3}\bmod{p*q}\equiv 0==6*1000000009*2400000061$$

and that


 * $$x^{2}+x\bmod{p*q}\equiv -21*81^{-1}$$

Please also note that the integer value of both sums above is low. For the first sum it varies by the modulus but will always be from -50 to +50. It is 6 for the 1000000009*2400000061.

The second sum can also be treated as an integer. Simply take the


 * $$-21 *81^{-1}$$

First, determine x for our testing purposes:

Solve[81 (x^2 + x) == -21, {x}, Modulus -> 1000000009 * 2400000061]

{{x -> 495617883584492178}, {x -> 980012060696177200}, {x -> 1419988021903823348}, {x -> 1904382199015508370}}

Now note, if we treat x^2 as y as x^3 as z we can get an Integer equation instead of a modular equation. Therefore, we don't have to factor the modulus.

Solve[35 PowerMod[9, -1, 1000000009 2400000061] + 8 x1 - 12 y - 27 z == 6 1000000009 2400000061 && x1 + y == -18044445065474078202 , {x1, y, z}, Integers]

Note that just above we have created a fourth variable, C[1], which describes x y=Mod[x^2, p*q] z=Mod[x^3,p*q]

So an answer for x, x^2, and x^3 is

Mod[(495617883584492178 - 6) PowerMod[27, -1, 1000000009 2400000061], 1000000009 2400000061]=551689569599425758

Mod[495617883584492178^2, 1000000009 2400000061] =659937711741434012 Mod[-18044445065474078208 - 27 551689569599425758, 1000000009 2400000061]=659937711741434012

Mod[495617883584492178^3, 1000000009 2400000061] =11568790418142273

Mod[8177778059229631505 + 20 551689569599425758, 1000000009 2400000061] = 11568790418142273

It's hard to go further than this except to say that $$9*x+5\bmod{p*q}\equiv \sqrt[3]{-1}$$.

The equations for C[1], for 551689569599425758 in our example, can be manipulated a bit.

If we set C[1] to be 'a', then we note that $$(x-6)=27*a$$ and that $$-21*81^{-1}-6*7\bmod{1000000009 *2400000061}\equiv ((x-6)+13)(x-6)\equiv (27*a)+13)(27*a)\equiv 27*(27*a^{2}+13*a)$$

Thus we can arrive at $$27*a^{2}+13*a$$ where $$a=(x-6)/27$$. Some of the details of this equation may change with different modulus, in particular the $$(x-6)/27==a$$

We can take this a bit further with the equation

Mod[(27 27 ( 551689569599425758)^2 +    13 27 ( 551689569599425758) + 36) - 27 551689569599425758, 1000000009 2400000061]= 659937711741434012

where

Mod[495617883584492178^2, 1000000009 2400000061]=659937711741434012

So $$27(27*a^2+13*a)-27 a==x^{2}$$

If we take $$(6+27*x_{1})^{2}-(-18044445065474078208 - 27*x_{1})\bmod{1000000009 * 2400000061}\equiv 0$$ and expand out the square we can get an absolute sum that is enumerable. It will be between 0 and 1000 lets say, even for large numbers.

As such the following sum equals $$477*p*q$$ (36 + 2 27 6 551689569599425758 +   27 27 1279989787935977699 - (-18044445065474078208 -      27  551689569599425758))/(1000000009  2400000061)=477

Solve[(36 + 2 27 6 x + 27 27 y - (-18044445065474078208 - 27 x)) == 477 (1000000009 2400000061), {x, y}, Integers]

note that this C[1] for this equation is 1/27 of the first equation for the 9*x+5==cube root of -1 mod p*q

The important thing to note is that these sums are enumerable. Even though I would have to guess what multiple of the modulus these sums equal, the multiple is quite achievable as it will be below 1000 for most of the time.

However, the new number C[1] seems to have no quick way of being determined.

-21*81^{-1}+1 defined
If we take the inverse definition of $$-21*81^{-1}\bmod{p*q}\equiv x^2+x$$ we come up with


 * $$(x^{4}-x^{2})*(x^{2}-x)^{-1}\bmod{p*q}\equiv (x^{3}-x)*(x-1)^{-1}$$

As such


 * $$-21*81^{-1}+1 \bmod{p*q}\equiv (x^{3}-1)*(x-1)^{-1}$$

I haven't been able to go further with this equation, however.

x^2, x^3 and x^4 defined in terms of x where 9*x+5 is a cube root of -1
Taking the Integer equations of the previous section it does seem we can solve as a modular (without factoring the modulus) by adding


 * $$(-21*81^{-1})^{2}\equiv x^{2}+2x^{3}+x^{4}\equiv y+2z+x4$$

Solve[35 PowerMod[9, -1, 1000000009 2400000061] + 8 x1 - 12 y - 27 z == 6 1000000009 2400000061 && x1 + y == -18044445065474078202 && (y + 2 z + x4) == (-18044445065474078202 )^2, {x1, y, z, x4}, Modulus -> 1000000009 2400000061]

We can now see that x1 is the x value, and y,z, and x4 are powers of x

Mod[(495617883584492178^2 -    1155555595325926190) PowerMod[ 2400000082600000548, -1, (1000000009 2400000061)], (1000000009 \ 2400000061)]= 495617883584492178

Mod[(495617883584492178^3 -    1244444487274074359) PowerMod[ 1155555595325926191, -1, (1000000009 2400000061)], (1000000009 \ 2400000061)]= 495617883584492178

Mod[(495617883584492178^4 -    2367078270767353079) PowerMod[ 88888891948148168, -1, (1000000009 2400000061)], (1000000009 \ 2400000061)]= 495617883584492178

This Solve command works for large modula as well. Take RSA768, the largest factored number to date, and you get.

RSA768 = 1230186684530117755130494958384962720772853569595334792197322\ 4521517264005072636575187452021997864693899564749427740638459251925573\ 2630345373154826850791702612214291346167042921431160222124047927473779\ 4080665351419597459856902143413

(Debug) In[9]:= Solve[ 35 PowerMod[9, -1, RSA768] + 8 x1 - 12 y - 27 z == 0 && x1 + y == -21 PowerMod[81, -1, RSA768] && (y + 2 z + x4) == (-21 PowerMod[81, -1, RSA768])^2, {x1, y, z, x4}, Modulus -> RSA768]

(Debug) Out[9]=

I was able to get a further series of equations for a Mathematica Integer Solve command. These Integer values are achievable although they may take a million repetitions or so.

Solve[49 x4 + 140 x3 + 189 x2 + (540) x1 == 140 PowerMod[495617883584492178, -3, 1000000009 2400000061] + 49 PowerMod[495617883584492178, -4, 1000000009 2400000061] + 189 PowerMod[495617883584492178, -2, 1000000009 2400000061] + 540 PowerMod[495617883584492178, -1, 1000000009 2400000061] && 7 x1 + 27 x == 7 PowerMod[495617883584492178, -1, 1000000009 2400000061] + 27 495617883584492178 &&   7 x2 + 27 x1 == 7 PowerMod[495617883584492178, -2, 1000000009 2400000061] + 27 PowerMod[495617883584492178, -1, 1000000009 2400000061] && x22 + x == 495617883584492178 +    PowerMod[495617883584492178, 2, 1000000009 2400000061] && 7 x3 + 20 x2 == 7 PowerMod[495617883584492178, -3, 1000000009 2400000061] + 20 PowerMod[495617883584492178, -2, 1000000009 2400000061] , {x, x22, x4, x3, x2, x1}, Integers]

Notice that 2401 is a bigger value than 189 in the other equations and 255879 is getting bigger for $$x^{-4}$$

A Residue for (7/x+27 x)^2 with a strange modulus
Out sum (7/x+27 x)^2 can be rewritten as (4 27 337 577 - 4 27 27 -    2 27 (7 PowerMod[472, -1, 337 577] + 27 472)) 472 - 27 27 472^2 + 49 PowerMod[472, -1, 337 577]^2

Out[13]= 37799914084

Then using the modulus, (4 27 337 577 - 4 27 27 -    2 27 (7 PowerMod[472, -1, 337 577] + 27 472)) (as (7 PowerMod[472, -1, 337 577] + 27 472) can be quessed) we have the following interesting residue

Mod[37799914084, (4 27 337 577 - 4 27 27 -   2 27 (7 PowerMod[472, -1, 337 577] + 27 472))]

4277284 which as the difference of two squares can be rewritten as

Mod[-(27 472 -     7 PowerMod[472, -1, 337 577]) PowerMod[(27 472 +      7 PowerMod[472, -1, 337 577]), 1, ((4 27 337 577 - 4 27 27 -      2 27 (7 PowerMod[472, -1, 337 577] +          27 472)))], ((4 27 337 577 - 4 27 27 - 2 27 (7 PowerMod[472, -1, 337 577] + 27 472)))]

4277284 However, (7 PowerMod[472,-1,337 577]+27 472) is always a large factor of the resulting modulus we are using.

x^(-1)-x mod 17 is found
The following equations can find $$-x^{-1}+x\bmod{17}\equiv 2(7*x^{-1}+27*x)\bmod{17}$$

You actually have to make a correct number for $$7*x^{-1}+27*x$$ (not a residue) for this to work.

Mod[2 ( 7 PowerMod[472, -1, 337 577] + 27 472), 27 + 7]= 20 Mod[(27 - 7) (- PowerMod[472, -1, 337 577] + 472), 27  +  7]= 20

thus -472^{-1}+472 mod 17 == 1

Mod[(- PowerMod[472, -1, 337 577] + 472), 17]= 1

Similarly, for the modulus of 47 and the sum $$20*Mod[x^{2}, p*q]+27*Mod[x^{3},p*q]$$, the following Mathematica is shown

Mod[2 (20 Mod[472^2, 337 577] + 27 Mod[472^3, 337 577]), 47]= 39

Mod[(-7 Mod[472^2, 337 577] +    7 Mod[472^3, 337 577])]= 39

Mod[(-7 Mod[472^2, 337 577] +    7 Mod[472^3, 337 577]) PowerMod[7, -1, 47], 47]= 19

Mod[(-Mod[472^2, 337 577] + Mod[472^3, 337 577]), 47]= 19

Taking Higher Roots Of 1 Mod P
Dropping into Mathematica and getting the complex coefficients of mod p. In this case for $$cos(\Pi/24)$$ and $$sin(\Pi/24)$$ we get:

Cos(PI/24)=Mod[PowerMod[2 + PowerMod[2 + PowerMod[3, 1/2, 1153 ], 1/2, 1153 ], 1/2, 1153 ] PowerMod[2, -1, 1153 ], 1153 ]=198 Sin(PI/24)=Mod[PowerMod[2 - PowerMod[2 + PowerMod[3, 1/2, 1153 ], 1/2, 1153 ], 1/2, 1153 ] PowerMod[2, -1, 1153 ], 1153 ]=140 (-1)^{1/2} mod 1153=== 140

Mod[(140 140 - 198)^24, 1153]== -1 Mod[(140 140 - 198)^48, 1153]== 1

Please note that $$\sqrt{-1}\bmod{1153}\equiv 140$$. It is just a coincidence here the both the $$Cos(\Pi/24)=\sqrt{-1}\bmod{1153}$$

Take the following example for the modulus $$337$$

Cos(PI/24)=Mod[PowerMod[2 + PowerMod[2 + PowerMod[3, 1/2, 337 ], 1/2, 337 ], 1/2, 337 ] PowerMod[2, -1, 337 ], 337 ]=185 Sin(PI/24)=Mod[PowerMod[2 - PowerMod[2 + PowerMod[3, 1/2, 337 ], 1/2, 337 ], 1/2, 337 ] PowerMod[2, -1, 337 ], 337 ]=216 (-1)^{1/2} mod 337=== 189

Mod[-148, 337] === 189 Mod[(216 148 - 185)^12, 337]==189 // 12th root of modular imaginary number found here. Mod[(216 148 - 185)^24, 337]== -1 Mod[(216 148 - 185)^48, 337]== 1

The Quad Root Of 1 Defined In Polar Coordinates
If we take the traditional image of polar coordinates with the imaginary number as the delta for the vertical component, we can imagine the two imaginary numbers of the modulus p*q to allow two vectors which one can multiply together. Since the two roots of -1 multiplied together equal the square root of 1, then we can establish a root of 1 instead of a root of -1.

Take the two square roots of -1 mod 113*257 to be 241 and 13123. Take 13077 to be the Cos[Pi/4] and Sin[Pi/4] then multiplying the two polar vectors for the quad roots of -1 should give us the quad root of 1. As in:


 * $$(13077 + 13077 *241) (13077 + 13077 *13123)\bmod{ 113* 257}\equiv 19790 \equiv \sqrt[4]{-1}_{1}*\sqrt[4]{-1}_{2}\equiv \sqrt[4]{1}$$

Now see that $$19790^{2}\bmod{113*257}\equiv \sqrt{1}\equiv 26215$$. We have found the quad root of 1.

Therefore, the Nth root of 1 can be found by multiplying the two different Nth roots for -1, which use different square roots of -1.

Simplifying the quad root of 1 to be:


 * $$14521* (1 + 241 + 13123 + (241* 13123))\bmod{ 113* 257}\equiv 2^{-1}(1+\sqrt{-1}_{1}+\sqrt{-1}_{2}+\sqrt{1})\equiv 19790$$

This further simplifies to:


 * $$14521 (1 + 241) ( 13123 + 1)\bmod{113* 257}\equiv 2^{-1}*(1+\sqrt{-1}_{1})(1+\sqrt{-1}_{2})$$

The Cube Root Of 1 Defined In Polar Coordinates
Taking the argument above to the cube root of 1 mod p*q we get the equation:


 * $$(1 + 3*118286 + 31296*(133263 + 55416))*4^{-1} \bmod{ 337* 577}\equiv 105015 \equiv \sqrt[3]{1}$$

or


 * $$(1 + 3*\sqrt{1} + \sqrt{3}*(\sqrt{-1}_{1} + \sqrt{-1}_{2}))*4^{-1} \bmod{p*q}\equiv \sqrt[3]{1}$$

This above equation should work for 3 mod 4 semiprime modula if there is a $$\sqrt{-3}\bmod{p*q}$$. In this case the equation will be:


 * $$(1 + 3*\sqrt{1} + (\sqrt{-3}_{1} + \sqrt{-3}_{2}))*4^{-1} \bmod{ p*q}\equiv \sqrt[3]{1}$$

So if you know $$\sqrt{1}\bmod{p*q}$$ and one of the $$\sqrt{-3}\bmod{p*q}$$ then you can derive the cube root of 1 mod p*q.

Please note that this equation doesn't seem to exist, or have an analogue, in continuous arithmetic.

Since the Jacobi Symbol is authoritative if it is 0 (nonquadratic number) then if the Jacobi Symbol for -3 is 0 for the p*q modulus, then this means there is no cube root of 1 for mod p*q.

The Cube Root Of 1 As A Quaternion
Check out User:Endo999 for the definition of a modular quaternion.

With the definition above and our definition of the inverse of a quaternion, we should be able to create $$(-1)^{2/3}\bmod{p*q}$$. The math follows:

Mod[(1 + 3 118286 - 31296 (133263 + 55416)) PowerMod[ 4, -1, 337 577], 337 577]=169639

PowerMod[169639, 3, 337 577]=1

the norm of the cube root of 1 is 1 as in:

(1/16) + (3/16) + (3/16) + (9/16)=1

the extra sum of the norm equation, ie $$(1*3-\sqrt{3}^{2}==0)$$ cancels out.

PowerMod[105015, -1, 337 577]=169639

Thus, the cube root of 1 mod p*q is a unit quaternion as well, since its norm = 1.

Conclusion
So the $$\Theta$$ division method is a good way of taking the higher roots of -1 or 1 mod p.

Taking roots by the De Moivre's formula of -1 is a sensible thing to do in modular arithmetic when:


 * 1) the sin(theta) and cos(theta) are rational numbers (a fraction).
 * 2) when the p*q modulus has the square roots and cube roots necessary to do the equations.
 * 3) you know the right $$\sqrt{-1}_{i}\bmod{p*q}$$
 * 4) these equations actually become quickly doable for 1 mod 4 prime modula.

It is also clear that at least for 1 mod 4 prime and semiprime modula that there are universal formulas for the roots, including higher roots, of -1, where a complex modular number is constructed and where the coefficients of the complex number for $$\sqrt[n]{-1}\bmod{p*q}$$ are of the form: $$Sin(\Pi/n)$$ and $$Cos(\Pi/n)$$. This is exactly like that of continuous numbers. The Wikipedia math article, Root_of_unity, has relevant material on just which roots of unity need only modular square roots to be taken:


 * "Gauss proved that a primitive nth root of unity can be expressed using only square roots, additions, subtractions multiplications and division, if and only if it is possible to construct with compass and straightedge the regular n-gon. This is the case if and only if n is either a power of two or the product of a power of two and Fermat primes that are all different."

My examples, shown in this section and just above, show that this above statement is true for modular arithmetic as well.

I also conclude it should be now possible to take a Discrete Fourier transform, using the nth roots of unity found by now. This modular discrete Fourier Transform should be capable of convolution and many of the other properties of the continuous Discrete Fourier Transform.

Chebyshev Polynomials Work With Modular Trigonmetic Numbers
Initial tests with Chebyshev Polynomials indicate that they successfully change modular trigonmetric values in p*q modula. For instance:


 * $$Cos[PI/12] \bmod{337*577}\equiv (1+\sqrt{3})*(2*\sqrt{2})^{-1} \equiv 24550$$


 * $$T_{3} = 4*x^{3}-3*x$$

Thus:


 * $$4*(24550)^3-3*24550\bmod{337*577}\equiv 24251 \equiv \sqrt[-1]{2}\equiv Cos[PI/4]$$

Since $$Cos[3(PI/12)]=Cos[PI/4]$$ I'm pretty sure that Chebyshev polynomials work in modular arthmetic.

If we could invert the Chebyshev polynomials we could quickly establish Cos[PI/4] since Cos[PI]=-1 but we do not seem to be able to do this.

See here for some work using the Chebyshev polynomials.

ChebyShev's Polynomials Can Also Create Answers To Pell's Equation
Chebyshev Polynomials can also be used to quickly generate answers to Pell's Equation, which work in modular arithmetic:

The Chebyshev polynomials can also be defined as the solutions to the Pell equation


 * $$T_n(x)^2 - \left(x^2-1\right) U_{n-1}(x)^2 = 1 $$

in a ring $√2$. Thus, they can be generated by the standard technique for Pell equations of taking powers of a fundamental solution:


 * $$T_n(x) + U_{n-1}(x) \sqrt{x^2-1} = (x + \sqrt{x^2-1})^n. $$

See here for an example in mathematica where $$x=2$$ and so $$d=2 *2-1$$

create first root with x=2 and T_2 Mod[2 2 2 - 1, 89 29]= 7

create second root with x=2 and U_1 Mod[2 2, 89 29]= 4

show Pell's equation

Mod[7 7 - (4 - 1) 4 4, 89 29]= 1

Quadratic Residues And The Imaginary Number For 3 Mod 4 Semiprimes(Blum Integers)
Some of the math in this section builds on matter in the Blum integer Wikipedia article.

If $$X \bmod p*q$$ has a modular square root where $$p*q$$ are both 3 mod 4 primes, then $$-X \bmod p*q$$ Will Not have a modular square root.

This happens since $$Y^{2} \bmod p*q \equiv X \bmod p*q$$ and for $$-X$$ the equation must be $$( \sqrt{-1}*Y )^2 \bmod p*q \equiv -X$$. But it is well known that modula of 3 mod 4 semiprimes (where both p and q are 3 mod 4 primes) cannot have $$\sqrt{-1} \bmod p*q$$. Therefore, the arithmetic inverse of a quadratic number in a 3 mod 4 semiprime modulus must be a nonquadratic number.

Quadratic Residues and the Jacobi Symbol
Therefore, the negative of an actual square in a 3 mod 4 semiprime modulus has to be a nonquadratic. So it is possible to find some nonquadratics with such a modulus. This corrects, sometimes, the Jacoby Symbol, since it will usually report that $$Jacobi[-actualsquare,3mod4semiprime]=quadraticnumber$$ when it cannot be.

A quick look at the Jacobi Symbol of arithmetic inverses in modula of 3 mod 4 semiprimes shows that arithmetic inverses always share the same Jacobi Symbol, and it looks as if when both Jacobi Symbols for $$x \bmod p*q$$ and $$-x \bmod{p*q}$$ always equal 1 that one of the numbers is a quadratic while its arithmetic inverse is a nonquadratic. Note the following Mathematica equations of the modulus, $$19*79$$, for the numbers 1 to 30 and of their arithmetic inverses:

Table[{x, 19 79 - x, JacobiSymbol[x, 19 79], JacobiSymbol[19 79 - x, 19 79], IntegerQ[PowerMod[x, 1/2, 19 79]], IntegerQ[PowerMod[19 79 - x, 1/2, 19 79]]}, {x, 1, 30}]//Grid

x      -x      J[x}    J[-x}   SR[x]   SR[-x] 1	1500	1	1	True	False 2	1499	-1	-1	False	False 3	1498	1	1	False	True 4	1497	1	1	True	False 5	1496	1	1	True	False 6	1495	-1	-1	False	False 7	1494	-1	-1	False	False 8	1493	-1	-1	False	False 9	1492	1	1	True	False 10	1491	-1	-1	False	False 11	1490	1	1	True	False 12	1489	1	1	False	True 13	1488	-1	-1	False	False 14	1487	1	1	False	True 15	1486	1	1	False	True 16	1485	1	1	True	False 17	1484	-1	-1	False	False 18	1483	-1	-1	False	False 19	1482	0	0	True	False 20	1481	1	1	True	False 21	1480	-1	-1	False	False 22	1479	-1	-1	False	False 23	1478	1	1	True	False 24	1477	-1	-1	False	False 25	1476	1	1	True	False 26	1475	1	1	True	False 27	1474	1	1	False	True 28	1473	-1	-1	False	False 29	1472	1	1	False	True 30	1471	-1	-1	False	False

Since 1 is always a quadratic number, then this means that -1 must be a nonquadratic number. Since $$-x=(-1)*x$$ and the Jacobi symbol is multiplicative, this means that if -1 has 1 as a Jacobi Symbol (that the Jacobi symbol says it is quadratic), then $$J(-x)=J(-1)*J(x)=True*True$$. Thus, $$J(x)==J(-x)$$ even though $$x$$ is quadratic and $$-x$$ is nonquadratic. There is no way of telling which arithmetic inverse is $$x$$ and which is $$-x$$. Basically, for 3 mod 4 semiprimes the Jacobi Symbol can only say that either $$x$$ or $$-x$$ is quadratic, it cannot say which one is quadratic.

Considering that 3 mod 4 semiprimes are known as Blum Integers, then Blum integer says the following on this matter:


 * "For every Blum integer n, -1 has a Jacobi symbol mod n of +1, although -1 is not a quadratic residue of n"

Now if you have a Jacoby=1 arithmetic inverse pair and you square one of the numbers, then the resulting square will have to be a quadratic, and then that squares arithmetic inverse has to be a nonquadratic.

Only four roots for RSA semiprimes for power of 2 roots
Seeing that a quadratic number, a square, always has four square roots, $$(\sqrt{X^{2}}\bmod p*q)$$, $$(-\sqrt{X^{2}}\bmod p*q)$$, $$(\sqrt{1}*\sqrt{X^{2}}\bmod p*q)$$, $$(-\sqrt{1}*\sqrt{X^{2}}\bmod p*q)$$ it follows therefore that there can, at most, only be four quad roots for a square of a RSA semiprime. Since the square root of $$\sqrt{1}$$ is $$\sqrt[4]{1}$$ and there cannot be quad roots of 1 for 3 mod 4 semiprimes (see below), and since arithmetic inverses of quadratic numbers cannot both have square roots in 3 mod 4 semiprimes, then, if $$X=16$$ the only square root that can have a square root is $$4$$. This number will have four square roots which will be: $$(\sqrt{1}*2)$$, $$(-\sqrt{1}*2)$$, $$(2)$$, and $$(-2)$$

This is so for octal roots and for all roots that are powers of 2. There will only be four ultimate roots.

There can be no quad roots of 1 per an RSA semiprime. In an earlier section, I have argued that there are NO quad roots of one for 3 mod 4 semiprimes, since the definition of a quad root of one for modulus $$p*q$$ is $$ChineseRemainder[\sqrt{1} \bmod p, \sqrt{-1} \bmod q]$$. Please note once again that there are no $$\sqrt{-1}$$ for 3 mod 4 semiprimes.

How To Find Quad Roots for a 1 mod 4 semiprime
Since there can be at least four square roots of $$X^{2} \bmod p*q$$, $$(X)$$, $$(-X)$$, $$(\sqrt{1}*X)$$, $$(-\sqrt{1}*X)$$.

And since there are two $$\sqrt{-1}$$ for a 1 mod 4 semiprime, and there are $$\sqrt[4]{1}$$ and $$(\sqrt[4]{1})^{3}$$ to consider, A simple Mathematica function shows that there can be at least 16 quad roots of a 1 mod 4 semiprime. The quad roots of 16 mod p*q can be defined as:

$$\sqrt{1}$$ is important for square roots, and $$\sqrt{-1}$$ is important for quad roots.

Definition Of The Quad Root Of 1 For A 1 Mod 4 Semiprime
Given: $$p=73$$, $$q=13$$, $$\sqrt{1} \bmod{73*13}\equiv 220$$,$$\sqrt{-1}_{1}\bmod{73*13}\equiv 538$$ and $$\sqrt{-1}_{2}\bmod{73*13}\equiv 684$$ then:


 * $$\frac{(220 + 538)^2}{(220 + 684)^2} \bmod{73*13} \equiv 220 \equiv \sqrt{1} \bmod{73*13}$$

Since this is so the quad root of 1 mod p*q (for 1 mod 4 semiprime) is:


 * $$\frac{(220 + 538)}{(220 + 684)} \bmod{73*13} \equiv 658 \equiv \sqrt[4]{1} \bmod{73*13}$$

and


 * $$\frac{(220 - 538)}{(220 - 684)} \bmod{73*13} \equiv 658^{-1} \equiv 512 \equiv (\sqrt[4]{1})^{3} \bmod{73*13}$$

Thus:


 * $$\frac{(\sqrt{1} + \sqrt{-1}_{1})^{2}}{(\sqrt{1} + \sqrt{-1}_{2})^{2}} \bmod{p*q} \equiv \sqrt{1} $$


 * $$\frac{(\sqrt{1} + \sqrt{-1}_{1})}{(\sqrt{1} + \sqrt{-1}_{2})} \bmod{p*q} \equiv \sqrt[4]{1} $$


 * $$\frac{(\sqrt{1} - \sqrt{-1}_{1})}{(\sqrt{1} - \sqrt{-1}_{2})} \bmod{p*q} \equiv (\sqrt[4]{1})^{3} $$

In the examples above all the quad roots of 1 are 1 mod 73 or p. In the example below it is shown how to get a quad root of 1 that is 1 mod 13 or q.


 * $$\frac{(\sqrt{1} + \sqrt{-1}_{1})}{(\sqrt{1} - \sqrt{-1}_{2})} \bmod{p*q} \equiv \sqrt[4]{1} $$

or
 * $$\frac{(220 + 538)}{(220 - 684)} \bmod{73*13} \equiv 27 $$

As well a definitions of a square root of -1 mod p*q in terms of two different quad roots of 1 follows:


 * $$\sqrt[4]{1}_{1} + \sqrt[4]{1}_{2} \bmod{p*q} \equiv \pm(\sqrt{-1} \pm 1)$$

Note that the first quad root will be 1 mod p and the second quad root will be 1 mod q. An example:


 * $$703 + 658 \bmod{73*13} \equiv -(538-1)$$

and


 * $$27 + 512 \bmod{73*13} \equiv (538+1)$$

The other square root of -1 mod 73*13, 684, can be defined in terms of quad roots of 1 by:


 * $$703 + 512 \bmod{73*13} \equiv -(684-1)$$

and


 * $$27 + 658 \bmod{73*13} \equiv (684+1)$$

Some Notes On The Square Root Of -1
If we take $$\sqrt{-1}\bmod{89*29}\equiv 568$$ then $$569^{-1}\bmod{89*29}\equiv 1007$$, which has some interesting properties in that $$1007*1006\bmod{89*20}\equiv 1290\equiv 2^{-1}-1$$.

Also, $$1007+1006\bmod{89*29}\equiv -568$$ and $$1007^{2}+1006^{2}\bmod{89*29}\equiv 0$$

The same approach works for the other $$\sqrt{-1}\bmod{89*29}\equiv 945$$ where $$946^{-1}\bmod{89*29}\equiv 2109$$. Again, $$2109*2108\bmod{89*29}\equiv 1290\equiv 2^{-1}-1$$. And $$2109+2108\bmod{89*29}\equiv -945$$ and $$2109^{2}+2108^{2}\bmod{89*29}\equiv 0$$

There do seem to be some special properties of the two $$\sqrt{-1}\bmod{p*q}$$

Table of Sums Of Quad Powers Of 1
If we take the modulus, $$89*29$$, with $$\sqrt{1}\bmod{89*29}\equiv 2493$$,$$\sqrt{-1}_{1}\bmod{89*29}\equiv 568$$,and $$\sqrt{-1}_{2}\bmod{89*29}\equiv 945$$ (and the quad roots to be $$800$$ ,$$713$$, $$144$$ and $$233$$), then the sums of quad roots of one that come 1 off these numbers follows:

The sums for the $$\sqrt{1}\bmod{p*q}$$ will both be $$\pm 1 \bmod{p}$$ or $$\pm 1 \bmod{q}$$.

The sums for the $$\sqrt{-1}_{i}\bmod{p*q}$$ will have one be $$\pm 1 \bmod{p}$$ while the other is $$\pm 1 \bmod{q}$$

Since the above equivalents are true, the Product To Sum Theorum, shown in an earlier section, applies, and the product can be 1 off the sum of the two items.

Given that $$800$$ and $$713$$, and $$144$$ and $$233$$, are inverse quad roots of 1 for modulus $$89*29$$, and $$568\equiv \sqrt{-1}$$, and that $$1006 \equiv 567^{-1}$$ and $$1007 \equiv 569^{-1}$$, then the following applies:

Another table showing $$\sqrt{-1}_{1}-1$$ and $$\sqrt{-1}_{1}+1$$ as the coefficients

We can see that $$(\sqrt{-1}_{y}\pm 1)*\sqrt[4]{1} \bmod{p*q}\equiv (\sqrt{-1}_{x}\pm 1)$$ as in the following table:

The sum of all numbers mod p*q is 0. And interestingly the sum of all the numbers for the field $$89*29$$ up to $$567$$ is its inverse $$1006$$


 * $$\sum_{x=1}^{x=\sqrt{-1}-1} \bmod{p*q} \equiv (\sqrt{-1}-1)^{-1}$$
 * $$\sum^{x=p*q-1}_{x=\sqrt{-1}+1} \bmod{p*q} \equiv (\sqrt{-1}+1)^{-1}$$

These sums can be worked out by the well known equation:


 * $$\sum_{x=1}^{\sqrt{-1}-1}\equiv (\sqrt{-1}-1)(\sqrt{-1})/2$$

Looking at 2493(2^88-2^28) Again
With knowledge of the tables above lets look at:


 * $$-(2^{89*29-1}-1) \bmod{89*29}\equiv 2493*(2^{88}-2^{28})\equiv \sqrt{1}*(2^{p-1}-2^{q-1})$$

Knowing that $$(713+144)*2493\equiv -567$$ we can multiply the above term by $$-567$$ to get:


 * $$(713+144)*(2^{88}-2^{28})\bmod{89*29}\equiv 1545$$

Noting that $$713 \bmod 89 \equiv 1$$ and $$144 \bmod 29 \equiv -1$$ the Product To Sum Rule, described above, can be applied giving:


 * $$(713*2^{88} - (2^{28} + 713 - 1) + (144 - 2^{88} + 1) - 144*2^{28})\bmod{89*29}\equiv 1545$$

Subtracting out 2, adding 569 and combining terms gives us:


 * $$712*2^{88} - 145* 2^{28}\bmod{89*29}\equiv 2112$$

Adding $$2^{88}+2^{28}$$ (which is $$2^{89*29-1}+1\bmod{89*29}$$) we get the powers of p and q multiplied by the quad powers of 1:


 * $$713*2^{88} - 144* 2^{28}\bmod{89*29}\equiv 41$$

By symmetry and noting that the other quad roots of 1 per 89*29 are 800 and 233, that


 * $$800*2^{88} - 233* 2^{28}\bmod{89*29}\equiv 39$$

These two sums are equivalent to:


 * $$713*(2^{88} - 945*2^{28})\bmod{89*29}\equiv 39$$

and
 * $$(-713)* 2493* (2^{88} + 945* 2^{28})\bmod{ 89 *29}\equiv 41$$

which have been studied extensively in another section of this blog.

Other Equations Dealing With I
The Imaginary unit wiki article has some interesting equations that deal with I. These also apply to the modular $$\sqrt{-1}\bmod{p*q}$$ as well:

Using the radical sign for the principal square root gives:
 * $$ \sqrt{i} = \frac{\sqrt{2}}2 (1 + i). $$

The following equation from the same wiki article also applies to the modular imaginary number:

The three cube roots of $i$ are:
 * $$-i,$$
 * $$\frac{\sqrt{3}}{2} + \frac{i}{2},$$
 * $$-\frac{\sqrt{3}}{2} + \frac{i}{2}.$$

Similar to all of the roots of 1, all of the roots of $i$ are the vertices of regular polygons inscribed within the unit circle in the complex plane.

Also, from my own observation:

$$(2 + 4 \sqrt{-1}) (3 + \sqrt{-1})^{-1}\bmod{p*q}\equiv (\sqrt{-1}+1)$$

An example:

get i number for 41*401 modulus

PowerMod[-1, 1/2, 41 401]=5995

show the equation above to work for this modulus

Mod[(2 + 4 5995) PowerMod[3 + 5995, -1, 41 401], 41 401]=5996

Other Facts on the Modular Imaginary Number
Interestingly, $$\sqrt{-1}_{x}+1 \bmod p*q \equiv (-4)^{1/4} \bmod p*q$$ This also works for $$\sqrt{-1}_{x}-1 \bmod p*q \equiv (-4)^{1/4} \bmod p*q$$

A way to determine the $$\sqrt{-1} \bmod p*q$$ is to subtract successive squares from $$p*q$$. If the resulting sum is also a square then $$\sqrt{-1} \bmod p*q \equiv (\sqrt{square_{1}})*\sqrt{square_{2}}^{-1} \bmod p*q$$. In numeric terms $$538 \equiv (7)30^{-1}$$. This works since $$949=7*7+30*30$$. You can also create sum of square for any fourth multiple of $$p*q$$: $$\alpha*4*(p*q)$$

Actually, if both $$x \bmod{p*q}$$ and $$-x \bmod{p*q}$$ are quadratic then $$\sqrt{x} \sqrt[-1]{-x} \bmod{p*q}\equiv -\sqrt{-1}_{i}$$.

This is so since given the two numbers, $$\sqrt{x}$$ and $$\sqrt{(-1)*x}=\sqrt{-1}*\sqrt{x}$$, That the fraction of these two sums will necessarily be: $$\frac{1}{\sqrt{-1}}=-\sqrt{-1} \bmod{p*q}$$. Please note that $$\sqrt{-1}^{-1} \bmod{p*q}\equiv -\sqrt{-1}$$.

Finally, you can factor the sum of squares by using the square root of -1 to multiply one of the roots.


 * $$97^{2} + 17^{2} \bmod 73*13 \equiv (97+17*538)(97-17*538) \bmod 73*13$$ where $$538 \equiv \sqrt{-1} \bmod 73*13$$.

This means that the a factorisation of 2 mod p*q is:


 * $$(\sqrt{1}+\sqrt{-1})(\sqrt{1}-\sqrt{-1}) \bmod p*q \equiv 2$$

or, in our case of modulus 949:


 * $$(220+538)(220-538) \bmod 949 \equiv 2$$

You can also factor the minus of squares by using the square root of 1 like this:


 * $$97^{2} - 17^{2} \bmod 73*13 \equiv (97+17*220)(97-17*220) \bmod 73*13$$ where $$220 \equiv \sqrt{1} \bmod 73*13$$.

I will now show that knowledge of one of the square roots of negative 1 mod p*q is tantamount to factoring p*q, if you can take a modular square root

Since

$$g^{p*q-1}-1 \bmod p*q \equiv \sqrt{1}(g^{p-1}-g^{q-1})$$ and $$g^{(p*q-1)/2} \bmod p*q \equiv g^{(p+q-2)/2}$$

and

$$\sqrt{\sqrt{1}(g^{(p-1)}-g^{(q-1)})-2*g^{(p+q-2)/2}*\sqrt{-1}_{1}} \bmod p*q \equiv (1)^{1/4}(g^{(p-1)/2}-g^{(q-1)/2}*\sqrt{-1}_{2})$$

and

$$\sqrt{\sqrt{1}(g^{(p-1)}-g^{(q-1)})+2*g^{(p+q-2)/2}*\sqrt{-1}_{1}} \bmod p*q \equiv (1)^{1/4}(g^{(p-1)/2}+g^{(q-1)/2}*\sqrt{-1}_{2})$$

then the sum of these two equations equals:

$$(1)^{1/4}*2*g^{(p-1)/2} \bmod p*q$$

If you raise this above sum to the fourth power you get $$16*g^{2p-2} \bmod p*q$$

Use of the Product Of Powers To Sum Of Powers Theorum
Surprisingly, sometimes, you can use the Product Of Powers To Sum Of Powers theorum (described in an earlier section) to simplify:

$$\sqrt{\sqrt{1}(g^{(p-1)}-g^{(q-1)})-2*g^{(p+q-2)/2}*\sqrt{-1}_{1}} \bmod p*q \equiv (1)^{1/4}(g^{(p-1)/2}-g^{(q-1)/2}*\sqrt{-1}_{2})$$

Numerically, as $$220=\sqrt{1}$$ and $$27^{2} \bmod 949 \equiv 220$$ and $$538 \equiv \sqrt{-1}_{1} \bmod 949$$ and $$684 \equiv \sqrt{-1}_{2}$$ and $$949=13*73$$ then:


 * $$220(2^{72} - 2^{12}) - 2^{42}* 2* 538 \bmod 13 *73 \equiv 114$$
 * $$(27(2^{36}-2^{6}*684))^{2} \bmod 13*73 \equiv 835 \equiv -114$$

Understanding that $$\sqrt{-1}_{x} \bmod p*q$$ have $$\sqrt{-1} \bmod p$$ and $$\sqrt{-1} \bmod q$$, and that the quad root of 1 ($$27$$) has $$\sqrt{-1} \bmod p$$ and $$1 \bmod q$$, it is sometimes possible to use a $$1^{1/4} \bmod p*q$$ in conjunction with a $$\sqrt{-1} \bmod p*q$$ to decompose products into sums. In the equation above $$27$$ and $$684$$ have the right properties and we can change the equation to be:


 * $$((27 + 2^{36}-1) - (-2^6 - 684* 27-1))^{2} \bmod 13 *73\equiv 835 \equiv -114$$ or
 * $$((27 + 2^{36}) + (2^6 + 684* 27))^{2} \bmod 13 *73\equiv 835 \equiv -114$$

One of the Square Roots Found
Another simplification is to notice that $$27(1+684) \equiv 464$$, or $$1^{1/4}(1+\sqrt{-1}_{2})$$, is equal to $$-220+684 \equiv 464 \equiv -\sqrt{1}+\sqrt{-1}_{2}$$. Working on this in the square noted above we have:


 * $$(2^{36} + 2^{6} + 27(1+ 684))^{2} \bmod 13 *73\equiv 835 \equiv -114$$

This is equivalent to:


 * $$(220*(2^{36} + 2^{6} + 27(1+ 684)))^{2} \bmod 13 *73\equiv 835 \equiv -114$$ since $$220\equiv \sqrt{1}$$

Multiplying $$220$$ through and substituting $$(-220+648)$$ for $$27(1+684)$$ leads to:


 * $$(220*(2^{36} + 2^{6}) + 220(-220+684))^{2} \bmod 13 *73\equiv 835$$

Finally,


 * $$(220*(2^{36} + 2^{6}) -1+ 538))^{2} \bmod 13 *73\equiv 835$$

We know the two terms $$220*(2^{36}+2^{6})$$ and $$-1+538$$ (remember we know one of the $$\sqrt{-1}$$ for this exercise but not the second).

Therefore, we know one of the square roots of the complicated equation we started with:


 * $$\sqrt{(27(2^{36}-2^{6}*684))^{2}} \bmod 13*73 \equiv 220*(2^{36} + 2^{6}) -1 + 538 \equiv 602$$

$$\sqrt{\sqrt{1}(g^{(p-1)}-g^{(q-1)})-2*g^{(p+q-2)/2}*\sqrt{-1}_{1}} \bmod p*q \equiv \sqrt{1} ( 2^{(p-1)/2} + 2^{(q-1)/2})-1+\sqrt{-1}_{1} $$

A very complicated endeavor, but one that, nonetheless, yields one of the square roots of $$835$$ in this case since $$602*602 \bmod 73*13 \equiv 835$$

Symmetry finds the other root
Symmetry is important in modular math algebraic equations. In this case to find the square root of the other equation: $$\sqrt{\sqrt{1}(g^{(p-1)}-g^{(q-1)})+2*g^{(p+q-2)/2}*\sqrt{-1}_{1}} \bmod p*q \equiv ( -2^{(p-1)/2} + 2^{(q-1)/2})+1-\sqrt{-1}_{1}$$

or

$$\sqrt{(27(2^{36}+2^{6}*684))^{2}} \equiv -2^{36}+2^{6} +1 - 538 \bmod 73*13 \equiv 475$$

and $$475*475 \bmod 73*13 \equiv 712 \equiv -237$$ and

$$220*(2^{72}-2^{12})+2* 2^{36+6}* 538 \bmod 949 \equiv 237$$

Remember that $$2^{948/2}-1 \bmod 949 \equiv -2^{36}+2^{6}$$

and $$2^{948/2}+1 \bmod 949 \equiv 220*(2^{36}+2^{6})$$

so the two equations are roughly symmetric to each other. Also, remember that the signs in these above two equations change depending on the primes used.

We have two square roots but not the right ones
Having found two roots $$602$$ and $$475$$ mod $$949$$, let's see what roots we need to apply the two equations three sections previous:
 * $$\sqrt{\sqrt{1}(g^{(p-1)}-g^{(q-1)})-2*g^{(p+q-2)/2}*\sqrt{-1}_{1}} \bmod p*q \equiv (1)^{1/4}(g^{(p-1)/2}-g^{(q-1)/2}*\sqrt{-1}_{2})$$


 * $$\sqrt{\sqrt{1}(g^{(p-1)}-g^{(q-1)})+2*g^{(p+q-2)/2}*\sqrt{-1}_{1}} \bmod p*q \equiv (1)^{1/4}(g^{(p-1)/2}+g^{(q-1)/2}*\sqrt{-1}_{2})$$

As numbers we want these roots:


 * $$27(2^{36}-2^{6}* 684)\bmod 949 \equiv 529$$
 * $$27(2^{36}+2^{6}* 684)\bmod 949 \equiv 474$$

We can see that $$-475 \bmod 949 \equiv 474$$ so we do have one of the square roots we want, however,


 * $$220*602 \bmod 949 \equiv 529$$ (remember $$220\equiv \sqrt{1} \bmod 949$$)

so we don't have the second square root we want, but its reflection. So we are close to factoring $$p*q$$ but, unfortunately, no ecigarette.

We Can, However, Remove The 2^((p-1)/2) Term From The Equation
Understanding that $$\sqrt{1}*1^{1/4}$$ is the inverse of $$1^{1/4}$$, and that inverses are often equivalent when it comes to the Product To Sum theorum, we can therefore unwind:


 * $$27*2^{36} \bmod 949 \equiv 27+2^{36}-1$$
 * $$27^{-1}*2^{36} \bmod 949 \equiv 27^{-1}+2^{36}-1$$

As such, when we substract our two derived roots, $$475-602 \bmod 949 \equiv 822$$

and this $$822$$, after the unwinding mentioned above is equivalent to:


 * $$(27^{-1}-27)-2^{6}*684*(27^{-1}+27) \bmod 949 \equiv 822$$

or


 * $$(1^{-(1/4)}-1^{1/4})-2^{(q-1)/2}*\sqrt{-1}_{2}*(1^{-(1/4)}+1^{1/4}) \bmod p*q$$

Thus we have removed powers of $$p$$ from the equations, however, it still does not solve for either $$p$$ or $$q$$

We can Remove Both P and Q From the Equation
We can further reduce the equation by applying the Product To Sum rule to $$27*684*2^{6}$$ and $$27^{-1}*684*2^{6}$$. The expansion of this algebra is shown below:


 * $$(27^{-1}-27)- (2^{6} - 684*27^{-1}+1 )- (-2^{6}- 684* 27-1) \mod 949 \equiv 822$$

This contracts to:


 * $$(27^{-1}-27) + 684( 27^{-1} +  27) \bmod 949 \equiv 822$$

or


 * $$(1^{-(1/4)}-1^{1/4}) + \sqrt{-1}_{2}( 1^{-(1/4)} +  1^{1/4}) \bmod p*q $$

Thus, we have removed both $$P$$ and $$Q$$ from the equation and only the quad roots of 1 and the square root of -1 remain.

(It should be noted that $$-2*538 \bmod 949 \equiv 822$$ where $$538\equiv \sqrt{-1}_{1}$$)

Notes on obtaining these numbers
After some work with Mathematica, it seems there are two cases for the roots created in this section. There is one where 1) $$1^{1/4} \bmod q \equiv 1 | -1$$ and the other 2) is when $$1^{1/4} \bmod q \equiv \sqrt{-1}$$. For the second case you need to multiply the formula for both the two roots by $$\sqrt{-1}_{1} \bmod p*q$$ (this is explained in the section showing the formulas for the numbers $$89*29$$)

The P and Q primes need to be


 * $$1 \bmod 4$$
 * $$2^{(p-1)/2} \bmod p \equiv -1$$
 * $$2^{(q-1)/2} \bmod q \equiv 1$$

When these conditions are observed, then $$2/3$$ will be case 2 ($$1^{1/4} \bmod q \equiv \sqrt{-1}$$) and the rest case 1 ($$1^{1/4} \bmod q \equiv 1 | -1$$).

Due to sign issues between


 * $$2^{(p*q-1)/2} \pm 1 \bmod p*q$$
 * $$1^{1/4} \bmod p*q$$ and $$1^{3/4} \bmod p*q$$
 * $$\sqrt{-1}_{1} \bmod p*q$$

there are 8 possible computations you can make to get the root of this section. Of these 8, 2 will be correct, the other 6 incorrect.

Checking With A Second Modulus: 89*29
Checking with a second modulus, $$89*29$$ with $$568$$ and $$945$$ as $$\sqrt{-1}$$ and
 * $$2^{154}\equiv \sqrt{1}$$
 * $$2^{77} \equiv (1)^{1/4}$$
 * $$2^{(89* 29-1)/2}-1 \bmod 89*29 \equiv -2^{44}+2^{14}$$
 * $$2^{(89 *29-1)/2}+1 \bmod 89*29 \equiv 2^{154}(2^{44}+2^{14})$$

, I had to multiply the equations by one of the square roots of -1: $$568$$:


 * $$2^{77}(2^{44}-2^{14}*945)\bmod 89* 29 \equiv 540$$
 * $$2^{77}(2^{44}+2^{14}*945)\bmod 89* 29 \equiv 1064$$

The above numbers are the intended numbers. The numbers we get from our equations are:


 * $$(568*((-2^{44}+2^{14})+1- 568))\bmod 89* 29 \equiv 1519 \equiv \sqrt{1}*540$$
 * $$(568*(2^{154}(2^{44}+2^{14})-1+ 568))\bmod 89* 29 \equiv 1517 \equiv -1064$$

The effect of multiplying by $$\sqrt{-1}$$ helps get the correct square we are after instead of the negative number to the square we want.

This set of equations also works with the modulus $$113*73$$, however, the set of equations seems to require a square root of 1 mod p*q, $$\sqrt{1} \bmod p*q$$, that is not $$-1$$. In other words, besides $$-1$$, there needs to be another square root of 1.

Imaginary Modular Numbers are one off the sum of Two Quad Roots Of One
Since Imaginary Modular Numbers are one off the sum of two quad roots of one (see Definition Of Quad Roots), and quad roots are always $$\pm 1 \bmod{p or q}$$ it follows that we can use the Product To Sum Theorum to further decompose the two equations we have made in the previous section.

Taking $$2^{154}*2^{77}(2^{44}-2^{14}*945)\bmod{89*29}\equiv 1519$$ and understanding that $$567 \equiv -1781 - 233 \bmod{89*29}$$, and that both $$1781$$ and $$233$$ are both quad roots of 1 for the modulus $$89*29$$, then we can decompose the sum of $$1519$$ in the following steps:

 $$2^{154}*2^{77}(2^{44}-2^{14}*945)\bmod{89*29}\equiv 1519$$ $$2^{77}(2^{154}*2^{44}+2^{14}*568)\bmod{89*29}\equiv 1519$$ $$2^{77}(2^{154}*2^{44}+2^{14}*(-1781-232))\bmod{89*29}\equiv 1519$$ and understanding that $$-1781 \bmod{89}\equiv -1$$, $$-232 \bmod{29}\equiv 0$$, and $$2^{14}\bmod{29}\equiv -1$$ then  $$2^{77}(2^{154}-2^{44}+1 +2^{14}*(-1781-232))\bmod{89*29}\equiv 1519$$ $$2^{77}(2^{154}-2^{44}+1+1781-2^{14}-1 +2^{14}*(-232))\bmod{89*29}\equiv 1519$$ $$2^{77}(2^{154}-2^{44}+1781 - 233*2^{14})\bmod{89*29}\equiv 1519$$</li> </ul> Note that we have created an equation that can now be compared with the other equation of the two, which shall be decomposed in the following steps (remembering that $$233+713 \bmod{89*29}\equiv 946$$, $$2^{14} \bmod{89*29}\equiv -1$$, $$713\bmod{89}\equiv 1$$, and $$232\bmod{29}\equiv 0$$):

<ul> <li> <li>$$2^{77}(2^{44}+2^{14}*945)\bmod{89*29}\equiv 1064$$</li> <li>$$2^{77}(2^{44}+2^{14}*(713+232))\bmod{89*29}\equiv 1064$$</li> <li>$$2^{77}(2^{44}-713+2^{14}+1+2^{14}*(232))\bmod{89*29}\equiv 1064$$</li> <li>$$2^{77}(2^{44}-713+1+233*2^{14})\bmod{89*29}\equiv 1064$$</li> </ul>

At this point we can add both sums:

<ul> <li>$$1519+1064\bmod{89*29}\equiv 2\equiv 2^{77}(2^{154}+1781-713+1)$$</li> <li>Remembering that both $$1781$$ and $$713$$ are quad roots of 1 then</li> <li>$$1781+1-2^{154}+713\bmod{89*29}\equiv 2\equiv (\sqrt[4]{1})^{3}+1-\sqrt{1}+\sqrt[4]{1}$$</li> </ul>

I checked this math for the modulus $$73*13=949$$, and the result was similar. The two equations in question were:


 * $$220*27(2^{36}-2^{6}*684) \bmod{73*13}\equiv 602$$
 * $$27(2^{36}+2^{6}*684) \bmod{73*13}\equiv 474$$

The sum of $$602+474 \bmod{73*13} \equiv 127$$ and this equation was equivalent to


 * $$27(220+1-2*73) \bmod{73*13}\equiv 127$$
 * $$246+27-2*73 \bmod{73*13}\equiv 127$$
 * $$(\sqrt[4]{1})^{3}+\sqrt[4]{1}-2*p \bmod{p*q}$$

A quite similar result

Definition of 2^(p-1) and 2^(q-1)
Using the Product To Sum theorum I was able to come up with the two following definitions where $$p=89$$ and $$q=29$$ and $$2493 \bmod{89*29}\equiv \sqrt{1}$$:

Mod[-2493 2^(88 + 28) + 2493 +   2^28, 89 29]== 2^88

and

Mod[2493 2^(88 + 28) - 2493 +   2^88, 89 29]== 2^28

$$2^{88+28}\bmod{89*29}$$ is derviable.

Using the Product To Sum Theorum I was able to do the following math steps:

Mod[2^88 - 2^28 - 1, 89 29]===Mod[(2^28) (2^88 - 2), 89 29]==Mod[2^(88 + 28) - 2 2^28, 89 29]==826

Thus:

Mod[2493 (2^88 - 2^28), 89 29]===Mod[2493 (2^(88 + 28) - 2 2^28 + 1), 89 29]===2073

Thus:

2071===Mod[2493 2^(88 + 28) - 2493 - 2 2^28, 89 29]

Trying the modulus 97*37
Trying the modulus $$97*37$$ for this effect, I found I had to minus the sums in order to cancel out.

(For previous steps (on other modulus) see Original Equations Defined for how to originally define the two equations we add or subtract from each other.  And then see  Actual Algebraic Proof for the actual resolution of the equations. Consult  Product To Sum Method for an algebraic method on P*Q modulus used extensively in the proof)

With:


 * $$\sqrt[4]{1}\equiv 75$$
 * $$\sqrt{-1}_{1} \equiv 216$$
 * $$\sqrt{-1}_{2} \equiv 1671$$

I found that, minusing the two equations from the section above, that I was able to derive:


 * $$-75+75^{-1}-1671+216 \bmod{97*37} \equiv -\sqrt[4]{1}+\sqrt[-4]{1}-\sqrt{-1}_{2}+\sqrt{-1}_{1}\equiv 432$$

Since $$432 \equiv 2*216\equiv 2*\sqrt{-1}_{1}$$ then it seems we have a new definition whereby:


 * $$\sqrt{-1}_{1} \bmod{p*q} \equiv -\sqrt[4]{1}+\sqrt[-4]{1}-\sqrt{-1}_{2}$$

We can see on examination of the modulus, 73*13=949, that this equation, subject to sign changes holds:


 * $$27 + 27*220 - 538 \bmod{ 949}\equiv 684 $$

or
 * $$\sqrt[4]{1}+\sqrt[-4]{1}-\sqrt{-1}_{1} \bmod{p*q} \equiv \sqrt{-1}_{2}$$

Thus, it seems that(noting possible sign changes):


 * $$\pm \sqrt[4]{1} \pm \sqrt[-4]{1} \bmod{p*q} \equiv \sqrt{-1}_{2} \pm \sqrt{-1}_{1}$$

This is a definition of the sum of the two square roots of -1 mod p*q per quad roots of 1. Please note that the quad roots need to be inverses of each other.

Trying the modulus $$89*29$$ we can see that this sums of inverse quad roots of 1 equaling sums of square roots of -1 holds, where 945 and 568 are square roots of -1 for the modulus 89*29, and -233, 144 are inverse quad roots of 1, and 713 and -800 are inverse quad roots of 1 per the modulus given.

Decomposing 2 to the ((p+q-2)/4) Power Using the Product to Sum Theorum
You can't use the Product To Sum theorum to unwind the multiplication of


 * $$2^{29} \bmod 89*29 \equiv 2^{(89*29-1)/4} \bmod 89*29 \equiv 2^{(p+q-2)/4} \bmod p*q$$

since


 * $$2^{22}\bmod 89 \equiv 1$$ is okay, but $$2^{7}\bmod 29 \equiv 12$$ (not okay).

However, multiplied by $$568 \equiv \sqrt{-1} \bmod 89*29$$ such that $$2^{7}*568 \bmod 29 \equiv 1$$, the multiplication can be unwound as in:


 * $$2^{29}*568+1 \bmod 89*29 \equiv 2^{22}+2^{7}*568 \equiv 615$$

and


 * $$2^{29}*568-1 \bmod 89*29 \equiv -2493(2^{22}-2^{7}*568) \equiv 613 \equiv \sqrt{1}(2^{(p-1)/4}-2^{(q-1)/4}*\sqrt{-1})$$

(Remember for this exercise we know $$568 \equiv \sqrt{-1}_{1}$$ but not $$945 \equiv \sqrt{-1}_{2}$$)

So for modula of $$p*q$$ the Product To Sum theorum described here is almost another rule of algebra!

By manipulating these two sums, described just above, and multiplying by $$568$$ ($$\sqrt{-1}_{1} \mod p*q$$) I was able to establish that, for this modulus of $$89*29$$ that:


 * $$(568 - 945)*2^{22} + 945 \bmod 89*29 \equiv 568$$

or


 * $$(\sqrt{-1}_{1} - \sqrt{-1}_{2})*2^{(p-1)/4} + \sqrt{-1}_{2} \bmod p*q \equiv \sqrt{-1}_{1}$$

or


 * $$(\sqrt{-1}_{1} - \sqrt{-1}_{2})*2^{(p-1)/4} \bmod p*q \equiv \sqrt{-1}_{1} - \sqrt{-1}_{2}$$
 * $$(\sqrt{-1}_{1} - \sqrt{-1}_{2})*2^{(p-1)/2} \bmod p*q \equiv \sqrt{-1}_{1} - \sqrt{-1}_{2}$$
 * $$(\sqrt{-1}_{1} - \sqrt{-1}_{2})*2^{(p-1)} \bmod p*q \equiv \sqrt{-1}_{1} - \sqrt{-1}_{2}$$

and
 * $$(\sqrt{-1}_{1} + \sqrt{-1}_{2})*2^{(q-1)} \bmod p*q \equiv \sqrt{-1}_{1} + \sqrt{-1}_{2}$$

A Multiplier for g^(p-1)-1 mod p*q to make g^(4(p-1))-1
If we take the term we shall call $$X_{1}$$:


 * $$X_{1}=(2^{2*(p*q-1)}+1)(2^{(p*q-1)}+1) \bmod p*q \equiv (2^{2(p+q-1)}+1)(2^{p+q-1}+1)+\alpha * q$$

we can see that any $$\beta * p \equiv 2^{u*(p-1)}-1$$ cancels out the $$\alpha * q$$.

In the case of $$X_{1}$$ though:


 * $$X_{1}*(2^{p-1}-1) \bmod p*q \equiv 2^{4(p-1)}-1$$

It's sorta like a multiplier took the power $$g^{(p-1)}$$ to the fourth power, $$g^{4*(p-1)}$$, but this multiplier is not $$g^{3*(p-1)} \bmod p*q$$!

It implodes powers as well. If you take the inverse of $$X_{1}$$, then the following equation holds:


 * $$X_{1}^{-1}*(2^{4(p-1)}-1) \bmod p*q \equiv 2^{(p-1)}-1$$

To give an example:

$$(2^{2*(10177*577-1)}+1)(2^{(10177*577-1)}+1) \bmod 10177*577 \equiv 2370894$$

and

$$2370894*(2^{10176} -1) \bmod 10177*577 \equiv 1984515 \equiv 2^{4(10176)}-1$$

This works for all $$P$$ and $$Q$$ odd prime combinations.

Actually, the above explanation is an insight into a family of equations that are similar multipliers. I have been able to make half the $$P$$ and $$Q$$ combinations work to create an $$X_{2}$$ that works for the equation:


 * $$X_{2}*(2^{(p-1)/2}-1) \bmod p*q \equiv 2^{2(p-1)}-1$$

and I have been able to make around $$3/16$$ of the $$P$$ and $$Q$$ combinations for $$X_{3}$$ where:


 * $$X_{3}*(2^{(p-1)/4}-1) \bmod p*q \equiv 2^{(p-1)}-1$$

You often have to use the $$\sqrt{-1} \bmod p*q$$ to construct $$X_{3}$$. There are around 8 cases. Consult on how to do this.

As well, it is possible to construct an equation with all the unknowns on the left side being powers of $$P$$, and a known number on the right:


 * $$X_{3}*2^{(p-1)/4} - 2^{p-1} \bmod p*q \equiv X_{3}-1$$

An example:


 * $$1925*2^{22}-2^{88} \bmod 89*29 \equiv 1925-1$$

or


 * $$(1925-2^{66})*2^{22} \bmod 89*29 \equiv 1924$$

Usually, equations always have unknowns of powers of $$p$$ and $$q$$, not just powers of one of the primes.

Definition of 2^{88+66} mod 89*29
If we take the equation just above, with its definition of $$1924 \bmod{89*29}$$ then


 * $$1924*1925 \bmod{89*29} \equiv (1925-2^{66})(2^{88}+1924)$$

If we expand out the polynomial shown on the right side of the equation above, then we can see that


 * $$-2^{88+66} -1924*2^{66}+1925*2^{88} \bmod{89*29}\equiv 0$$

This means that


 * $$2^{88+66} \bmod{89*29} \equiv -1924*2^{66}+1925*2^{88}$$

This is a type of Product To Sum decomposition from multiplication to subtraction.

To emphasise that this is a family of equations observe the following:


 * $$X_{4}=(2^{(p*q-1)}+1)(2^{(p*q-1)/2}+1)(2^{(p*q-1)/4}+1) \bmod p*q \equiv (2^{(p-1)}+1)(2^{(p-1)/2}+1)(2^{(p-1)/4}+1)+\alpha * q$$

and


 * $$X_{4}*(2^{(p-1)/4}-1) \bmod p*q \equiv 2^{2(p-1)}-1$$

Try the primes $$10177$$ and $$577$$ for this exercise. The exact equation is determined by the prime states of the primes. Look at the paper reference below for an explanation of prime states.

X As An Equation Of Only Powers Of P
Take $$10177$$ and $$577$$ to produce
 * $$X \equiv (2^{(10177*577-1)/2}+1)*(2^{(10177*577-1)/4}+1) \bmod 10177*577 \equiv (2^{10176}+(X-1))*2^{-(10176/4)} \bmod 10177*577 \equiv 4817951$$

This is a definition of the constant, $$X$$, only in terms of powers of $$p$$ and the constant $$X$$

The equations, for other prime pairs, will be slightly different depending on the prime states now.

As well, take:


 * $$4817951-1 \equiv -2^{10176}+2^{10176/4}* 4817951 \bmod 10177*577$$

or


 * $$X-1 \equiv -2^{p-1}+2^{(p-1)/4}* X \bmod p*q$$

and (in the case of $$X=2370894$$ for $$p=10177$$ and $$q=577$$)


 * $$X \equiv 2^{3*(p-1)}+(X-1)*(2^{-(p-1)}) \bmod p*q$$

which makes:


 * $$-2^{3*(p-1)}+X \equiv (X-1)*(2^{-(p-1)}) \bmod p*q$$

and


 * $$2^{7*576} - 2^{4*576} \bmod{10177*577} \equiv (2370894-1)*(2^{4*576}-2^{3*576})\equiv 4072466$$

Taking The Square Root Of (-2)^{-2} mod p*q Can Factor P*Q
With knowledge that there are squareless numbers (numbers whose square mod p*q is itself), and taking the number $$(-2)^{-1}\bmod{p*q}$$, the following can be asserted:


 * $$(SQUARELESSNUMBER + (-2)^{-1})^{2} \bmod{p*q} \equiv ((-2)^{-1})^{2}$$
 * $$(6060+3686)^{2}\bmod{101*73}\equiv 3686^{2}$$ where $$6060$$ is a squareless number
 * $$(1314+3686)^{2}\bmod{101*73}\equiv 3686^{2}$$ where $$1314$$ is a squareless number

This works because all sum squares are of the form:


 * $$\alpha^{2} + 2*\alpha * \beta + \beta^{2} = (\alpha+\beta)^{2}$$

If $$\beta\equiv (-2)^{-1}\bmod{p*q}$$, then $$2*\beta\equiv (-1)$$, and if $$\alpha=SQUARELESSNUMBER$$, then the equation for the sum squared is:


 * $$SQUARELESS + SQUARELESS *(-1) + (-2)^{-2} = (SQUARELESS + (-2)^{-1})^{2}$$

You can see that $$SQUARELESS + SQUARELESS *(-1)=0$$, in other words they cancel out.

This also works, for the same reason for squares of $$2^{-1}\bmod{p*q}$$, so that


 * $$(-SQUARELESSNUMBER + (2)^{-1})^{2} \bmod{p*q} \equiv ((2)^{-1})^{2}$$
 * $$(-6060+3687)^{2}\bmod{101*73}\equiv 3687^{2}$$ where $$6060$$ is a squareless number
 * $$(-1314+3687)^{2}\bmod{101*73}\equiv 3687^{2}$$ where $$1314$$ is a squareless number

Since both $$(-2)^{-2}\bmod{p*q}$$ and $$(2)^{-2}\bmod{p*q}$$ equal $$1*4^{-1}\bmod{p*q}$$ it follows that, after taking the modular (or natural) square root of $$(-2)^{-2}\bmod{p*q}$$, we can determine P or Q via


 * $$GCD[\sqrt{(-2)^{-2}}-(-2)^{-1}, p*q]$$
 * $$GCD[\sqrt{(6060+3686)^{2}\bmod{101*73}}-3686, 101*73]=101$$ since $$6060\bmod{101}\equiv 0$$ and $$3686\bmod{101*73}\equiv (-2)^{-1}$$

Theoretically, this procedure should reveal the factorisation of 1 p*q combination every $$\sqrt{p*q}$$ attempts, however, my trials with Mathematica show that the factorisation is revealed, because the square is a natural square, once every $$\sqrt[3]{p*q}$$.

The Following mathematica output shows that taking the square root of $$4^{-1}\bmod{p*q}$$ does work.

{{p,q},  TYPEOFSQUARE, SQUARE,ROOT,GCD[ROOT-(-2)^{-1}] {{103,31},ModularSquare,2395,1287,103,1} {{103,43},ModularSquare,3322,1699,103,1} {{103,47},ModularSquare,3631,258,47,1} {{103,59},ModularSquare,4558,2626,103,1} {{103,67},ModularSquare,5176,2111,103,1} {{103,71},ModularSquare,5485,1597,71,1} {{107,31},ModularSquare,2488,481,107,1} {{107,43},ModularSquare,3451,2086,107,1} {{107,47},ModularSquare,3772,588,107,1} {{107,59},ModularSquare,4735,1445,59,1} {{107,67},ModularSquare,5377,3049,107,1} {{107,71},ModularSquare,5698,3585,71,1} {{127,31},ModularSquare,2953,698,127,1}

{{127,43},Natural Square,4096,64,43,1}

{{127,47},ModularSquare,4477,1715,47,1} {{127,59},ModularSquare,5620,2095,127,1} {{127,67},ModularSquare,6382,1842,67,1} {{127,71},ModularSquare,6763,2095,127,1} {{131,31},ModularSquare,3046,852,31,1}

{{131,43},Natural Square,4225,65,131,1}

{{131,47},ModularSquare,4618,1245,47,1} {{131,59},ModularSquare,5797,2685,131,1} {{131,67},ModularSquare,6583,1507,67,1} {{131,71},ModularSquare,6976,2947,131,1}

{24 attempts, 2 natural squares}

This section shows that you only need one modular square root to factor p*q if the base is $$(\pm 2)^{-1}\bmod{p*q}$$, and not two as with most bases. Thus the factorisation problem is equivalent to the modular square root problem.

The Cubes Of These Numbers
By the same algebra, as shown above, I was able to discern that:


 * $$4(3686+6060)^{3} \bmod{101*73}\equiv (4*3686^{3}+6060)\equiv 2373$$
 * $$4((-2)^{-1}+SQUARELESS)^{3} \bmod{p*q}\equiv (4*(-2)^{-3}+SQUARELESS)$$

and taking the base of $$(-3)^{-1}\bmod{101*73}\equiv 4915$$ I was able to derive the cube to:


 * $$3(4915+6060)^{3} \bmod{101*73}\equiv (3*4915^{3}+6060)\equiv 2783$$
 * $$3((-3)^{-1}+SQUARELESS)^{3} \bmod{p*q}\equiv (3*(-3)^{-3}+SQUARELESS)$$

Thus, it is possible to derive:


 * $$4(3686+6060)^{3} - 3(4915+6060)^{3} \bmod{101*73}\equiv 4*3686^{3} - 3*4915^{3}$$
 * $$4((-2)^{-1}+SQUARELESS)^{3} - 3((-3)^{-1}+SQUARELESS)^{3} \bmod{p*q}\equiv 4*(-2)^{-3} - 3*(-3)^{-3}$$

but I wasn't able to get further than this.

Using the well known subtraction of cubes formula:


 * $$(a-b)(a^{2}+a*b+b^{2})=(a^{3}-b^{3})$$

and given


 * $$(3686+6060)^{3} - (4915+6060)^{3}$$

then the SQUARELESS number (or $$6060$$) can be derived but unfortunately we don't have that term.

It is also possible to derive:


 * $$(4915+6060)^{3} - (4915+6060)^{2} \bmod{101 *73}$$

but this doesn't get any further either.

Subtraction and Addition Of Cubes
Using the unique algebraic properties of the squareless number, you can solve for

Solve[(2 x a) == -(x^2 - 1), {a, x}, Modulus -> 101 73]

to get squares where


 * $$(a+x*SQUARELESS)^{2}\bmod{p*q}\equiv a^{2}+SQUARELESS$$
 * $$(4914+3*6060)^{2} \bmod{101*73}\equiv 4914^{2}+6060$$
 * $$(5529 + 2 *6060)^{2}\bmod{ 101* 73}\equiv 5529^{2}+6060$$

Thus a subtraction of squares can be done as in:


 * $$(4914+3*6060)^{2} -(5529 + 2* 6060)^{2}\bmod{101*73}\equiv 4914^{2}-5529^{2}$$

Likewise for cubes, you can solve for

Solve[3 x (a x + a^2) == -(x^3 - 1), {a, x}, Modulus -> 101 73]
 * $$(a+x*SQUARELESS)^{3}\bmod{p*q}\equiv a^{3}+SQUARELESS$$
 * $$(2 + 2302*6060)^{3} \bmod{101*73}\equiv 2^{3}+6060$$
 * $$(7 + 5289*6060)^{3}\bmod{ 101* 73}\equiv 7^{3}+6060$$

Thus a subtraction of cubes can be done as in:


 * $$(2+2302*6060)^{3} -(7 + 5289* 6060)^{3}\bmod{101*73}\equiv 2^{3}-7^{3}$$

Unfortunately, for all these new equations above, it was not possible to derive p or q from them.

Quotes From Hardy's Commentary On Ramanujan
Quoting the equation from p 89 of "Ramanujan" by Hardy: Ramanujan went a good deal further. He proved congruences with modulli $$5^{2}, 7^{2} and 11^{2}$$ being:


 * $$p(25m+24) \equiv 0 \bmod 5^{2}$$

and put forward a conjecture that if


 * $$\theta = 5^{a}7^{b}11^{c}$$
 * $$24 \beta \equiv 1 \bmod{\theta}$$
 * then $$p(m \theta +\beta)\equiv 0 \bmod{\theta}$$

Apparently, the conjecture has been shown to be incorrect at times, but it usually is good enough to work with. The P function is the permutation function, or basically, the Factorial function.

An Exploration of Dickson's 1921 "Theory Of Numbers"
This section will be devoted to topics found from a gleeming of Dickson's 1921 History of the Theory of Numbers.

The three volume work seems to have math that has dropped out of the Math corpus.

a*x^4+b*y^4 equals c*z^2
Quite a few of previous mathematicians worked on this above equation. I couldn't get some of their work to work, but for several of them I was able to get them to work, that of(if z is the modulus then the square root of -a/b mod z can be found easily)

Realis Works
S. Realis(Theory of Numbers vol ii p 627)


 * S. Realis noted that if
 * $$\alpha^{4}-2*\beta^{4}==\lambda^{2}$$ then
 * $$x^{4}-2*y^{4}==z^{2}$$
 * $$x=3(339*\alpha^{3}+392*\beta^{3})+8*\alpha*\beta(216*\alpha+211*\beta)+7*\lambda(113*\alpha+96*\beta)$$


 * $$y=4(147*\alpha^{3}-226*\beta^{3})-27*\alpha*\beta(5*\alpha+64*\beta)+7*\lambda(108*\alpha+113*\beta)$$

I was able quickly to make the above math work on Mathematica, but I was unable to set the modulus of the modulus which would be $$z$$

On Theory Of Numbers, vol ii, p632, the following equations will create $$x^{4}-3*y^{4}=13*z^{2}$$
 * $$x = 76* a^{3} + 96* a^{2} *b + 135* a* b^{2} + 156* b^{3} + 13*lambda (19 *a + 12* b)$$
 * $$y = 52* a^{3} + 28 *a^{2}* b - 96* a* b^{2} - 57* b^{3} + 13*lambda* (16* a + 19* b)$$

if $$a^{4}-3*b^{4}=13*lambda^{2}$$

Fermat works
Fermat method (Theory of Numbers, vol ii, p 631) works and I was able to set the modulus to be what I wanted. (The modulus was z so I proceeded with modular equations and cancelled out the z's simplying the equation). I was only able to get one of the square roots. The other one (for p*q modula never appeared)


 * If (1) has solutions $$x,y,z$$, then Fermat's method convieniently applied leads to new solutions


 * $$X=x(4a^{2}x^{8}-3c^{2}z^{4})$$, $$Y=y(4b^{2}y^{8}-3c^{2}z^{4})$$
 * $$Z=z[4c^{4}z^{8}-3(ax^{4}-by^{4})^{4}]$$

Desboves works
A. Desboves math at p631 vol ii of "Theory Of Numbers" works.

$$(y^{2}+2*y*x-x^{2})^4+(2*x+y)*x^{2}*y*(2*y+2*x)^4$$== $$(x^{4}+y^{4}+10*x^{2}*y^{2}+4*x*y^{3}+12*x^{3}*y)^{2}$$

It's quite good in that it doesn't require a working earlier case.

dickson's work on tonelli says the algorithm will work on mod p^k not just on mod p
I'm not a professional mathematician but I just read Dickson's "History of Numbers" where it says on page 215-216 that


 * A. Tonelli gave an explicit formula for the roots of $$x^{2}=c (\bmod{ p^{\lambda}})$$

After reading the Dickson text a couple of times on p215,216 I came across this formula for the square root of $$x^{2}\bmod{p^{y}}$$.


 * when $$p=4*7+1$$, or $$s=2$$ and $$A=7$$
 * for $$x^{2}\bmod{p^{\lambda}}\equiv c$$ then
 * $$x \bmod{p^{\lambda}}\equiv \pm (c^{A}+3)^{\beta}*c^{(\beta+1)/2}$$ where $$\beta \equiv a*p^{\lambda-1}$$

Noting that $$23^{2} \bmod{ 29^{3}}\equiv 529$$ and noting that $$\beta = 7*29^{2}$$ then


 * $$(529^{7} + 3)^{7* 29^{2}}* 529^{(7*29^{2} + 1)/2}\bmod{ 29^{3}}\equiv 24366 \equiv -23$$

So Tonelli's math does seem to take modular square roots of prime powers! The Tonelli–Shanks algorithm article explicitly says the algorithm only takes the modular square root of primes:


 * "The Tonelli–Shanks algorithm (referred to by Shanks as the RESSOL algorithm) is used within modular arithmetic to solve for r a congruence of the form r2 ≡ n (mod p), where p is a prime.


 * Tonelli–Shanks cannot be used for composite moduli; finding square roots modulo composite numbers is a computational problem equivalent to integer factorization. "

Here's another equation: $$2333^{2} \bmod{ 29^{3}}\equiv 4142$$ and


 * $$(4142^{7} + 3)^{7 *29^{2}}* 4142^{(7*29^{2} + 1)/2}\bmod{ 29^{3}}\equiv 2333$$

On page 215-216 of the Dickson book, the equation is given of Tonelli's:


 * $$X\bmod{p^{y}}\equiv x^{p^{y-1}}*c^{(p^{y}-2p^{y-1}+1)/2}$$ where $$X^{2}\bmod{p^{y}}\equiv c$$ and $$x^{2}\bmod{p}\equiv c$$;

Using $$p=23$$ and using the modulus of $$p^{3}$$ the math follows (in mathematica):

Mod[1115^2, 23 23 23]=2191 Mod[1115^2, 23]=6 PowerMod[6, 1/2, 23]=11

Mod[11^(23 23) 2191^((23 23 23 - 2 23 23 + 1)/2), 23 23 23] =1115 Thus Tonelli's work can work for a 3 mod 4 prime power.

This math proves that, under some circumstances, that Tonelli's work is greater than Shanks. Those old text books (in the case Dickson's "History of Numbers" volume 1) are sometimes worth pouring through! Shanks did refer to his algorithm as the RESSOL algorithm and cryptographers are famous for codes. It should be noted that RESSOL is LOSER backwards. Maybe, Shank was aware of Tonelli's powers of prime modular square root method, but did not publically reveal it. We will never know because Mr. Daniel Shanks is dead.

Cipolla's algorithm is able to find square roots of powers of prime modula, just like Tonelli's
According to Dickson's "History Of Numbers" vol 1 p 218 , the following formula of Cipolla, Cipolla's algorithm, will find square roots of powers of prime modula and not just prime modula (as the wiki article states):


 * $$2^{-1}*q^{t}((k+\sqrt{k^{2}-q})^{s}+(k-\sqrt{k^{2}-q})^{s})\bmod{p^{\lambda}}$$
 * where $$t=(p^{\lambda}-2*p^{\lambda-1}+1)/2$$, $$s=p^{\lambda-1}*(p+1)/2$$ and $$x^{2}\bmod{p^{\lambda}}\equiv q$$
 * where $$q=10$$,$$k=2$$ as in the wiki example

Taking the example in the wiki article we can see that this formula above does indeed take square roots of prime power modula.

Dropping into Mathematica

PowerMod[10, 1/2, 13 13 13]=1046

Create 2^(-1)*q^(t) via Mod[PowerMod[2, -1, 13 13 13] PowerMod[10, (13 13 13 - 2 13 13 + 1)/2, 13 13 13], 13 13 13]=1086

Create the (k+ sqrt{k^{2}-q})^{s} and (k- sqrt{k^{2}-q})^{s} via the following Mathematica procedure

try999[m_, r_, i_, p_, i1_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a2 = r; a3 = i;  For[a1 = 2, a1 <= p, a1++, a4 = a2; a5 = a3; a2 = Mod[a4 r + a5 i i1, m]; a3 = Mod[(a4 i + a3 r), m]; (*Print[{a2,a3,a1}];*) ]; Return[{a2, a3}]; ]

(k+sqrt{k^{2}-q})^{s}= 1540  and (k-\sqrt{k^{2}-q})^{s}= 1540

via the following function calls

try999[13 13 13, 2, 1, 13 13 7, -6]=1540

try999[13 13 13, 2, -1, 13 13 7, -6]=1540

and

Mod[1086 (2 1540), 13 13 13]=1046 which is the answer.

Cipolla means onion in Italian by the way.

An Angle On The Modular Quadratic Equation (according to Gauss)
Says p207 of Dickson's "Theory of Numbers" vol 1:

The congruence $$a*x^{2}+b*x+c \bmod{m}\equiv 0$$ is reduced (art. 152 [of Gauss' work]) to $$y^{2} \bmod{4*a*m}\equiv b^{2}-4*a*c$$. For each root $$y$$, it remains to solve $$2*a*x+b=y \bmod{4*a*m}$$.

Quoting from

Knowing that $$\sqrt{-1}_{1}=568 \bmod{89*29}$$ then


 * $$-1 \bmod{89*29}\equiv b*(b+1)+ 568$$

or


 * $$-569 \bmod{89*29}\equiv b*(b+1)$$

For the purposes of this example we will say that $$-569\bmod{89*29}\equiv (-390) (-389)$$ since $$1335-945=390$$ and $$945\equiv \sqrt{-1}_{2}\bmod{89*29}$$

Since $$390=1335-945$$ we can multiply by $$\sqrt{-1}_{1}=568$$ which is known giving

$$568*1335-2493$$ and since $$-2*1335+1 \bmod{89*29}\equiv 2493\equiv \sqrt{1}$$

then the sum above equals $$568*1335+2*1335-1$$, so add 1 and get $$(568+2)*1335$$.

Dividing by $$570$$, which is known, gives us $$1335$$.

$$1335$$ is a multiple of $$89$$, one of the factors. This can quickly be derived via the Greatest Common Divisor function.

The equation, $$-1 \bmod{89*29}\equiv b*(b+1)+ 568$$, shown above, is easily turned into a quadratic equation:


 * $$0 \bmod{89*29}\equiv 1*(x^{2})+1*x+ 569$$

Let's see how it fares with Gauss's quadratic construction (as shown by Dickson):(a=1,b=1,c=569):


 * $$1^2 - 4*(1)*569\bmod{ 4 *1* 89* 29}\equiv 8049$$

and


 * $$\sqrt{8049}\bmod{4*1*89*29}\equiv 779$$

and


 * $$2*389+1\bmod{4*1*89*29}\equiv 779$$, thus $$x=389$$

We can see here that this matches well with the $$390$$ answer we have from the blockquote above. Also, from the blockquote above, we can see that $$390$$ with knowledge of one of the square roots of -1 (568) is enough to factor the modulus.

As well, with knowledge of one of the square roots of -1 and the good fortune of having


 * $$1-4*\sqrt{-1}_{\bmod{p*q}}\bmod{4*1*p*q}\equiv NATURALSQUARE$$

that we don't have to take the modular square root and thus the equation is quickly solvable!

Theoretically, all quadratic equations could be converted into natural squares
When one considers that:


 * $$n*(x^{2}+x+INTEGER)$$ converts $$a=n$$,$$b=n$$,$$c=INTEGER*n$$

If this new sum results in a natural square via $$n^{2}-4*n*INTEGER*n \bmod{4*n*p*q}$$

then the resulting $$x$$ value will be the same as the original equation.

Likewise, when you add or subtract:


 * $$x^{2}+x+INTEGER \pm n*(x^{2}+x+INTEGER)$$ converts $$a=1\pm n$$,$$b=1 \pm n$$,$$c=INTEGER\pm INTEGER*n$$

you may end up with a natural square in the


 * $$(1\pm n)^{2}-4*(1\pm n)*INTEGER*(n\pm 1) \bmod{4*(1 \pm n)*p*q}$$

Using this method, theoretically, all quadratic equations could be turned into natural squares with the X values the same as the original equation.

The Alternative Formula For The Quadratic Equation Seen In Modular Arithmetic
Looking at the Quadratic_equation for the modular quadratic equation, one can see here that it is :

The general quadratic equation can be written in the standard form
 * $$x^2-4ux+4v^2=0$$

where $R[x]$ and $u$ are complex numbers. Then the solutions can be written in the particularly symmetric form
 * $$x_{1,2}=(\sqrt{u+v}\pm\sqrt{u-v})^2$$

or equivalently
 * $$x_{1,2}=(\sqrt{u-v}\pm\sqrt{u+v})^2.$$

Now if:


 * 1) the complex numbers U and V were the same
 * 2) U had the parameters of a pythagorean triple
 * 3) one knew the $$\sqrt{-1}_{i}\bmod{p*q}$$

then $$x_{1,2}$$ could be worked out since


 * U+V are the parameters for a pythagorean modular square
 * U-V is zero

the root could be taken of 2*U and this would be the answer to the quadratic equation. An example showing this to be true for modular numbers follows:

Using the Pythagorean Triple 3 4 5, construct a modular complex number where 568 is the square root of -1 mod 89*29

Mod[4 + 3 568, 89 29]= 1708

Just to be quick use Mathematica to solve this equation which is the alternative quadratic equation mentioned above

Solve[x^2 - 4 1708 x + 4 1708^2 == 0, {x}, Modulus -> 89 29]

Now take the square root of 2*1708, (see previous sections pertaining to taking modular square roots using the pythagorean parameters)

Mod[(3 + 568), 89 29]= 571

Now square this number, and viola, we have the correct answer

Mod[571^2, 89 29]= 835

Pythagorean Triples Can Make A Natural Square For Gauss's Quadratic Equation
In this section, I will quickly show that Pythagorean Triples, fed into Gauss' Quadratic Equation solution, can provide natural squares in the $$b^{2}-4*a*c\bmod{4*a*m}$$ half the time. However, the root of the natural square given is NOT the solution root. The solution root is the $$root*\sqrt{1}\bmod{m}$$.

This method rests upon the observation that


 * $$2*(a+b_{1}^{2} + b*\sqrt{1})-D*(a_{1}+b_{1}*\sqrt{1})\bmod{m}\equiv 2(a+b_{1}^{2})-D*a_{1}$$ where $$D=2*b/b_{1}$$

or
 * $$x^{2}-D*x+(2(a+b_{1}^{2})-D*a_{1})\equiv 0$$ so that $$a=1, b=-D, c=(2(a+b_{1}^{2})-D*a_{1})$$

As such, $$2(a+b_{1}^{2})-D*a_{1}$$ is an equation that does not contain $$\sqrt{1}\bmod{m}$$ or any unknown. See for a citation on the use of Pythagorean Triples and squares and roots using $$\sqrt{1}\bmod{p*q}$$ instead of $$\sqrt{-1}\bmod{p*q}$$ as is normally the case in this math blog. See here for an explanation of the Pythagorean Triples method mentioned in this post.

The following Mathematica procedure shows that Pythagorean Triples fed into Gauss' method of solving a modular quadratic equation can provide natural squares for $$b^{2}-4*a*c\bmod{4*a*m}$$.

(* type: 1 SQUARE ROOT OF 1 sought *) (* type: 2 SQUARE ROOT OF -1 sought *) (* type: 3 CUBE ROOT OF -1 sought *)

gaussian[p_, q_, lp3_, type_] := Module[{lp1, lp2, py1, py2, py3, r1, r2, mult, minus, square, root, ans1, ans3, ans2, ans4, cnt1, cnt2, sqrt, stoploop}, cnt1 = 0; cnt2 = 0; stoploop = 10; sqrt = Mod[p PowerMod[p, -1, q], p q]; If[Mod[(2 sqrt + 1), p q] == 1, sqrt = 2 sqrt + 1;, sqrt = 2 sqrt - 1; ]; For[lp1 = 1, lp1 < lp3, lp1++, For[lp2 = 1, lp2 < lp3, lp2++, If[lp1 == lp2, Continue[]]; cnt1++; py1 = 2 lp1 lp2; py2 = lp1^2 - lp2^2; If[py2 < 0, Continue[];]; py3 = lp1^2 + lp2^2; If[py1^2 + py2^2 == py3^2, r1 = (py3 + py1)^(1/2); r2 = (py3 - py1)^(1/2); If[r1 == IntegerPart[r1] && r2 == IntegerPart[r2], If[type == 1, mult = Mod[2 py2 PowerMod[r2, -1, p q], p q]; minus = Mod[-(2 py1 + 2 r2 r2 - mult r1), p q]; ];      If[type == 2, mult = Mod[2 py2 PowerMod[r2, -1, p q], p q]; minus = Mod[-(2 py1 - mult r1), p q]; ];      If[type == 3, mult = Mod[(2 py2 + r2^2 ) PowerMod[r2, -1, p q], p q]; minus = Mod[-(2 py1 - mult r1), p q]; ];      square = mult^2 - 4 minus; root = square^(1/2); If[root > 0 && root == IntegerPart[root], Print[{{"Pythagorean Triple ", py1, py2, py3}, {"Root Coefficients ", r1, r2}, {"mult", mult, "minus", minus, "square", square}, {"(b^2-4ac)^(1/2) ", root}, {lp1, lp2}}]; Print["following is x in 2*x-b==root"]; Print[{ans2 = Solve[2 x - mult == root, {x}, Modulus -> p q], ans1 = Solve[2 x - mult == root sqrt, {x}, Modulus -> p q]         }]; ans3 = Mod[(x - (r1)) PowerMod[r2, -1, p q], p q] /. ans1; ans4 = Mod[(x - (r1)) PowerMod[r2, -1, p q], p q] /. ans2; Print[{"2 x-b=root", ans4, "2 x-b=root*(1)^(1/2)", ans3}]; cnt2++; If[cnt2 > stoploop, Exit[];]; ];      ];      ];     ];   ];  Print[{"success: ", cnt2, "attempts: ", cnt1}]; ] gaussian[337, 577,5,1] The Output for this procedure is: {{Pythagorean Triple ,4,3,5},{Root Coefficients ,3,1},{mult,6,minus,8,square,4},{(b^2-4ac)^(1/2) ,2}}

following is x in 2*x-b==root

{{{x->4}},}

{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}

{{Pythagorean Triple ,6,8,10},{Root Coefficients ,4,2},{mult,8,minus,12,square,16},{(b^2-4ac)^(1/2) ,4}}

following is x in 2*x-b==root

{{{x->6}},}

{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}

{{Pythagorean Triple ,12,5,13},{Root Coefficients ,5,1},{mult,10,minus,24,square,4},{(b^2-4ac)^(1/2) ,2}}

following is x in 2*x-b==root

{{{x->6}},}

{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}

{{Pythagorean Triple ,8,15,17},{Root Coefficients ,5,3},{mult,10,minus,16,square,36},{(b^2-4ac)^(1/2) ,6}}

following is x in 2*x-b==root

{{{x->8}},}

{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}

{{Pythagorean Triple ,16,12,20},{Root Coefficients ,6,2},{mult,12,minus,32,square,16},{(b^2-4ac)^(1/2) ,4}}

following is x in 2*x-b==root

{{{x->8}},}

{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}

{{Pythagorean Triple ,24,7,25},{Root Coefficients ,7,1},{mult,14,minus,48,square,4},{(b^2-4ac)^(1/2) ,2}}

following is x in 2*x-b==root

{{{x->8}},}

{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}

{success: ,6,attempts: ,12}

The answer to Gauss equation, the $$(x-a_{1})/b_{1}\equiv 118286\bmod{337*577}\equiv \sqrt{1}$$ is given by the root obtained by the Pythagorean Triples method multiplied by the $$\sqrt{1}\bmod{m}$$.

Thus part of the root is obtained by this method, but not the whole root needed.

Two other anchors, besides $$\sqrt{1}\bmod{p*q}$$, for the square and root equations are possible:


 * $$2*(a+b_{1}^{2}+b*\sqrt{1})\bmod{p*q}\equiv (a_{1}+b_{1}*\sqrt{1})^{2}$$
 * $$2*(a+b*\sqrt{-1})\bmod{p*q}\equiv (a_{1}+b_{1}*\sqrt{-1})^{2}$$
 * $$(2*a+(2*b+b_{1}^{2})*\sqrt[3]{-1})\bmod{p*q}\equiv (a_{1}+b_{1}*\sqrt[3]{-1})^{2}$$

Feeding in the following parameters will return natural squares for when the anchor is $$\sqrt{-1}\bmod{p*q}$$. The actual square root of -1 will be found when the square is found. The equation that has to be solved in order to find the first natural square is:


 * $$2 *(lp1^{2} + lp2^{2}) + 1\bmod{p*q}\equiv 2 *(lp1 + lp2)$$

There seems to be no easy way to solve this equation. The output for the procedure for the first 10 natural squares follows:

{{Pythagorean Triple ,57618,78800,97618},{Root Coefficients ,394,200},{mult,788,minus,787,square,617796},{(b^2-4ac)^(1/2) ,786},{297,97}}

following is x in 2*x-b==root

{{{x->787}},}

{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

{{Pythagorean Triple ,58408,79200,98408},{Root Coefficients ,396,200},{mult,792,minus,2367,square,617796},{(b^2-4ac)^(1/2) ,786},{298,98}}

following is x in 2*x-b==root

{{{x->789}},}

{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

{{Pythagorean Triple ,59202,79600,99202},{Root Coefficients ,398,200},{mult,796,minus,3955,square,617796},{(b^2-4ac)^(1/2) ,786},{299,99}}

following is x in 2*x-b==root

{{{x->791}},}

{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

{{Pythagorean Triple ,60000,80000,100000},{Root Coefficients ,400,200},{mult,800,minus,5551,square,617796},{(b^2-4ac)^(1/2) ,786},{300,100}}

following is x in 2*x-b==root

{{{x->793}},}

{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

{{Pythagorean Triple ,60802,80400,100802},{Root Coefficients ,402,200},{mult,804,minus,7155,square,617796},{(b^2-4ac)^(1/2) ,786},{301,101}}

following is x in 2*x-b==root

{{{x->795}},}

{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

{{Pythagorean Triple ,61608,80800,101608},{Root Coefficients ,404,200},{mult,808,minus,8767,square,617796},{(b^2-4ac)^(1/2) ,786},{302,102}}

following is x in 2*x-b==root

{{{x->797}},}

{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

{{Pythagorean Triple ,62418,81200,102418},{Root Coefficients ,406,200},{mult,812,minus,10387,square,617796},{(b^2-4ac)^(1/2) ,786},{303,103}}

following is x in 2*x-b==root

{{{x->799}},}

{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

{{Pythagorean Triple ,43776,87232,97600},{Root Coefficients ,376,232},{mult,752,minus,751,square,562500},{(b^2-4ac)^(1/2) ,750},{304,72}}

following is x in 2*x-b==root

{{{x->751}},}

{2 x-b=root,{61186},2 x-b=root*(1)^(1/2),{55416}}

{{Pythagorean Triple ,63232,81600,103232},{Root Coefficients ,408,200},{mult,816,minus,12015,square,617796},{(b^2-4ac)^(1/2) ,786},{304,104}}

following is x in 2*x-b==root

{{{x->801}},}

{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

In order to find the cube root of -1 mod p*q, the following call of the procedure will provide the first ten natural squares. In order to find the first natural square the following equation must be solved:


 * $$3*lp1^{2} + lp2^{2}-1\bmod{p*q}\equiv 3*lp1+lp2$$

There doesn't seem to be an easy way to solve this equation.


 * gaussian[337, 577, 500, 3]

{{Pythagorean Triple ,85376,19968,87680},{Root Coefficients ,416,48},{mult,880,minus,879,square,770884},{(b^2-4ac)^(1/2) ,878},{232,184}}

following is x in 2*x-b==root

{{{x->879}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,86210,20064,88514},{Root Coefficients ,418,48},{mult,884,minus,2643,square,770884},{(b^2-4ac)^(1/2) ,878},{233,185}}

following is x in 2*x-b==root

{{{x->881}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,87048,20160,89352},{Root Coefficients ,420,48},{mult,888,minus,4415,square,770884},{(b^2-4ac)^(1/2) ,878},{234,186}}

following is x in 2*x-b==root

{{{x->883}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,87890,20256,90194},{Root Coefficients ,422,48},{mult,892,minus,6195,square,770884},{(b^2-4ac)^(1/2) ,878},{235,187}}

following is x in 2*x-b==root

{{{x->885}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,88736,20352,91040},{Root Coefficients ,424,48},{mult,896,minus,7983,square,770884},{(b^2-4ac)^(1/2) ,878},{236,188}}

following is x in 2*x-b==root

{{{x->887}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,89586,20448,91890},{Root Coefficients ,426,48},{mult,900,minus,9779,square,770884},{(b^2-4ac)^(1/2) ,878},{237,189}}

following is x in 2*x-b==root

{{{x->889}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,90440,20544,92744},{Root Coefficients ,428,48},{mult,904,minus,11583,square,770884},{(b^2-4ac)^(1/2) ,878},{238,190}}

following is x in 2*x-b==root

{{{x->891}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,91298,20640,93602},{Root Coefficients ,430,48},{mult,908,minus,13395,square,770884},{(b^2-4ac)^(1/2) ,878},{239,191}}

following is x in 2*x-b==root

{{{x->893}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,92160,20736,94464},{Root Coefficients ,432,48},{mult,912,minus,15215,square,770884},{(b^2-4ac)^(1/2) ,878},{240,192}}

following is x in 2*x-b==root

{{{x->895}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,93026,20832,95330},{Root Coefficients ,434,48},{mult,916,minus,17043,square,770884},{(b^2-4ac)^(1/2) ,878},{241,193}}

following is x in 2*x-b==root

{{{x->897}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

{{Pythagorean Triple ,93896,20928,96200},{Root Coefficients ,436,48},{mult,920,minus,18879,square,770884},{(b^2-4ac)^(1/2) ,878},{242,194}}

following is x in 2*x-b==root

{{{x->899}},}

{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

A 500 bit root and square of a 1000 bit modulus
Going from the formula


 * $$square=2*a+(I+1)*b_{1}^{2}+2*b$$

and
 * $$root=a_{1}+b_{1}\sqrt{I}$$

where I and $$\sqrt{I}$$ are natural squares and roots (not the $$\sqrt{-1}\bmod{p*q}$$

then a low root and square combination can be made of RSA260(850bits) shown in the following mathematica

In[3]:= RSA260

Out[3]= 22112825529529666435281085255026230927612089502470015394413748\ 3191288229414020019865127297265697465990859003300314000511707422045608\ 5927635795375718595429883895870922923849100670303412462054578456641366\ 4540684214361293017694020846391065875914794251435144458199

Get the root of the smallest square above RSA260 this is a 500 bit number of the 1000 bit modulus

In[5]:= IIR = Mod[(Floor[RSA260^(1/2)] + 1), RSA260]

Out[5]= 47024276208709120795061378748873252735571493245640595713707096\ 29848608672008763225036307999162383887826987432678940935201933498834

show the square

In[15]:= II = Mod[(Floor[RSA260^(1/2)] + 1)^2, RSA260]

Out[15]= 5481945886733977199005335761622105011576817180922572940050371\ 080118837515862925645017501652267319433494304753217083279905934901357

show the Pythagorean square root combination

In[9]:= Mod[(8 + (II + 1) + 6 IIR), RSA260] == Mod[(3 + IIR)^2, RSA260]

Out[9]= True

show the square (500 bits of 1000 bit modulus)

In[10]:= Mod[(8 + (II + 1) + 6 IIR), RSA260]

Out[10]= 3369651161195944967604216301094605665291971312830693036827462\ 8859210489547915504995235349647241622760456229349290728891117535894370

show the root

In[14]:= Mod[(3 + IIR), RSA260]

Out[14]= 4702427620870912079506137874887325273557149324564059571370709\ 629848608672008763225036307999162383887826987432678940935201933498837

A Formula For The Square Root Of Negative Three
Considering that the above math has found another formula for the square root of -1 mod p*q. Normally, solving $$x^{2}+y^{2}==p*q$$ solves for $$\sqrt{-1}\bmod{p*q}\equiv x*y^{-1}$$, whereas we have now decided that solving for $$2(x^{2}+y^{2})+1\bmod{p*q}\equiv 2(x+y)$$, and since for the cube root of 1 we have the formula $$3*x^{2}+y^{2}+1\bmod{p*q}\equiv 2*x+y$$, then the following formula should also hold, by symmetry:


 * $$3* x^{2} + y^{2} == p*q$$

It does as in: Solve[3 x^2 + y^2 == 337 577, {x, y}, Integers]

Out[4]= {{x -> -160, y -> -343}, {x -> -160, y -> 343}, {x -> -24, y -> -439}, {x -> -24, y -> 439}, {x -> 24, y -> -439}, {x -> 24, y -> 439}, {x -> 160, y -> -343}, {x -> 160, y -> 343}}

Mod[3 (-160) PowerMod[-343, -1, 337 577], 337 577]=8505 this is the square root of -3 mod 337*577

A Formula For The Square Root Of Negative Five
Leonard Eugene Dickson at p219 vol 1 of "History Of Numbers" shows that A. Cunningham anticipates some of the math below by showing that $$a^2+b^2 \bmod{p*q}\equiv 0$$ then $$a*b^{-1} \bmod{p*q}\equiv \sqrt{-1}$$. However you can generalise beyond the roots of -1 to other negative roots, via the math below. "Number Theory" by Shanks at p143 also shows this type of construction in that $$N*SQUARE1+SQUARE2 \bmod{p}\equiv 0$$ then $$N*\sqrt{SQUARE1}*\sqrt[-1]{SQUARE2}\bmod{p}\equiv\sqrt{-N}$$

Australian Innovation Patents 2018100869 and 2018100919 show this generalisation more explicitly and for higher powers (which Cunningham suggested for the case of -1)

The quote from Dickson's "History Of Numbers" follows:

A. Cunningham indicated how his tables may be used to solve directly $$x^{n} \equiv -1 \bmod{p}$$ for $$n=2,3,4,6,12$$. From $$p=a^{2}+b^{2}$$, we get the roots $$x\equiv a/b$$ of $$x^{2}\equiv -1 \bmod{p}$$. Also $$p=a^{2}+b^{2}=c^{2}+2*d^{2}$$ gives the roots $$\pm d(a+b)/(c*e)$$ and $$\pm c(a \pm b)/(2de)$$ of $$x^{4}\equiv -1\bmod{p}$$ , when e=a or b. Again, $$p=A^{2}+3*B^{2}$$ gives the roots $$(A-B)/(2B)$$, $$(B+A)/(B-A)$$, and their reciprocals of $$x^{3}\equiv 1\bmod{p}$$

The above math seems also to hold for the $$p*q$$ modulus as well.

Applying the same technique to the square root of -5:

Solve[5 x^2 + y^2 == 89 29, {x, y}, Integers]

Out[14]= {{x -> -18, y -> -31}, {x -> -18, y -> 31}, {x -> -6, y -> -49}, {x -> -6, y -> 49}, {x -> 6, y -> -49}, {x -> 6, y -> 49}, {x -> 18, y -> -31}, {x -> 18, y -> 31}}

Mod[5 (-18) PowerMod[(-31), -1, 89 29], 89 29]==1002

Mod[1002^2, 89 29]== -5

A Formula For The Square Root Of Three
I am indebted to the Youtube Mathologer video for this equation.

Put forward as a proof that the square root of 3 is irrational, this equation can often be achieved in modular arithmetic:


 * $$3*x^{2}\bmod{p*q}\equiv y^{2}$$

the root for 3, as opposed to -3 is:


 * $$3*x*y^{-1}\bmod{p*q}\equiv \sqrt{3}$$

Example in mathematica follows:

establish the sum of three squares

Mod[3 8^2, 61 73]= 192

get the modular square root of the sum

PowerMod[192, 1/2, 61 73]= 241

find the modular square root of 3 now

Mod[3 8 PowerMod[241, -1, 61 73], 61 73]= 1700

confirm the root has been found

Mod[1700^2, 61 73]= 3

It follows then that the modular square root of one number can be found if the modular square root of another number can be found, in this case the square root of 3 can be found from the square root of 192 in the 61*73 modulus.

Modular Square Roots From x^2+y^2 mod p*q equiv z^2
Remembering the sum of three squares work equaling zero, that appears in other sections of this blog, then we can create $$x^{2}+y^{2} \bmod{p*q}\equiv z^{2}$$ and establish the square whose root is to be found as:


 * $$\sqrt{x^{2}*y^{-2}+1} \bmod{p*q}\equiv (x^{2}*y^{-2}+1)*y*z^{-1}\bmod{p*q}$$

A Mathematica example follows:

Use this function to get the x^2+y^2 mod p*q === z^2

getASquareRootN[n_, n1_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a2 = IntegerPart[n^(1/2)/n1]; For[a1 = 1, a1 <= 10000, a1++, a4 = a1 n + n1^2; If[Mod[a4, 4] == 1 && PrimeQ[a4], Break[];];]; a5 = PowersRepresentations[a4, 2, 2]; a6 = Mod[a51, 1^2 PowerMod[a51, 2^2, -1, n ] + 1, n]; a7 = Mod[a6 a51, 2 PowerMod[n1, -1, n], n]; a8 = Mod[a7^2, n]; Return[{n1, a7, a6, a8}]]

try some examples out

getASquareRootN[61 73, 4]={4, 1071, 2620, 2620}

and the root has been found after the square is established

Mod[1071^2, 61 73]= 2620

getASquareRootN[89 29, 7]= {7, 295, 1852, 1852}

Mod[295^2, 89 29]= 1852

Taking another example that after creating: $$3*8^{2}\bmod{61*73}\equiv 241^{2}$$ and $$3*8*241^{-1}\bmod{61*73}\equiv 1700$$ and also that $$241*8^{-1}\bmod{61*73}\equiv 1700$$. So our math still reveals the root of two squares, but, as I have said before, all roots mod p*q are the division of two squares.

Note that if we use this equation (which is entirely possible to do):


 * $$3* 8 *192\bmod{ 61* 73}\equiv 1670$$

and this 1670 is:


 * $$1700*241^{-1}\bmod{ 61 *73}\equiv \sqrt{3}*\sqrt{192}^{-1}$$

so we can find the division of two roots.

Modular Square Roots From The Closest Prime To P*Q
If we take $$67*73-2=PRIME$$ we can easily take $$\sqrt{-1}\bmod{67*73-2}$$ if there is a modular square root of this. We can take this modular square root of $$67*73-2$$ and create a modular square root of the modulus $$67*73$$. If we take the quotient of this square root squared against the $$\bmod{67*73-2}$$ then we can find the modular square root of $$-2*quotient-1\bmod{67*73}$$

To generalize: $$\sqrt{-A*quotient-B}\bmod{p*q}\equiv \sqrt{-B}\bmod{p*q-A}$$ where $$quotient=\lceil{(\sqrt{-B}\bmod{p*q-A})^2/(p*q-A)}\rceil$$

The mathematica follows:

PowerMod[-1, 1/2, 67 73 - 2]= 730

PrimeQ[67 73 - 2]= True

so we can easily take square roots of this modulus

get the quotient

N[730 730/(67 73 - 2)]= 109.

create the new square in the p*q modulus

Mod[-2 (109) - 1, 67 73]= 4672

confirm the root^2 = square

Mod[730^2, 67 73]= 4672

In this way we can sorta go between the modulus $$67*73$$ and $$67*73-2$$.

One may note that the root is decided before the square is found, so this may not actually be a nouvelle way to find a root, however, it does go between modula. This technique also works for cubes. Example to be shown later.

Here's some Mathematica which shows that the way to create the square other than squaring the root holds:

try123[p_, q_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a1 = NextPrime[p, 1]; For[a2 = 1, a2 < 100, a2++, a3 = NextPrime[q, 1]; For[a4 = 1, a4 < 100, a4++, If[a1 == a3, Continue[];]; If[PrimeQ[a1 a3 - 2], a5 = a1 a3 - 2; If[IntegerQ[PowerMod[-1, 1/2, a5]], a6 = PowerMod[-1, 1/2, a5]; a7 = Floor[N[a6^2/(a5)]]; If[EvenQ[a7], Print[{{a1, a3}, a5, a7, {a6}, {Mod[-2 a7 - 3, a1 a3], Mod[a6^2, a1 a3]}}]; ];     ];     ];    a3 = NextPrime[a3, 1]; ];  a1 = NextPrime[a1, 1]; ]; ]

try123[88, 28] P  Q   -2   Quot Root   Square {{107,53},5669,192,{1046},{5284,5284}}

{{107,89},9521,480,{2140},{8560,8560}}

{{109,79},8609,388,{1830},{7832,7832}}

{{113,47},5309,612,{1804},{4084,4084}}

{{113,83},9377,864,{2848},{7648,7648}}

{{131,29},3797,144,{742},{3508,3508}}

{{131,89},11657,1992,{4820},{7672,7672}}

{{137,59},8081,1920,{3940},{4240,4240}}

{{137,83},11369,828,{3070},{9712,9712}}

{{137,107},14657,900,{3634},{12856,12856}}

{{139,109},15149,792,{3466},{13564,13564}}

{{149,47},7001,204,{1198},{6592,6592}}

{{151,61},9209,12,{346},{9184,9184}}

{{157,79},12401,2976,{6076},{6448,6448}}

{{157,127},19937,1824,{6032},{16288,16288}}

{{163,97},15809,2688,{6520},{10432,10432}}

{{167,53},8849,1012,{2994},{6824,6824}}

{{179,29},5189,1152,{2446},{2884,2884}}

{{181,163},29501,2376,{8374},{24748,24748}}

{{191,101},19289,108,{1450},{19072,19072}}

{{197,83},16349,964,{3972},{14420,14420}}

{{211,181},38189,184,{2658},{37820,37820}}

{{223,181},40361,444,{4238},{39472,39472}}

{{229,79},18089,408,{2720},{17272,17272}}

{{229,199},45569,292,{3654},{44984,44984}}

{{233,191},44501,3276,{12076},{37948,37948}}

{{239,101},24137,2104,{7128},{19928,19928}}

{{241,151},36389,4524,{12832},{27340,27340}}

{{241,211},50849,10564,{23178},{29720,29720}}

{{251,41},10289,2272,{4836},{5744,5744}}

{{251,233},58481,144,{2912},{58192,58192}}

{{257,59},15161,1324,{4482},{12512,12512}}

{{263,41},10781,520,{2370},{9740,9740}}

{{263,101},26561,996,{5146},{24568,24568}}

{{263,173},45497,4140,{13726},{37216,37216}}

{{263,257},67589,13212,{29884},{41164,41164}}

{{271,109},29537,1200,{5956},{27136,27136}}

{{271,229},62057,1692,{10250},{58672,58672}}

{{277,79},21881,264,{2408},{21352,21352}}

{{277,139},38501,1024,{6282},{36452,36452}}

{{281,131},36809,8988,{18190},{18832,18832}}

{{281,239},67157,60,{2024},{67036,67036}}

{{281,251},70529,2532,{13366},{65464,65464}}

{{283,97},27449,4812,{11494},{17824,17824}}

{{283,193},54617,1144,{7908},{52328,52328}}

{{293,83},24317,5064,{11098},{14188,14188}}

{{293,227},66509,7684,{22608},{51140,51140}}

{{307,73},22409,1564,{5922},{19280,19280}}

{{307,109},33461,5740,{13860},{21980,21980}}

{{311,293},91121,11764,{32742},{67592,67592}}

{{313,43},13457,0,{116},{13456,13456}}

{{313,103},32237,4120,{11526},{23996,23996}}

{{317,59},18701,276,{2276},{18148,18148}}

{{317,167},52937,1564,{9102},{49808,49808}}

{{331,229},75797,240,{4274},{75316,75316}}

{{337,43},14489,12,{434},{14464,14464}}

{{337,127},42797,4260,{13504},{34276,34276}}

{{337,223},75149,17172,{35924},{40804,40804}}

{{337,307},103457,8004,{28778},{87448,87448}}

{{347,29},10061,2104,{4602},{5852,5852}}

{{347,173},60029,14884,{29892},{30260,30260}}

{{347,233},80849,7024,{23832},{66800,66800}}

{{349,211},73637,3372,{15760},{66892,66892}}

{{353,191},67421,9924,{25868},{47572,47572}}

{{367,37},13577,444,{2458},{12688,12688}}

{{367,97},35597,6340,{15024},{22916,22916}}

{{373,67},24989,3972,{9964},{17044,17044}}

{{373,367},136889,12,{1334},{136864,136864}}

{{379,61},23117,2520,{7634},{18076,18076}}

{{379,181},68597,432,{5450},{67732,67732}}

{{383,257},98429,19668,{44000},{59092,59092}}

{{383,281},107621,15456,{40786},{76708,76708}}

{{383,353},135197,15732,{46120},{103732,103732}}

{{389,71},27617,3120,{9284},{21376,21376}}

{{389,131},50957,600,{5534},{49756,49756}}

{{389,227},88301,7716,{26104},{72868,72868}}

{{397,127},50417,2464,{11148},{45488,45488}}

{{397,163},64709,14172,{30284},{36364,36364}}

{{401,251},100649,21532,{46554},{57584,57584}}

{{409,79},32309,3312,{10346},{25684,25684}}

{{409,127},51941,60,{1780},{51820,51820}}

{{409,151},61757,10024,{24882},{41708,41708}}

{{409,211},86297,5160,{21104},{75976,75976}}

{{421,31},13049,72,{976},{12904,12904}}

{{421,199},83777,324,{5218},{83128,83128}}

{{431,173},74561,10704,{28252},{53152,53152}}

{{431,401},172829,3972,{26204},{164884,164884}}

{{433,223},96557,16500,{39916},{63556,63556}}

{{439,61},26777,12,{590},{26752,26752}}

{{439,409},179549,564,{10072},{178420,178420}}

{{443,101},44741,544,{4938},{43652,43652}}

{{443,233},103217,84,{2962},{103048,103048}}

{{449,59},26489,984,{5108},{24520,24520}}

{{449,179},80369,628,{7110},{79112,79112}}

{{449,347},155801,8076,{35474},{139648,139648}}

{{457,307},140297,21304,{54672},{97688,97688}}

{{461,59},27197,2532,{8300},{22132,22132}}

{{461,83},38261,976,{6114},{36308,36308}}

{{461,431},198689,25824,{71632},{147040,147040}}

{{463,73},33797,540,{4276},{32716,32716}}

{{463,97},44909,5988,{16400},{32932,32932}}

{{463,397},183809,18832,{58836},{146144,146144}}

{{467,137},63977,7912,{22500},{48152,48152}}

{{467,197},91997,324,{5468},{91348,91348}}

{{467,257},120017,23124,{52682},{73768,73768}}

{{479,281},134597,9804,{36328},{114988,114988}}

{{479,317},151841,1860,{16810},{148120,148120}}

{{487,229},111521,6564,{27058},{98392,98392}}

{{487,337},164117,29580,{69676},{104956,104956}}

{{487,409},199181,20856,{64454},{157468,157468}}

{{487,433},210869,492,{10196},{209884,209884}}

{{491,53},26021,256,{2586},{25508,25508}}

{{491,389},190997,29964,{75652},{131068,131068}}

{{499,37},18461,40,{870},{18380,18380}}

{{499,157},78341,15360,{34690},{47620,47620}}

{{499,229},114269,18228,{45640},{77812,77812}}

{{499,349},174149,672,{10826},{172804,172804}}

{{503,293},147377,4980,{27094},{137416,137416}}

{{509,59},30029,2712,{9026},{24604,24604}}

{{509,71},36137,220,{2826},{35696,35696}}

{{509,467},237701,796,{13764},{236108,236108}}

{{521,179},93257,444,{6442},{92368,92368}}

{{521,251},130769,1428,{13670},{127912,127912}}

{{523,73},38177,1312,{7080},{35552,35552}}

{{523,193},100937,2172,{14810},{96592,96592}}

{{523,313},163697,9460,{39354},{144776,144776}}

{{523,373},195077,34764,{82352},{125548,125548}}

{{523,397},207629,29592,{78386},{148444,148444}}

{{541,79},42737,1104,{6872},{40528,40528}}

{{541,151},81689,8632,{26556},{64424,64424}}

{{541,271},146609,9552,{37424},{127504,127504}}

{{547,73},39929,5464,{14772},{29000,29000}}

{{547,397},217157,0,{466},{217156,217156}}

{{557,47},26177,100,{1626},{25976,25976}}

{{557,479},266801,784,{14472},{265232,265232}}

{{563,41},23081,424,{3132},{22232,22232}}

{{563,53},29837,5784,{13138},{18268,18268}}

{{563,173},97397,144,{3758},{97108,97108}}

{{563,281},158201,844,{11562},{156512,156512}}

{{563,557},313589,2832,{29806},{307924,307924}}

{{569,59},33569,772,{5094},{32024,32024}}

{{569,479},272549,66048,{134170},{140452,140452}}

{{571,73},41681,1584,{8128},{38512,38512}}

{{571,373},212981,1116,{15424},{210748,210748}}

{{571,433},247241,7260,{42370},{232720,232720}}

{{577,43},24809,5352,{11524},{14104,14104}}

{{577,127},73277,11880,{29506},{49516,49516}}

{{577,223},128669,11112,{37814},{106444,106444}}

{{577,487},280997,19680,{74366},{241636,241636}}

{{577,547},315617,100,{5646},{315416,315416}}

{{587,197},115637,8272,{30930},{99092,99092}}

{{587,233},136769,15312,{45764},{106144,106144}}

{{587,269},157901,10500,{40720},{136900,136900}}

{{587,389},228341,19804,{67248},{188732,188732}}

{{587,449},263561,46044,{110162},{171472,171472}}

{{593,71},42101,16,{846},{42068,42068}}

{{593,227},134609,3888,{22880},{126832,126832}}

{{593,443},262697,24924,{80918},{212848,212848}}

{{593,467},276929,3652,{31806},{269624,269624}}

{{599,89},53309,744,{6302},{51820,51820}}

{{599,101},60497,4032,{15620},{52432,52432}}

{{599,257},153941,13116,{44936},{127708,127708}}

{{601,43},25841,2004,{7198},{21832,21832}}

{{601,139},83537,5184,{20812},{73168,73168}}

{{601,163},97961,18216,{42244},{61528,61528}}

{{601,283},170081,1636,{16686},{166808,166808}}

{{601,331},198929,48384,{98108},{102160,102160}}

{{607,109},66161,1696,{10596},{62768,62768}}

{{607,313},189989,684,{11408},{188620,188620}}

{{607,577},350237,31144,{104442},{287948,287948}}

{{613,31},19001,4504,{9252},{9992,9992}}

{{613,43},26357,1692,{6680},{22972,22972}}

{{613,127},77849,12,{1006},{77824,77824}}

{{613,463},283817,36760,{102144},{210296,210296}}

{{617,467},288137,1372,{19890},{285392,285392}}

{{617,479},295541,50460,{122120},{194620,194620}}

{{617,587},362177,9060,{57286},{344056,344056}}

{{619,541},334877,27624,{96182},{279628,279628}}

{{631,349},220217,7752,{41320},{204712,204712}}

{{641,83},53201,3444,{13538},{46312,46312}}

{{641,131},83969,15172,{35694},{53624,53624}}

{{641,383},245501,36900,{95180},{171700,171700}}

{{641,443},283961,39240,{105560},{205480,205480}}

{{643,37},23789,3108,{8600},{17572,17572}}

{{643,181},116381,1156,{11604},{114068,114068}}

{{643,193},124097,1360,{12996},{121376,121376}}

{{643,421},270701,30900,{91460},{208900,208900}}

{{647,149},96401,1200,{10760},{94000,94000}}

{{647,509},329321,72216,{154216},{184888,184888}}

{{653,47},30689,484,{3858},{29720,29720}}

{{653,167},109049,12012,{36194},{85024,85024}}

{{653,227},148229,36864,{73922},{74500,74500}}

{{653,251},163901,14436,{48644},{135028,135028}}

{{653,563},367637,76924,{168168},{213788,213788}}

{{659,257},169361,35476,{77514},{98408,98408}}

{{659,269},177269,36828,{80800},{103612,103612}}

{{659,281},185177,6700,{35226},{171776,171776}}

{{659,509},335429,22668,{87200},{290092,290092}}

{{661,163},107741,11460,{35140},{84820,84820}}

{{661,223},147401,696,{10136},{146008,146008}}

{{673,127},85469,2244,{13852},{80980,80980}}

{{673,547},368129,52132,{138534},{263864,263864}}

Remember that there are only 2 sums of two squares, but many sums of three squares!
My independent investigations into 1 mod 4 semiprimes show that while it is well known that there are only two sums of two squares per the p*q, there are actually many many more sums of three squares that equal p*q. Legendre's three-square theorem proves that there is a sum of three squares to describe most numbers, but it doesn't hint at how many three squares equal to 1 mod 4 semiprimes.

Showing the sums of three squares for the modulus 89*29 we find:

{{0, 9, 50}, {0, 30, 41},  {6, 12, 49},  {6, 32, 39},  {9, 14, 48},  {9, 30, 40},  {14, 33, 36},  {18, 24, 41},  {18, 31, 36},  {22, 24, 39}}

You'll notice that there are two sums of 2 squares in:

{0, 9, 50}, {0, 30, 41},

With these two sums of two squares you can factor 89*29 via the famous Euler's factorization method.

Looking at the list above you notice there are 8 sums of three squares, for larger numbers there are many more. In fact there seem to be as many sums of three squares as roughly $$(p+q)/10$$.

Dickson's "History of the Theory of Numbers" vol 2 chapter 7 is entitled "Sums Of Three Squares" p259-274. On page 268 Dickson summarises the work of Eugène Charles Catalan who has a series of formulas that convert the roots of three squares into the roots of two squares:

E. Catalan states that all solutions of $$x^{2}+y^{2}=u^{2}+v^{2}+w^{2}$$ are given without repetition by:


 * $$u=x+\alpha$$
 * $$v=y-\beta$$
 * $$x=s*p+\beta* \theta$$
 * $$y=s*q+\alpha* \theta$$
 * where $$2*s=\alpha^{2}+\beta^{2}+w^{2}$$
 * and $$\alpha$$ and $$\beta$$ are relatively prime
 * while $$\beta*q-\alpha*p=1$$

Taking the sums of three squares for $$89*29=6^{2}+49^{2}+12^{2}$$, we can draw up the relevant Mathematica equation and see that these equations do get the two sums of squares from one set of three squares, and so then Euler's factorisation method can be employed to factor p*q:

In[10]:= Solve[ 6 == x + alpha && 49 == y - beta && x == s p + beta theta && y == s q + alpha theta && 2 s == alpha^2 + beta^2 + 12^2 && beta q - alpha p == 1, {x, y}, Integers]

{{x -> ConditionalExpression[-41, alpha == 47 && beta == -79 && C[1] \[Element] Integers && p == 42 + 79 C[1] && q == -25 - 47 C[1] && s == 4297 && theta == 2285 + 4297 C[1]], y -> ConditionalExpression[-30, alpha == 47 && beta == -79 && C[1] \[Element] Integers && p == 42 + 79 C[1] && q == -25 - 47 C[1] && s == 4297 && theta == 2285 + 4297 C[1]]}, {x -> ConditionalExpression[-41, alpha == 47 && beta == -19 && C[1] \[Element] Integers && p == 2 + 19 C[1] && q == -5 - 47 C[1] && s == 1357 && theta == 145 + 1357 C[1]], y -> ConditionalExpression[30, alpha == 47 && beta == -19 && C[1] \[Element] Integers && p == 2 + 19 C[1] && q == -5 - 47 C[1] && s == 1357 && theta == 145 + 1357 C[1]]}, {x -> ConditionalExpression[-9, alpha == 15 && beta == 1 && C[1] \[Element] Integers && p == C[1] && q == 1 + 15 C[1] && s == 185 && theta == -9 - 185 C[1]], y -> ConditionalExpression[50, alpha == 15 && beta == 1 && C[1] \[Element] Integers && p == C[1] && q == 1 + 15 C[1] && s == 185 && theta == -9 - 185 C[1]]}, {x -> ConditionalExpression[9, alpha == -3 && beta == 1 && C[1] \[Element] Integers && p == C[1] && q == 1 - 3 C[1] && s == 77 && theta == 9 - 77 C[1]], y -> ConditionalExpression[50, alpha == -3 && beta == 1 && C[1] \[Element] Integers && p == C[1] && q == 1 - 3 C[1] && s == 77 && theta == 9 - 77 C[1]]}, {x -> ConditionalExpression[41, alpha == -35 && beta == -79 && C[1] \[Element] Integers && p == 70 + 79 C[1] && q == 31 + 35 C[1] && s == 3805 && theta == 3371 + 3805 C[1]], y -> ConditionalExpression[-30, alpha == -35 && beta == -79 && C[1] \[Element] Integers && p == 70 + 79 C[1] && q == 31 + 35 C[1] && s == 3805 && theta == 3371 + 3805 C[1]]}, {x -> ConditionalExpression[41, alpha == -35 && beta == -19 && C[1] \[Element] Integers && p == 6 + 19 C[1] && q == 11 + 35 C[1] && s == 865 && theta == 271 + 865 C[1]], y -> ConditionalExpression[30, alpha == -35 && beta == -19 && C[1] \[Element] Integers && p == 6 + 19 C[1] && q == 11 + 35 C[1] && s == 865 && theta == 271 + 865 C[1]]}}

I found a very quick way to find a sum of three squares for a large number, specificaly RSA230. See the next section! For instance for the modulus, $$337*577$$ there are at least 92 sums of three squares applicable, which is close to $$(337+577)/10$$.

On page 274 of Dickson's History of Numbers vol2 there are two further references to mathematicians who gave formulas for converting


 * $$x^{2}+y^{2}=u^{2}+v^{2}+w^{2}$$

A. Gerardin and E Miot gave many identities $$x^{2}+y^{2}=u^{2}+v^{2}+w^{2}$$

He [A.S. Werebrusow] gave long formulas said to solve $$x^{2}+y^{2}=u^{2}+v^{2}+w^{2}$$ completely.

Neither A. Gerardin, E Miot, or A.S. Werebrusow (Веребрюсов А) seem to have wiki biops in any wiki. E. Catalan does.

A.S. Werebrusow's father seems to have a ruwiki article as an archeologist and there is another Werebrusow featured, a polar air pilot, perhaps A.S.'s son.

First Thoughts on Catalan's Equations Shown Above
Please note that if you know $$\alpha^{2}+\beta^{2}$$ and this sum is a 1 mod 4 prime number, then discovery of $$\alpha$$ and $$\beta$$ can be known in log(n) time, basically instantly. This solves for the two squares that sum to p*q.

It is possible to obtain


 * $$\alpha^{2}+\beta^{2} \bmod{GCD[SQ1,SQ2]}\equiv p*q-SQ1^{2}-SQ2^{2}$$

It is easily possible to create large numbers of three squares that equal p*q. So some of them will have sums that are $$GCD[SQ1,SQ2]$$.

I have not been able to take this attack further, except to note that $$SQ3^{2}=\alpha^{2}+\beta^{2}+2*\alpha*SQ1+2*\beta*SQ2$$ and that $$s=\alpha^{2}+\beta^{2}+\alpha*SQ1+\beta*SQ2$$ and that $$\alpha*SQ1+\beta*SQ2 \bmod{GCD[SQ1,SQ2]}\equiv 0$$.

It is also possible to come up with the following equivalence:


 * $$SQ3^{2}=\alpha^{2}+\beta^{2}+2*\alpha*SQ1+2*\beta*SQ2\bmod{SQ1+SQ2}\equiv \alpha^{2}+\beta^{2}+2*(\alpha-\beta)*SQ1$$

Second Thoughts on Catalan's Equations Shown Above
After a second thought it does seem that three squares are not needed for Catalan's equations. You can substract 2*SQUARE1, as in:


 * $$89*29-2*25^{2}=1331$$ where $$\alpha=5$$ and $$\beta=16$$.

As such:


 * $$1331 \bmod{25}\equiv 6\equiv 5*5+16*16$$

So $$\alpha^{2}+\beta^{2}$$ can be found for the mod that is a square root of this amount, rather larger than the figure I had in my post just above.

And Catalan's equations seem to work, at least for my example, as in:

(Debug) In[1]:= PowersRepresentations[2581, 2, 2]

(Debug) Out[1]= {{9, 50}, {30, 41}}

(Debug) In[13]:= Solve[ 25 == x + alpha && 25 == y - beta && x == s p + beta theta && y == s q + alpha theta && 2 s == alpha^2 + beta^2 + 1331 && beta q - alpha p == 1, {x, y}, Integers]

(Debug) Out[13]= {{x -> ConditionalExpression[-50, alpha == 75 && beta == -34 && C[1] \[Element] Integers && p == 29 + 34 C[1] && q == -64 - 75 C[1] && s == 4056 && theta == 3461 + 4056 C[1]], y -> ConditionalExpression[-9, alpha == 75 && beta == -34 && C[1] \[Element] Integers && p == 29 + 34 C[1] && q == -64 - 75 C[1] && s == 4056 && theta == 3461 + 4056 C[1]]}, {x -> ConditionalExpression[-41, alpha == 66 && beta == 5 && C[1] \[Element] Integers && p == 4 + 5 C[1] && q == 53 + 66 C[1] && s == 2856 && theta == -2293 - 2856 C[1]], y -> ConditionalExpression[30, alpha == 66 && beta == 5 && C[1] \[Element] Integers && p == 4 + 5 C[1] && q == 53 + 66 C[1] && s == 2856 && theta == -2293 - 2856 C[1]]}, {x ->

Now, $$5^{2}+16^{2}\bmod{25} \equiv 6$$ will yield possible answers that will be fully qualified, that is, the $$\alpha$$ and the $$\beta$$ derived from the sum will not be residues but full answers. Therefore, $$(5-1)^{2}+(16-1)^{2}\bmod{26}$$ will be fully qualified (not residues) as $$\alpha-1$$ and $$\beta-1$$, which can be manipulated to see if they equal a sum in the 25 modulus field. Therefore, some quick way to intersect the $$\alpha$$ and $$\beta$$ between the $$25$$ and $$26$$ fields must be found if the problem is to be solved in the manner I have described above.

Adding a 1 Mod 4 Prime Modulus To Catalan's Equations
With $$\alpha^{2}+\beta^{2}\bmod{X}$$ known now (see above section), we can add a 1 mod 4 prime modulus to Catalan's Equations.

To get an answer almost instantly that is $$x^{2}+y^{2}\bmod{p}\equiv P*Q$$, you need to:


 * set $$theta=1$$
 * set a value for $$\alpha+\beta$$. Around half will give you an answer.

Solve[0 == x + alpha && 0 == y - beta && x == s p + beta theta && y == s q + alpha theta && 2 s == alpha^2 + beta^2 + (2000029 3000017 - 2 800029^2) && beta q - alpha p == 1 && alpha^2 + beta^2 == Mod[2000029 3000017, 800029] && alpha + beta == 3 && theta == 1 && beta alpha == ba, {x, y}, Modulus -> 800029]

{{x -> ConditionalExpression[353438, alpha == 446591 && ba == 248018 && beta == 353441 && p == 539266 && q == 402359 && s == 304002 && theta == 1], y -> ConditionalExpression[353441, alpha == 446591 && ba == 248018 && beta == 353441 && p == 539266 && q == 402359 && s == 304002 && theta == 1]}, {x -> ConditionalExpression[446588, alpha == 353441 && ba == 248018 && beta == 446591 && p == 539266 && q == 397670 && s == 304002 && theta == 1], y -> ConditionalExpression[446591, alpha == 353441 && ba == 248018 && beta == 446591 && p == 539266 && q == 397670 && s == 304002 && theta == 1]}}

If you set $$\alpha+\beta$$ correctly, then you get the correct answer.

PowersRepresentations[3000029 4000037, 2, 2] {{133708, 3461553}, {1975847, 2845392}}

(Debug) In[1]:= Solve[ 0 == x + alpha && 0 == y - beta && x == s p + beta theta && y == s q + alpha theta && 2 s == alpha^2 + beta^2 + (2000029 3000017 - 2 800029^2) && beta q - alpha p == 1 && alpha^2 + beta^2 == Mod[2000029 3000017, 800029] && alpha + beta == 1593911 && theta == 1 && beta alpha == ba, {x, y}, Modulus -> 800029]

(Debug) Out[1]= {{x -> ConditionalExpression[132505, alpha == 667524 && ba == 740151 && beta == 126358 && p == 684044 && q == 615227 && s == 304002 && theta == 1], y -> ConditionalExpression[126358, alpha == 667524 && ba == 740151 && beta == 126358 && p == 684044 && q == 615227 && s == 304002 && theta == 1]}, {x -> ConditionalExpression[673671, alpha == 126358 && ba == 740151 && beta == 667524 && p == 684044 && q == 184802 && s == 304002 && theta == 1], y -> ConditionalExpression[667524, alpha == 126358 && ba == 740151 && beta == 667524 && p == 684044 && q == 184802 && s == 304002 && theta == 1]}}

Figuring out what $$\alpha*\beta$$ is will also solve the equation. There does seem to be a relationship between what you set $$\alpha+\beta$$ to and $$\alpha*\beta$$ but I haven't figured it out yet.

To conclude, if there was a way to figure out $$\alpha+\beta \bmod{P}$$ then you could use Catalan's equations to solve for 1 mod 4 semiprimes quite quickly.

All Sums Of Two Squares Are Modular Pythagorean Triples
We can take the square root of $$\alpha^{2}+\beta^{2}\bmod{P}$$ and establish a modular square root.

Then we can use Dickson's method of Pythagorean Triples described here. Therefore we can solve for the $$r$$, $$s$$ and $$t$$ of such triples as in:

Find an equivalent $$\alpha$$ and $$\beta$$ pair (ie., $$\alpha=446691$$, $$\beta=353441$$): Solve[0 == x + alpha && 0 == y - beta && x == s p + beta theta && y == s q + alpha theta && 2 s == alpha^2 + beta^2 + (2000029 3000017 - 2 800029^2) && beta q - alpha p == 1 && alpha^2 + beta^2 == Mod[2000029 3000017, 800029] && alpha + beta == 3 && theta == 1 && beta alpha == ba, {x, y}, Modulus -> 800029]

{{x -> ConditionalExpression[353438, alpha == 446591 && ba == 248018 && beta == 353441 && p == 539266 && q == 402359 && s == 304002 && theta == 1], y -> ConditionalExpression[353441, alpha == 446591 && ba == 248018 && beta == 353441 && p == 539266 && q == 402359 && s == 304002 && theta == 1]}, {x -> ConditionalExpression[446588, alpha == 353441 && ba == 248018 && beta == 446591 && p == 539266 && q == 397670 && s == 304002 && theta == 1], y -> ConditionalExpression[446591, alpha == 353441 && ba == 248018 && beta == 446591 && p == 539266 && q == 397670 && s == 304002 && theta == 1]}}

Then apply the following mathematica equation(noting that $$\sqrt{304002}\bmod{800029}\equiv 379045$$:

Solve[2 s t == r^2 && 446591 == (r + s) && 353441 == (r + t) && 379045 == (r + s + t), {r, s, t}, Modulus -> 800029]

$$r$$ climbs by the amount that $$\alpha+\beta$$ is increased in Catalan's equations.

The correct answer happens when you set the $$r$$ correctly.

Solve[2 s t == r^2 && 667524 == (r + s) && 126358 == (r + t) && 379045 == (r + s + t), {r, s, t}, Modulus -> 800029]

We haven't progressed to the answer here, but we have showed that the intermediate values of Dickson's method can be ascertained, with help from Catalan's equations, and we have shown that $$r_{0}$$ when $$\alpha+\beta=0$$ progresses to $$r_{\alpha+\beta}=r_{0}+\alpha+\beta$$ for the correct answer.

Miot Gives Formulas that instantly give 2 squares from 3, but only for some 3 squares
Miot's work gives formulas that instantly create 2 squares from 3 squares, but only for certain 3 squares. I tried this out on RSA230 but several thousand 3 square sums did not get anywhere with Miot's formulas:

Miot gives 12 formulas that derive 2 squares from 3. They are given in the following mathematica function. These formulas will instantly find 2 squares if the main conditions hit. miot[sq1_, sq2_, sq3_, pq_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15}, a1 = Solve[ sq1 == (p - m) && sq2 == (q - n) && sq3 == (2 m - 2 n) && x == (m + p - 2 n) && y == (m + q - 2 n) && m + n == p + q, {x, y}, Integers]; a2 = Solve[ sq1 == (n - m) && sq2 == (q - m + n - p) && sq3 == ( m - p) && x == (2 n - m - p) && y == (q - p) && m + n == p + q, {x, y}, Integers]; a3 = Solve[ sq1 == (p - m - q + n) && sq2 == (n - m) && sq3 == (m - q) && x == (2 n - m - q) && y == (p - q) && m + n == p + q, {x, y}, Integers]; a4 = Solve[ sq1 == (n - p) && sq2 == (n - m) && sq3 == ( m + q - p - n) && x == (q - p) && y == (2 m - n - p) && m + n == p + q, {x, y}, Integers]; If[a1 != {}, Print[a1];]; If[a2 != {}, Print[a2];]; If[a3 != {}, Print[a3];]; If[a4 != {}, Print[a4];]; a5 = Solve[ sq1 == (n - q) && sq2 == (m + p - n - q) && sq3 == (m - n) && x == (p - q) && y == (2 m - n - q) && m + n == p + q, {x, y}, Integers]; a6 = Solve[ sq1 == (2 n - 2 m) && sq2 == (p - m) && sq3 == ( q - m) && x == (p - 2 m + n) && y == (q - 2 m + n) && m + n == p + q, {x, y}, Integers]; a7 = Solve[ sq1 == (q - m) && sq2 == (p - q) && sq3 == (n + p - q - m) && x == (q - m) && y == (2 p - q - m) && m + n == p + q, {x, y}, Integers]; a8 = Solve[ sq1 == (q - n) && sq2 == (m + p - q - n) && sq3 == ( p - q) && x == (m - n) && y == (2 p + q - n) && m + n == p + q, {x, y}, Integers]; If[a5 != {}, Print[a5];]; If[a6 != {}, Print[a6];]; If[a7 != {}, Print[a7];]; If[a8 != {}, Print[a8];]; a9 = Solve[ sq1 == (2 q - q p) && sq2 == (m - p) && sq3 == (n - p) && x == (m + q - 2 p) && y == (n + q - 2 p) && m + n == p + q, {x, y}, Integers]; a10 = Solve[ sq1 == (m - q) && sq2 == (n - q) && sq3 == ( 2 p - 2 q) && x == (m + p - 2 q) && y == (n + p - 2 q) && m + n == p + q, {x, y}, Integers]; a11 = Solve[ sq1 == (q - p) && sq2 == (n + q - m - p) && sq3 == (p - m) && x == (2 q - m - p) && y == (n - m) && m + n == p + q, {x, y}, Integers]; a12 = Solve[ sq1 == (m + q - n - p) && sq2 == (q - p) && sq3 == ( p - n) && x == (2 q - n - p) && y == (m - n) && m + n == p + q, {x, y}, Integers]; If[a9 != {}, Print[a9];]; If[a10 != {}, Print[a10];]; If[a11 != {}, Print[a11];]; If[a12 != {}, Print[a12];]; Return[0]; ]

Try these for tests(these are examples from Miots work:

miot[3,2,10] miot[-5,6,2] miot[-4,-5,3] miot[4,5,-3] miot[5,-6,-2] miot[-3,-2,-10] miot[-3,1,-4] miot[2,6,1] miot[-2,2,3] miot[-1,-6,-2] miot[3,-1,4]

Werebrusow gives a general formula to derive 2 squares from 3 but it is very very slow
Werebruscow gives a general formula to derive 2 squares from 3 but it only worked on his example. For almost any other 3 square combination it was too slow to use. The mathematica formula for his work is given below:

erebrussov[sq1_, sq2_, sq3_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15}, a1 = Solve[ sq1 == (a^2 - c^2) m - (b^2 - d^2) n + (a b + c d) t && sq2 == -(a d - b c) (m - n) + (a c - b d) t && sq3 == 2 (a c m - b d n)    && x == (a^2 + c^2) m - (b^2 + d^2) n + (a b - c d) t && y == (a d - b c) (m + n) + (a c + b d) t && c*(x + sq1) == b (y + sq2) && m (y + sq2) == n (x - sq2), {x, y}, Modulus -> sq3]; Print[a1]; ]

WereBruscow's tests were: a=3;b=c=2;d=1;m=2;n=1 werebrussov[7,1,20] werebrussov[9,2,20] werebrussov[11,3,20] werebrussov[13,4,20]

It's Easy To Get The Sums Of Three Squares For RSA Numbers
With some Internet research I was able to get the sums of three squares that equal RSA230, which still hasn't been factored yet. The sums, which were computed with both Mathematica and the Python2 interpreter on the Raspberry PI are as follows:

In[42]:= RSA230

Out[42]= 1796949159794106673291612844957324615636756180801260007088891\ 8835531726460341490933493372247868650755230855864199929221814436684722\ 8740520652579374956943483892631711525225256544109808191706117425097024\ 40718010364831638288518852689

In[44]:= cc1

Out[44]= 1059443675295336206903990032177460807418972848557933447798562\ 577562645416414595037181025050793827302992107472819164

In[45]:= cc2

Out[45]= 3776571573920219939515093763531383887422242718192208743361060\ 316544426926673520279457864260379607843037554625909088

In[46]:= cc3

Out[46]= 1607662229411243491074817949573445948811265336194645770178567\ 6314739439621472137233436060406493556443939160932757439

In[48]:= cc1^2 + cc2^2 + cc3^2 == RSA230

Out[48]= True

Using Rabin and Shallit's 1986 paper "Randomized Algorithms in Number Theory" as a starting point I was able to scout some Python code on the web that efficiently find two squares to equal a prime. This code was attributed to the work of Moron, but looks to me as if it follows the algorithm specified by Rabin and Shallit.

Rabin and Shallit claim that most large numbers are the combination of a square and a prime. Therefore I was able to find the square and prime combination for RSA230 with the following Mathematica function:

gettriplesum[n_] := Module[{a1, a2, a3, a4, a5, a6a7, a8, a9, a10}, a2 = IntegerPart[n^(1/2)]; For[a1 = 1, a1 <= 10000, a1++, a3 = RandomInteger[{1, a2}]; a4 = n - a3^2; If[Mod[a4, 4] == 1 && PrimeQ[a4], Print[{a3, a4}]; Break[]; ];  ]  ]

gettriplesum[RSA230]

{ 1059443675295336206903990032177460807418972848557933447798562577562645416414595037181025050793827302992107472819164,

16847070696817776955023057830757895086859297723779890333200095426684361615676774916907649128657920475263571237974721202924734845958611847111565024073198103645771175940386211354906765850662429243724892455890188710147403230673193793}

// the first number is the square and the second number is the prime n-x^2

For a 1 mod 4 prime number, the mathematica function, PowersRepresentations[n,2,2] will also find the two squares that the prime number equates to very quickly.

I then used the following Python code, on the Raspberry PI Python2 Interpreter to split the prime number found by mathematica routine above into the sum of two squares: :


 * 1) code taken from web: Python code for sum of 2 squares for a prime number, author=Robin Chapman, url =
 * 2) "https://math.stackexchange.com/questions/5877/efficiently-finding-two-squares-which-sum-to-a-prime", access-date=19/10/2017

def mods(a, n): if n <= 0: return "negative modulus" a = a % n   if (2 * a > n): a -= n   return a

def powmods(a, r, n): out = 1 while r > 0: if (r % 2) == 1: r -= 1 out = mods(out * a, n)       r /= 2 a = mods(a * a, n)   return out

def quos(a, n): if n <= 0: return "negative modulus" return (a - mods(a, n))/n

def grem(w, z): # remainder in Gaussian integers when dividing w by z   (w0, w1) = w    (z0, z1) = z    n = z0 * z0 + z1 * z1    if n == 0: return "division by zero" u0 = quos(w0 * z0 + w1 * z1, n)   u1 = quos(w1 * z0 - w0 * z1, n)    return(w0 - z0 * u0 + z1 * u1,           w1 - z0 * u1 - z1 * u0) def ggcd(w, z): while z != (0,0): w, z = z, grem(w, z)   return w

def root4(p): # 4th root of 1 modulo p   if p <= 1: return "too small" if (p % 4) != 1: return "not congruent to 1" k = p/4 j = 2 while True: a = powmods(j, k, p)       b = mods(a * a, p)        if b == -1: return a       if b != 1: return "not prime" j += 1

def sq2(p): a = root4(p) return ggcd((p,0),(a,1))

It turns out to be quite easy to find sums of three squares for RSA numbers, even RSA numbers that have not been factored yet.

This above Python code, by the way, essentially does a complex Euclidean GCD function on $$GCD[(p,0),(\sqrt{-1},1)]$$. It also works for p*q modulus as in the following run of the GGCD(...) function ggcd((2581,0),(945,1)) (-30, -41) 30*30+41*41 2581

ggcd((2581,0),(568,1)) (50, -9) 50*50+9*9 2581

where $$945\equiv \sqrt{-1}\bmod{89*29}$$ and $$568\equiv \sqrt{-1}\bmod{89*29}$$. Since this function runs in log(n) time it is super quick to find the sums of squares of any size p*q when you know the corresponding $$\sqrt{-1}_{i}\bmod{p*q}$$.

It remains to be seen whether the Catalan set of linear equations, shown above this section, can efficiently reduce the three squares to two squares. (This assumes that RSA230 is a 1 mod 4 semiprime).

Because Of Dickson, There Are Modular Pythagorean Triples
If you look at Dickson's method of generating Pythagorean Triples, (see Formulas_for_generating_Pythagorean_triples), you will see that modular pythagorean triples can easily be generated. Since:


 * $$r^{2}=2*s*t$$
 * $$x=r+s$$
 * $$y=r+t$$
 * $$z=r+s+t$$

Take for instance,


 * $$6^{2}=36$$, $$(36/2)*5^{-1}\bmod{89*29}\equiv 1036$$

or in other words:


 * $$2*5*1036\bmod{89*29}\equiv 36$$ so the $$r^{2}=2*s*t$$ is defined where $$r=6$$,$$s=5$$, $$t=1036$$

Note this doesn't work in continuous arithmetic but does work in modular arithmetic. Thus:


 * $$x=6+5=11$$, $$y=6+1036=1042$$ and $$z=6+5+1036=1047$$

And this works since:


 * $$11^{2}+1042^{2}\bmod{89*29}\equiv 1047^{2}\equiv 1865$$

whereas:


 * $$11^{2}+1042^{2}=1085885$$ and $$1047^{2}=1096209$$

Dickson treats Pythagorean Triples as the equation $$x^{2}+y^{2}=z^{2}$$ and treats the equation here

Bottari's Extension of Dickson's Method of Establishing Pythagorean Triples
Bottari, reported by Dickson on "History Of Numbers", vol 2, p169, extends Dicksons definitions of the intermediate terms: $$r$$, $$s$$, and $$t$$:

A. Bottari proved that all integral solutions of $$x^{2}+y^{2}=z^{2}$$ are given by $$x=u+w$$, $$y=v+w$$, $$z=u+v+w$$ where $$u=p^{2}*k$$, $$v=2^{2s-1}*q^{2}*k$$, $$w=2^{s}*p*q*k$$, $$p$$ and $$q$$ being relatively prime odd integers. Thus $$x*y$$ is not a square.

These equations above can be seen to jive with my own observation that a Pythagorean Triple can be described as:


 * $$(2*x*y + 2*y^{2})^{2} + (x^{2} + 2* x* y)^{2} == (x^{2} + 2* x *y + 2* y^{2})^{2}$$

If you set Bottari's $$k=1$$ and $$s=1$$ then the following equation can be seen:


 * $$p^{2}+ 2*p*q+2*q^{2}=z$$

This equals: $$(p+q)^{2}+q^{2}$$, so any successful use of these equations will reveal one of the two sums of squares for p*q.

So it seems that Bottari's equations anticipate my own observation on how a Pythagorean Triple can be built, but the way I derive the equations (by use of the squareless number mod p*q) is probably unique, and thus a new proof on this matter.

Volpicelli, reported by Dickson, is relevant to the Two Squares of 1 mod 4 semiprimes
Dickson reports Volpicelli's work on vol 2 p168 as:


 * P Volpicelli noted that $$z=\alpha^{2}+\beta^{2}=a^{2}+b^{2}$$ imply that
 * $$x=\pm(a*\alpha \pm b*\beta)$$ and $$y=\pm(a*\beta \pm b*\alpha)$$
 * are solutions of $$x^{2}+y^{2}=z^{2}$$

A quick look with Mathematica shows this to be true:

In[1]:= PowersRepresentations[2581, 2, 2]

Out[1]= {{9, 50}, {30, 41}}

In[2]:= PowersRepresentations[2581 2581, 2, 2]

Out[2]= {{0, 2581}, {781, 2460}, {900, 2419}, {1131, 2320}, {1780, 1869}}

In[3]:= 9 30 + 50 41

Out[3]= 2320

In[5]:= 9 41 - 50 30

Out[5]= -1131

So it looks that if you can find the sum of two squares of $$(p*q)^{2}$$ you are on the way to finding out the sums of squares of $$p*q$$. Thus if you can find the Pythagorean Triple that includes $$(p*q)^{2}$$ you should be in good shape.

Euler Can Factor From Two Equations Of a^2+D*y^2, not just from x^2+y^2
In Euler's factorization method, the following quote occurs:

Euler's factorization method is a technique for factoring a number by writing it as a sum of two squares in two different ways. For example the number $$1000009$$ can be written as $$1000^2 + 3^2$$ or as $$972^2 + 235^2$$ and Euler's method gives the factorization $$1000009 = 293 \cdot 3413$$.

In addition to this is Euler's other factoring method, mentioned in p362 of vol 1 of Dickson's "History of Numbers" :


 * Euler noted that $$N=a^{2}+\lambda*b^{2}=x^{2}+\lambda*y^{2}$$ imply
 * $$N=(1/4)*(\lambda*m^{2}+n^{2})*(\lambda*p^{2}+q^{2})$$, $$a\pm x=\lambda*m*p, n*q$$, $$y\pm b=m*q, n*p$$


 * so that $$\lambda*p^{2}+q^{2}$$, or its half or quarter, is a factor of N.

It seems that finding two sets of $$a^{2}+\lambda*b^{2}=P*Q$$ is easier than finding two sets of $$x^{2}+y^{2}=P*Q$$.

The following equation shows this to work:

Solve[ a^2 + 5 b^2 == 8467 39343 && a > 0 && b > 0, {a, b}, Integers]

{{a -> 16541, b -> 3450}, {a -> 17776, b -> 1851}}

aa = Solve[16541 - 17776 == 5 m p && 3450 + 1851 == m q && 3450 - 1851 == n p, {m, n, p, q}, Integers]

{{m -> -19, n -> 123, p -> 13, q -> -279}, {m -> 19, n -> -123, p -> -13, q -> 279}} now one of the factors is seen, 39343

(1/2) (5 p^2 + q^2) /. aa

{39343, 39343}

This example shows the factoring algorithm works on 3 mod 4 semiprimes, and is thus more general than the more well known Euler factoring algorithm.

Knowing $${{a -> 16541, b -> 3450}, {a -> 17776, b -> 1851}}$$ it is possible to find the two square roots of -5 and thus solve for the square root of 1. With the square root of 1 p*q can be factored.


 * $$5*3450*16541^{-1}\bmod{39343*8467}\equiv 189345732$$ where $$189345732^{2}\bmod{39343*8467}\equiv -5$$


 * $$5*1851*17776^{-1}\bmod{39343*8467}\equiv 10438022$$ where $$10438022^{2}\bmod{39343*8467}\equiv -5$$


 * $$189345732*10438022^{-1}\bmod{39343*8467}\equiv 128927010\equiv \sqrt{1}$$

and


 * $$GCD[\sqrt{1}\pm 1, p*q]== P or Q$$

After some research I can point to a 1996 paper on Euler Factorization by James McKee. In this paper he shows how to instantly solve $$a^{2}+D*b^{2}==p*q$$ when $$D>\sqrt{p*q}$$. In this case $$p*q \bmod{D}\equiv a^{2}$$ and, if D is a prime number, then you can take the modular square root easily giving $$a$$. If $$D>\sqrt{p*q}$$ then $$a$$ is not a residue but the actual square root. Therefore $$(p*q-a^{2})/D==b^{2}$$ and so b is easy to find. However, for most large values of D there is no solution and certainly not two solutions. However, if there are two solutions, then the differing square roots of $$a^{2}\bmod{D}$$ will provide the two answers necessary for Euler's algorithm to work. D usually needs to be a composite number before there are two solutions.

McKee provides an algorithm that determines $$a*p*q==x^{2}+D*y^{2}$$ in $$\Omega(\sqrt[3]{N})$$ operations.

P. Tchebychef, which is referenced on p 363 vol 1 of Dickson's History Of Numbers, provides a workable method to create quickly $$x_{i}^{2}+D_{i}*y_{i}^{2}==a_{i}*N$$. In this algorithm he uses mathematical sequences that are alike to his famous T and U sequences. Since the D's are different in these sequences they can't be used with Euler factorization, but Tchebychef does have math that limits the number of possible factors, but I haven't translated the German for this yet, so I can't report more on it.

Another source that extends Euler's $$x^{2}+D*y^{2}==p*q$$ work to $$F*x^{2}+D*y^{2}==p*q$$ is at url.

For the more general equation, $$F*x^{2}+D*y^{2}\bmod{p*q}\equiv 0$$ it is easily possible to get a second equation with the same coefficients but different squares. However, this second equation does not help solve the modular square root problem of $$F^{1/2}*D^{-1/2}$$ better than the first such equation.

The work for this second general equation is in Mathematica below:

create a first equation Solve[2 2^2 + y 3^2 == 0, {y}, Modulus -> 337 577]

Use Mathematica to get our answer for the set of squares, assuming that (x+z)^2 and (y+z)^2 holds

Solve[2 (2 2 x) + 43210 (2 3  x ) + (2 + 43210) (x^2) == 0, {x}, Modulus -> 337 577]

{{x -> 0}, {x -> 116667}, {x -> 141942}, {x -> 169174}}

convert the equation to the equation below (where x is the same increase in square for both earlier squares

Solve[2 (2 2 ) + 43210 (2 3   ) + (2 + 43210) (x) == 0, {x}, Modulus -> 337 577]

confirm second equation has been found

Mod[2 (2 + 116667)^2 + 43210 (3 + 116667)^2, 337 577]

0

a^2+b^2+c^2 equiv 0 Can Easily Be Turned Into a^2+D*e^2 equiv 0
If you have the sum of three squares that equal p*q as in:


 * $$a^{2}+b^{2}+c^{2}\bmod{p*q}\equiv 0$$

(This equation is rather easy to come by). You can easily turn the above equation into


 * $$a^{2}+D*e^{2}\bmod{p*q}\equiv 0$$

See the following Mathematica for how:

try555[p_, q_, sq1_, sq2_, sq3_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, d1, d2},

make the first coefficient for the third square d1 = Mod[(sq2 PowerMod[sq3, -1, p q])^2 + 1, p q];

make the second coefficient for the second square d2 = Mod[(sq3 PowerMod[sq2, -1, p q])^2 + 1, p q];

create the two a^2+D*b^2===0 equations (a1 and a2 should be 0)

a1 = Mod[sq1^2 + d1 sq3^2, p q]; a2 = Mod[sq1^2 + d2 sq2^2, p q];

now make the square root of -d1 a3 = Mod[d1 sq3 PowerMod[sq1, -1, p q], p q];

now make the square root of -d2 a4 = Mod[d2 sq2 PowerMod[sq1, -1, p q], p q];

Print[{d1,d2,a1, a2, a3, a4}]; ]

A Second Lambda Equation With The Same Lambda Is Possible
I was able to get a second equation:


 * $$a^{2}+D*b^{2}\bmod{p*q}\equiv 0$$


 * $$a^{2}+D1*d^{2}\bmod{p*q}\equiv 0$$

and


 * $$c^{2}+D*d^{2}\bmod{p*q}\equiv 0$$

where $$c \bmod{p*q}\equiv a*\sqrt{-D1}*\sqrt{-D}$$

via the following Mathematica procedure

try555a[pq_, sq1_, sq2_, sq3_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, d1, d2, aa, aa1},(* make the first coefficient for the third square *) d1 = Mod[(sq2 PowerMod[sq3, -1, pq])^2 + 1, pq]; (* make the second coefficient for the second square d2= *) d2 = Mod[(sq3 PowerMod[sq2, -1, pq])^2 + 1, pq]; (* create the two a^2+D*b^2===0 equations (a1 and a2 should be 0) *) a1 = Mod[sq1^2 + d1 sq3^2, pq]; a2 = Mod[sq1^2 + d2 sq2^2, pq]; a3 = Mod[d1 sq3 PowerMod[sq1, -1, pq], pq]; (* now make the square root of-d2*) a4 = Mod[d2 sq2 PowerMod[sq1, -1, pq], pq]; (* create new sq1 value for new equation with d1 as coefficient *) a10 = Mod[sq1 PowerMod[a4, -1, pq] a3, pq]; (* create second lambda equation with d1 as coefficient *) a9 = Mod[(a10)^2 + d1 sq2^2, pq]; (*now make the square root of-d1 *) a8 = Mod[d1 sq2 PowerMod[a10, -1, pq], pq]; (* show all equations === 0 *) Print[{a1, a2, a9}]; (* show square roots for each, will be the same number *) Print[{a3, a8}]; ]

xx = gettriplesum[RSA250]

Out[54]= \ {165860061048452763122039049657801862112488124844426769348338381761838\ 14044125663241348400613753473490541580331600292633724766, \ }

try555a[RSA250, xx1, xx2, 1, 1, xx2, 1, 2]

{0,0,0}

{1314918825722326266553810724613655705450573430361780650965255219994346873009830842936478043044889827565960168693343635958715548336143856317630304562317098246478476883836301907222798067314919038129210689957690416029268511846909871046833022463555902835, 1314918825722326266553810724613655705450573430361780650965255219994346873009830842936478043044889827565960168693343635958715548336143856317630304562317098246478476883836301907222798067314919038129210689957690416029268511846909871046833022463555902835}

I was successful in getting the second lambda equation with the same D set, but these are equivalences and I could not apply Euler's equations. And the calculation of $$\sqrt{-D}\bmod{p*q}$$ was always the same.

x^2+y^2 mod RSA250 equiv -1 Given
As it works out, from reading the last section, the square root of (-d1)^2 + sq1^2 mod p*q==-1!

So the difficult sum of two squares (for big modula) can be solved quite quickly and easily.

First, get a sum of three squares for RSA250.

Here is RSA250

RSA250 = 2140324650240744961264423072839333563008614715144755017797754\ 9208814180234471401366433455190958046796109928518724709145876873962619\ 2155736304745477052080511905649310668769159001975940569345745223058932\ 5976697471681738069364894699871578494975937497937

Here is the Mathematica function to quickly get a sum of three squares

gettriplesum[n_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a2 = IntegerPart[n^(1/2)]; For[a1 = 1, a1 <= 10000, a1++, a3 = RandomInteger[{1, a2}]; a4 = n - a3^2; If[Mod[a4, 4] == 1 && PrimeQ[a4],(*Print[{a3,PowersRepresentations[   a4,2,2]}];*) Break[];];]; Return[{a3, PowersRepresentations[a4, 2, 2]}]]

Call these Mathematica function with RSA250 as a parameter

In[26]:= xx = gettriplesum[RSA250]

Get the three squares as in {sq1 } Out[26]= \ {243380194038096721134728635329583049374302758780918783047778468000204\ 08951489652005729084735517130026118580586677733557228650, \ }

Verify that a sum of three squares has been found.

Mod[ xx1^2 + xx2, 1, 1^2 + xx2, 1, 2^2, RSA250]= 0

Now use the following Mathematica function to find two equations that match


 * $$a^{2}+b^{2}\bmod{p*q}\equiv -1$$

Use this function to find the sum of two squares equivalent to -1 (there will be two of the many possible equations)

try333[pq_, sq1_, sq2_, sq3_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a1 = Mod[sq2 PowerMod[sq3, -1, pq], pq]; a2 = Mod[sq3 PowerMod[sq2, -1, pq], pq]; a3 = Mod[(a1^2 + 1) sq3 PowerMod[sq1, -1, pq], pq]; a4 = Mod[(a2^2 + 1) sq2 PowerMod[sq1, -1, pq], pq]; Print[{a3, a1, "the square of these equiv to -1 mod RSA250"}]; Print[Mod[a3^2 + a1^2, pq] == pq - 1]; Print[{a4, a2, "the square of these equiv to -1 mod RSA250"}]; Print[Mod[a4^2 + a2^2, pq] == pq - 1]; ]

Call the function with the result of the sum of three squares

try333[RSA250, xx1, xx2, 1, 1, xx2, 1, 2]

{20531750694324444278194615633359107622786730656405815811283334282496438825649004986807633314 192758485080501459280012835625675591324044290554905379578360681668877793625098111587991587524 3402636647648989593183240107441157037970834906371969195115706045, 137234074163171487327487258017935715874463146065821660277962023202104067985790892654907939069 435476500304347602923900594193201340378557021828650433051727667994046506106923369059570452647 8985786660883769985144804512456179268024201827582795664492962038, the square of these equiv to -1 mod RSA250}

True

{2058939105332570506966632459210337476578836982622628151064611190716985403292889078279085904619 26232867822101211765799749379103106513053574742158632737358346149165543679778796790432858491397 9880613119683180870284399038454516995333555882941337370020246, 125861236994699879978009154578085 19341562919317725704551392290765423337011029727993120835287383385603162629789031453667054584801 26589343477937166793364831484318881166117013009465590110340260791300136907101768344999800459542 228308110158167680555421897, the square of these equiv to -1 mod RSA250}

True

Please remember that if you run this equation through Mathematica with $$x^{2}=low square$$ that $$\sqrt{-1-lowsquare}\bmod{bigsemiprime}$$ needs be taken, and this is beyond all computers to do. So this procedure, outlined above, does successfully solve, for two instances, the sum of two squares equaling -1.

It follows that $$z^{2}*(x^{2}+y^{2})\bmod{p*q}\equiv -z^{2}$$ is easy to derive, so the sum of two squares for any negative square can be established.

Also, Catalan

has an equation that can be used to derive


 * $$x^{2}+y^{2}\bmod{p*q}\equiv -1-z^{2}$$

Specifically, the identity


 * $$(ad)^{2} + (bd)^{2} + w^{2} = (a+bd)^{2} + (ad-b)^{2}$$ if $$a^{2}+b^{2} = w^{2}$$

can be used with $$w^{2}\bmod{p*q}\equiv -1$$. So a $$d$$ can be applied to the powers in the left of the equation, and a $$-d^{2}$$ can be added to the right of the equation.

x^2+y^2 mod p*q equiv -n Given
Working with the above Mathematica functions, it can be seen that they can be extended to do the equation:


 * $$x^{2}+y^{2}\bmod{p*q}\equiv -n$$

By subtracting $$p*q-n*sq1^2==1mod4prime$$ we can find the equation above. See the Mathematica functions below, and how they are called:

try333N[pq_, sq3_, sq2_, sq1_, n1_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a1 = Mod[sq2 PowerMod[sq3, -1, pq], pq]; a3 = Mod[(a1^2 + n1) sq3 PowerMod[sq1, -1, pq], pq]; Print[{a3, a1, "the square of these equiv to", -n1, " mod RSA250"}]; Print[Mod[a3^2 + a1^2, pq] == pq - n1]; ]

gettriplesumN[n_, n1_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a2 = IntegerPart[n^(1/2)/n1]; For[a1 = 1, a1 <= 10000, a1++, a3 = RandomInteger[{1, a2}]; a4 = n - n1 a3^2; If[Mod[a4, 4] == 1 && PrimeQ[a4],(*Print[{a3,PowersRepresentations[   a4,2,2]}];*) Break[];];]; Return[{n1, a3, PowersRepresentations[a4, 2, 2]}]]

sumsnsquares[pq_, n1_] := Module[{a1, a2, a3, a4}, a1 = gettriplesumN[pq, n1]; a2 = try333N[pq, a12, a13, 1, 1, a13, 1, 2, a11] ]

sumsnsquares[RSA250, 5]

{12939728750111234257608962548126805776280714145554311976952887652105665290942880515065286493785 653843091970592009510256347174358060619053312425943588008089095230469479676915168784093627987660 27342046542651976916986106637392512950954851030663913587187, 351447907186317343211642979258329126954320918895828050722989458375280300598192867940472019229055 623179931493542366555481983148460724299015966829980417810494952735245566934627686727636686064413 750607290779073735925537404456002481645847848869157806977, the square of these equiv to,-5, mod RSA250}

True

sumsnsquares[RSA250, 2]

{149221662643548489728763750083153100747820875206356872791620279621720311536699163799339067932479 5326563195006058544921285012535390688241249394387155902358869565967616289835595632867566977496990 474814940243132116887666175813509631645946313567741074806, 751908899528113220927249272500819163126 2333367079610125023903372548930596605058754106617309459820814518188930241795525440170088468397198 6425264697557251207834869894201082148795543387681679243685978474259170298361096443566595348441341 1344994168981130, the square of these equiv to,-2, mod RSA250}

True

How To Get x(x-1)+y(y-1) mod p*q equiv 0
If we manipulate the gettriplesumN[] mathematica routine shown just above, and change the sign within it, we can create:


 * $$x^{2}+y^{2}-n*z^{2}\bmod{p*q}\equiv 0 $$

and from there we can get
 * $$(x^{2}/z^{2})+((y^{2}/z^{2})-n)*z^{2}\bmod{p*q}\equiv 0 $$

At this point, just like the math shown above, we can take the modular square root and come up with


 * $$a^{2}+b^{2}\bmod{p*q}\equiv n $$

Now if we set $$n=2^{-1}\bmod{p*q}$$ and increase our roots by $$n$$ each, then we can come up with


 * $$c^{2}+d^{2}\bmod{p*q}\equiv c+d $$

and this is equivalent to:


 * $$c(c-1)+d(d-1)\bmod{p*q}\equiv 0$$

So while obtaining $$c^{2}+d^{2}\bmod{p*q}\equiv 0$$ is really hard the similar but slightly different equation above only takes a few seconds, no matter how big the number is:

Here is the mathematica to obtain $$c^{2}+d^{2}\bmod{p*q}\equiv c+d $$

try333N1[pq_, sq3_, sq2_, sq1_, n1_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a1 = Mod[sq2 PowerMod[sq3, -1, pq], pq]; a3 = Mod[(a1^2 - n1) sq3 PowerMod[sq1, -1, pq], pq]; Print[{a3, a1, "the square of these equiv to", n1, " mod RSA250"}]; Print[Mod[a3^2 + a1^2, pq] == n1]; a8 = Mod[a3 + PowerMod[2, -1, pq], pq]; a9 = Mod[a1 + PowerMod[2, -1, pq], pq]; Print[{{a8, a9}, Mod[a8^2 + a9^2, pq] == Mod[a8 + a9, pq]}];]

gettriplesumN1[n_, n1_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a2 = IntegerPart[n^(1/2)]; For[a1 = 1, a1 <= 10000, a1++, a3 = RandomInteger[{1, a2}]; a4 = n + n1 a3^2; If[Mod[a4, 4] == 1 && PrimeQ[a4],(*Print[{a3,PowersRepresentations[   a4,2,2]}];*)Break[];];]; Return[{n1, a3, PowersRepresentations[a4, 2, 2]}]]

sumsnsquares[pq_, n1_] := Module[{a1, a2, a3, a4}, a1 = gettriplesumN1[pq, n1]; a2 = try333N1[pq, a12, a13, 1, 1, a13, 1, 2, a11]]

sumsnsquares[337 577, 97225]

{110610,75342,the square of these equiv to,97225, mod RSA250}

True

{{13386,172567},True}

Mod[(13386 13385) + (172567 172566), 337 577] = 0

Here is the RSA250 equation for x^2+y^2 mod p*q===x+y

sumsnsquares[RSA250, PowerMod[2, -1, RSA250]]

{2094270975834518249162826924456669790774040145778878109638331489597260246292415443852225987841131 00517929898398881631794003738057259169123297843871838208407375537019410168737914825570285839917952 705150903661104412013108290750556186049399607111225965, 70653300607618580031176408112794637852756330094007676495780155382933744894865974883920761996452593 05470074951769838581635593362421356811137522604332832547596149502075690596674222812195287293573416 70997725563516418218455582760034662497839268347466776,the square of these equiv to, 10701623251203724806322115364196667815043073575723775088988774604407090117235700683216727595479023 39805496425936235457293843698130960778681523727385260402559528246553343845795009879702846728726115 294662988348735840869034682447349935789247487968748969, mod RSA250}

True

Here is x and y for x^2+y^2 mod RSA250 === x+y

{{1279589422703824305548494228865333760581711372150265319862710609400435036352811612706895358332015 440323426324335117089087847436188219947804821571257098610966903783572754014532924705273132568644067 999813892009840252882142973197906121838647095079974934, 177669533119655828094397561754761316003187065851245427385667901427004646067222981716088037951242827 035250392111321931545740303437309645979527598781854365731914319676091290546243216092237545808345696 5660713912252259087490265207384598287086756316215745},True}

Square Roots From x(x-1)+y(y-1) mod p*q equiv 0
With two items equalling 0, it is possible to divide elements of each against the other, and often the square root of one can be obtained. With $$x(x-1)+y(y-1)\bmod{p*q}\equiv 0$$ I show an example and then show the three square roots that can be obtained from the example:

sumsnsquares[337 577, 97225]

{142305,118403,the square of these equiv to,97225, mod 337*577}

True

45081(45080)+21179(21178) mod 337*577 equiv 0

{{45081,21179},True}

Mod[-45081 PowerMod[21179, -1, 337 577], 337 577]=7756

PowerMod[-(45081 21178 PowerMod[21179 45080, -1, 337 577]), 1/2, 337 577]=7756

Mod[-45080 PowerMod[21178, -1, 337 577], 337 577]=52774

PowerMod[-(45080 21179 PowerMod[21178 45081, -1, 337 577]), 1/2, 337 577]=52774

Mod[45080 PowerMod[21179, -1, 337 577], 337 577]=32522

PowerMod[-(45080 21178 PowerMod[21179 45081, -1, 337 577]), 1/2, 337 577]=32522

Square Roots From x(u)+y(z) mod p*q equiv 0
Extrapolating from the section just above, we now show that square roots can be taken from any equation


 * $$x*u+y*z\bmod{p*q}\equiv 0$$

More specifically, the modular square root of:


 * $$-x*z^{-1}\bmod{p*q}\equiv \sqrt{-x*y*(u*z)^{-1}}\bmod{p*q}$$

can be taken.

Examples follow:

set the equation = to 0

Mod[2049 100 + 98 1649, 89 29]= 0

divide two of the components

Mod[-2049 PowerMod[1649, -1, 89 29], 89 29]= 1085

Use Mathematica to get the modular square of the following components of the zero equation

PowerMod[-2049 98 PowerMod[100 1649, -1, 89 29], 1/2, 89 29]= 17

Now multiply 17 by the square root of 1 mod 89 29 to get the other square root.

Mod[17 2493, 89 29]=1085

Combining this new definition of a square root with work previously done at User:Endo999, which shows that given:


 * $$x*y^{e}+z*u^{e}\bmod{p*q}\equiv 0$$

that


 * $$x^{1/e}*z^{-1/e}\bmod{p*q}\equiv x*y^{e-1}*(z*u^{e-1})^{-1}$$

we can use the two equations on the same numbers to get


 * $$\sqrt[2*e]{-x*y^{-1}*(u*z)^{-1}}\bmod{p*q}$$

The mathematica follows:

1034, 5^23, y, and 11^23 must have modular square roots

y1 = Solve[1034 5^23 + y 11^23 == 0, {y}, Modulus -> 8501 9001]

Now use the first equation (from this section) to get a type of square root

Mod[-1034 PowerMod[11^23, -1, 8501 9001], 8501 9001]=7288984

Mathematica shows this square root is correctly taken

PowerMod[-1034 37670000 PowerMod[5^23 11^23, -1, 8501 9001], 1/2, 8501 9001]=7288984

Now set up the second equation (from the A Close Call On RSA section)

Mod[1034 5^22 PowerMod[37670000 11^22, -1, 8501 9001], 8501 9001]=15303498

Mathematica confirms this equation is correct.

Mod[PowerMod[1034, 1/23, 8501 9001] PowerMod[37670000, -1/23, 8501 9001], 8501 9001]=15303498

Another definition of the first equation(306035 is the square root of 1 mod 8501*9001)

AA=Mod[306035 PowerMod[-1034, 23/46, 8501 9001] PowerMod[37670000, 23/46, 8501 9001] PowerMod[ PowerMod[5^23, 1/2, 8501 9001] PowerMod[11^23, 1/2, 8501 9001], -1, 8501 9001], 8501 9001]=7288984

get rid of some of the powers

Mod[7288984 5^11 11^11, 8501 9001]=51923275

we now have

Mod[PowerMod[-1034, 23/46, 8501 9001] PowerMod[37670000, 23/46, 8501 9001] PowerMod[ PowerMod[5, 1/2, 8501 9001] PowerMod[11, 1/2, 8501 9001], -1, 8501 9001], 8501 9001]=51923275

now reduce some more powers

Mod[51923275 PowerMod[15303498, -11, 8501 9001], 8501 9001]=68983501

Mathmatica confirms again what we have created

BB=Mod[306035 PowerMod[-1034, 1/46, 8501 9001] PowerMod[37670000, 45/46, 8501 9001] PowerMod[ PowerMod[5, 1/2, 8501 9001] PowerMod[11, 1/2, 8501 9001], -1, 8501 9001], 8501 9001]=68983501

BB is, for the most part, the 23rd root of AA(see previous equation)(I leave it to the reader to divide BB by 37670000 so that PowerMod[37670000, 45/46, 8501 9001] becomes PowerMod[37670000, -1/46, 8501 9001])

So, by algebraic manipulation we have managed to take the 23rd root of the first equation, which only had square roots within it.

There is a possibility that this last equation is a combination of the roots of 11 and 5 but I have not been able to ascertain what that equation might be at the present moment.

x(x-3)+y(y-3) mod p*q equiv 0
If we call our Mathematica routine smsnsquares with the sum 4+1/2 and we add one to the x and y returned, we then have


 * $$x^{2}+y^{2}\bmod{p*q}\equiv 3(x+y)$$

or


 * $$x(x-3)+y(y-3)\bmod{p*q}\equiv 0$$

sumsnsquares[337 577, 4 + PowerMod[2, -1, 337 577]]

{41259,97442,the square of these equiv to,97229, mod RSA250}

Add one to the numbers below to get x^2+y^2 mod 337*577 equiv 3(x+y)

{{138484,218},False}

Mod[138485^2 + 219^2, 337 577]= 27214

Mod[3 (138485 + 219), 337 577]= 27214

Mod[138485 (138485 - 3) + 219 (219 - 3), 337 577]= 0

x^2+(x+1)^2+y^2+(y+1)^2 mod p*q equiv 0
We can easily create the sum of four squares equivalent to 0 for any size p*q modulus via the following math(Please see Mathematica routines in sections above):

sumsnsquares[337 577, PowerMod[-2, -1, 337 577]]

{124557,79914,the square of these equiv to,97224, mod 337*577}

True

{{27333,177139},False}

Mod[27332^2 + 27333^2 + 177138^2 + 177139^2, 337 577]= 0

Since the $$-177139\bmod{337*577}\equiv \sqrt{-(27332^{2} + 27333^{2} + 177138^{2})}$$

then we are close to having a way to create modular Pythagorean Quadruples, however, we have to deal with sign issues.

It is unusual to have the sum of two adjacent squares equivalent to 0 mod p*q. I am unaware if this is new math.

x^2+y^2 mod p*q equiv n can yield the modular square root of (x^(-2))*n-1
$$x^{2}+y^{2}\bmod{p*q}\equiv n$$ can yield the modular square root of $$(x^{-2})*n-1$$. This is done by creating the sum $$-x^{-2}*n$$ and then adding this to the $$x^{2}+y^{2}\bmod{p*q}\equiv n$$ to create $$(-x^{-2}*n+1)*x^{2}+y^{2}\bmod{p*q}\equiv 0$$ From there a modular square root can easily be taken.

The mathematica with an example of this follows: sumsnsquares[ 337 577, 1]

{73974,127344,the square of these equiv to,1, mod RSA250}

True Thus 73974^2+127344^2 mod 337*577 equiv 1

Mod[73974^2 + 127344^2, 337 577]= 1

Now make the D term in D*x^2+y^2==0

Mod[PowerMod[73974^2, -1, 337 577] (-1) + 1, 337 577]= 193668

Prove the 0 equation holds

Mod[193668 73974^2 + 127344^2, 337 577]= 0

Now get the modular square root of the -D term

Mod[193668 73974 PowerMod[127344, -1, 337 577], 337 577]= 122213

see that the square root mod 337*577 of -193668 has been found

Mod[-122213^2, 337 577]= 193668

The same procedure can be done for the 127344^2 as well.

This works for any size modulus in very quick time. Thus lots of modular square roots can be found, from the square to the root, but we still cannot determine the square to have its root taken.

X^3+y^3 mod p*q equiv n can derive the Cube Root Of (x^(-3)(-n)+1)
Taking the idea of converting $$x^{m}+y^{m}\bmod{p*q}\equiv n$$ to $$\lambda*x^{m}+y^{m}\bmod{p*q}\equiv 0$$ as in the previous section, we can therefore take, given the following equation:


 * $$x^{3}+y^{3}\bmod{p*q}\equiv n$$

we can derive the following cube root


 * $$x^{-3}(-n)+1$$

via


 * $$(x^{-3}(-n)+1)*x^{2}*y^{-2}\bmod{p*q}\equiv \sqrt[3]{(x^{-3}(-n)+1)}$$

The following Mathematica example shows this to be true:

make the sum of cubes equation, any n will do

Mod[101^3 + 205^3, 89 29]= 229

create the D in D*x^2+y^2 mod p*q===0

Mod[PowerMod[101^3, -1, 89 29] (-229)+1, 89 29]= 702

confirm the equation is set

Mod[702 101^3 + 205^3, 89 29]= 0

derive the cube root of 702

Mod[702 101^2 PowerMod[205^2, -1, 89 29], 89 29]= 1889

ensure that 1889^3 is 702, as it is

Mod[1889^3, 89 29]= 702

This method could happen for high powers, even powers used as the public keys of RSA.

This cubing works with large numbers
Using RSA260 as the modulus I will obtain the cube root of $$((-9)/8)+1 \bmod{RSA260}$$ RSA260 = 2211282552952966643528108525502623092761208950247001539441374\ 8319128822941402001986512729726569746599085900330031400051170742204560\ 8592763579537571859542988389587092292384910067030341246205457845664136\ 64540684214361293017694020846391065875914794251435144458199

In[2]:= Mod[(PowerMod[2, -3, RSA260] (-9) + 1) 2^3 + 1, RSA260]

Out[2]= 0

In[3]:= root = (PowerMod[2, -3, RSA260] (-9) + 1)

Out[3]= -2487692872072087473969122091190450979356360069027876731871546\ 6859019925809077252234826820942390964923971637871285325057567084980130\ 9666859026979768341985861938285478828933023825409133901981140076372153\ 72608269741156454644905773452189949110404143532864537515474

In[4]:= Mod[root, RSA260]

Out[4]= 19348722338338458130870949598147952061660578314661263470112029\ 7792377200737267517381986385107485282742001627887774750447743994289907\ 5186681320953753771001148408887057558367963086515485904297756149561195\ 6473098687566131390482268240592182641425444970005751400924

In[7]:= f1 = Mod[(root 2^2), RSA260]

Out[7]= 11056412764764833217640542627513115463806044751235007697206874\ 1595644114707010009932563648632848732995429501650157000255853711022804\ 2963817897687859297714941947935461461924550335151706231027289228320683\ 2270342107180646508847010423195532937957397125717572229099

In[9]:= Mod[f1^3, RSA260] == Mod[root, RSA260]

Out[9]= True

This Rooting also works with the RSA root of 23
Repeating the same equation as just above, this time with the RSA power of 23: In[10]:= n = Mod[2^23 + 1^23, RSA260]

Out[10]= 8388609

In[11]:= Mod[(PowerMod[2, -23, RSA260] (-n) + 1) 2^23 + 1, RSA260]

Out[11]= 0

In[16]:= rsa = (PowerMod[2, -23, RSA260] (-n) + 1)

Out[16]= -\ 1823036614912868011712788026285598289907112664939832406605855746395330\ 5566418939802808400542422831632117602012801069837273093805236506512125\ 1801795511752469924336751658952653852057231684651411662361016592378816\ 749576517216160535917358794858457784435830494823917971195

In[17]:= Mod[rsa, RSA260]

Out[17]= 3805381513377872844851901753342547023867551837548099699404447\ 4287046405684922356662404431707833791366785067149913345336758579896786\ 2258467168551258278748586904196775629954257397251522922050639261510719\ 084671572744963395445500749989052758071563694875589134555

In[18]:= f1 = Mod[(rsa 2^22), RSA260]

Out[18]= 1105641276476483321764054262751311546380604475123500769720687\ 4159564411470701000993256364863284873299542950165015700025585371102280\ 4296381789768785929771494194793546146192455033515170623102728922832068\ 32270342107180646508847010423195532937957397125717572229099

In[19]:= Mod[f1^23, RSA260] == Mod[rsa, RSA260]

Out[19]= True

Thus the 23rd root of ((1/(2^23)(-8388609))+1 is found mod a large number.

Square Roots Of Adjacent Squares Shown
Using Pythagorean Triples as the two squares such as:


 * $$x^{2}+y^{2}\bmod{p*q}\equiv z^{2}$$

we can find the square roots of adjacent squares:


 * $$\sqrt{x^{-2}*(z^{2})-1}$$
 * $$\sqrt{x^{-2}*(z^{2})}\equiv x^{-1}*z$$

The mathematica showing an example of this follows:

set up the Pythagorean Triple

Mod[3^2 + 4^2, 89 29]=25

Determine the root to be found

Mod[PowerMod[3^2, -1, 89 29] (-25) + 1, 89 29]=285

Ensure the sums of squares equaling zero is met

Mod[285 3^2 + 4^2, 89 29]=0

Ensure the sums of squares equaling zero is met for the number previous. (use the third square of the Pythorgorean Triple for this)

Mod[284 3^2 + 5^2, 89 29]=0

Find the root of -285

Mod[285 3 PowerMod[4, -1, 89 29], 89 29]=859

Ensure the root is correct

Mod[-859^2, 89 29]=285

Find the root of the square previous to this (-284)

Mod[284 3 PowerMod[5, -1, 89 29], 89 29]=1719

ensure the root is correct

Mod[-1719^2, 89 29]=284

Show this root is result of two squares

Mod[PowerMod[3, -1, 89 29] (-5), 89 29]=1719

Ways To Make A Second x^2+h*y^2 equals n
Dickson says at Vol II p 420 :

Matsunago, in the first half of the eighteenth century, noted that $$r*x^{2}+y^{2}=z^{2}$$ has the solution $$x=2*m*n$$, $$y=r*m^{2}-n^{2}$$, $$z=r*m^{2}+n^{2}$$. If $$k-l=t^{2}$$, $$k*x^{2}-l*y^{2}=z^{2}$$ has the solution $$y=\alpha+t*\beta$$, $$z=l*\beta-\alpha*t$$, provided $$x^{2}=\alpha^{2}+l*\beta^{2}$$, which is of the preceding type.

I have verified through Mathematica that given given one $$x^{2}+h*y^{2}=n$$ that $$x^{2}_{1}+h*y^{2}_{1}=n^{2}$$ is easily made.

Dickson says at Vol II p 433 :

A. Gerardin stated that $$x^{2}+h*y^{2}=z^{2}+h*t^{2}$$ has the solutions (Realis ) $$x=m^{2}+n^{2}+hp^{2}-2m(n+hp) , z=m^{2}+n^{2}-hp^{2}+2n(hp-m) , x=n^{2}+hp^{2}-hm^{2} , $$$$ z=n^{2}-hp^{2}+hm^{2}+2hn(p-m) $$ $$ y=n^{2}+hp^{2}-m^{2} , t=m^{2}+hp^{2}-n^{2}+2p(n-m) , y=n^{2}+hp^{2}+hm^{2}-2m(n+hp) , $$$$ t=hp^{2}+hm^{2}-n^{2}+2p(n-hm) $$

This math looks too difficult to set for p*q, but by setting $$m,n,h,p,n$$ it should be possible to establish a N and factor this with the Euler factorisation algorithm shown above that works with $$N=x^{2}+h*y^{2}=z^{2}+h*t^{2}$$.

Theoretically, any large but random number could be factored this way, but I tried Gerardin's equations in Mathematica and there was no solution:

Solve[ x == m^2 + n^2 + h p^2 - 2 m (n + h p) && z == m^2 + n^2 - h p^2 + 2 n (h p - m) && x == n^2 + h p^2 - h m^2 && z == n^2 - h p^2 + h m^2 + 2 h n (p - m) & y == n^2 + h p^2 - m^2 && t == m^2 + h p^2 - n^2 + 2 p (n - m) && y == n^2 + h p^2 + h m^2 - 2 m (n + h p) && t == h p^2 + h m^2 - n^2 + 2 p (n - h m) && nn == x^2 + h y^2 && nn == z^2 + h t^2 && m == 100 && n == 201 && p == 307 && h == 7 , {nn, x, y, h, z, t}, Integers]

{}

This often happens with Girardin's work. He offers exciting solutions but they don't actually work for any but very small numbers.

According To Barbette P or Q can't be y*x-1 mod x where y is small
Again, in Dickson's "History Of The Theory Of Numbers" vol 1 p 367, Dickson writes:

E. Barbette noted that $$10*d+u$$ has a divisor $$10*m-1$$ if and only if $$d+m*u$$ has that divisor. Set $$d+m*u=n(10*m-1)$$, $$d=10*d_{1}+u_{1}$$. Then
 * $$m*n=d_{1}+x$$, $$10*x=m*u+n+u_{1}$$

Eliminating $$n$$, we get a quadratic for $$m$$. Its discriminant is a quadratic function of $$x$$ which is to be made a square. Similarly for $$10*m+1$$, $$10*m\pm 3$$.

A. Gerardin developed Barbette's method

Let's get examples for this and see that method works not just for $$p\bmod{10}\equiv 9$$ but for $$p\bmod{10^{n}}\equiv -1$$


 * $$p*q=89*29$$ and $$p*q=89*29=2581=258*10+1$$ and $$89=9*10-1$$ and that therefore $$y*89 = 258+1*9$$ and that $$GCD[258 + 9, 89*29]=89$$

Now, by symmetry, lets try for a $$p\bmod{1000}\equiv -1$$


 * $$p*q=20113*49999=1005629887$$ and see that $$GCD[1005629 + 887*50, 20113*49999]=49999$$

So when $$p \bmod{2^{n}}\equiv -1$$ and $$p=b*2^{n}-1$$, when $$b$$ is low, then p*q is vulnerable!

Let's try out a modulus that is not $$2^{n}$$, $$83$$ for instance.

Mod[11287, 83]= 82 20113 11287= 227015431 Mod[227015431, 83]= 56 (227015431 - 56)/83= 2735125 (11287 + 1)/83= 136 GCD[2735125 + 56 136, 20113 11287]= 11287

So Barbette's method can be used for any modulus where $$p\bmod{x}\equiv -1$$

Barbette's Method for p mod x = 1
Taking $$p \bmod{x}\equiv 1$$ we can see that a change in sign from + to - effects the change.

12119 mod 83 === 1 12118/83= 146 12119 20113= 243749447 Mod[243749447, 83]= 27 (243749447 - 27)/83= 2936740 note the change in sign from + to - GCD[2936740 - 27 146, 12119 20113]= 12119

Since any factor of x=(p-1) will ensure that $$p \bmod{x}\equiv 1$$ and common factors of p-1 and q-1 are always in the factorisation of $$p*q-1$$ then candidates for $$x$$ are available this way, although b still needs to be small as in ($$p=b*x+1$$)

Jacobi Can Solve x^2+27 y^2 equals large 4(1 mod 12 prime)
In Dickson states:

C. G. J. Jacobi, as an application of cyclotomy, found that if $$p=3 *n+1$$ is a prime, we have $$4*p=a^{2}+27*b^{2}$$, where a is the absolutely least residue (between $$-(1/2)*p$$ and $$+(1/2)*p$$ modulo p of $$-(n+1)(n+2)...(2n)/n!$$, and that this residue is $$1 \bmod{3}$$. If $$p=7*n+1$$ is a prime, then $$p=L^{2}+7*M^{2}$$, where L is the absolutely least residue modulo p of $$(1/2)*(2n+1)*(2n+2)...(3n)/n!$$ and this residue is $$1 \bmod{7}$$.

This hints that $$4*p=a^{2}+27*b^{2}$$ is solvable for four times large 1 mod 12 primes. Accordingly I show the Mathematica routine below that successfully derives this equation for 1000 bit 1 mod 12 primes. It takes a few seconds to do.

try11[] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, For[a1 = 2^1000 + 1, a1 < 2^1000 + 1000, a1++, a2 = a1 12 + 1; If[! PrimeQ[a2], Continue[];]; a3 = PowersRepresentations[a2, 2, 2]; a4 = Solve[x^2 + 27 y^2 == 4 a2 && x > 0 && y > 0, {x, y}, Integers]; Print[{"Prime", a2}]; Print[{"Sum Of Squares", a3}]; Print[{"X^2+27 y^2", a4}]; ]; ]

{Prime,128581032862352078513811005887200217267368577404664032893250046604442126134992334699183805457883502975311360750106 3776190224574342830776852318149308963828976472148132978907718250528952607484537025354501858365576998029832952087852107099 86527352924754974854357732238506011925157979831492642046468016843589}

{Sum Of Squares,}

{X^2+27 y^2,}

The above routine will work with the square of the 4*prime as well, in other words a2*a2*16 instead of a2*4.

Showing that Mathematica can also do the equation $$p=L^{2}+7*M^{2}$$ quickly when $$p=7*n+1$$note the following Mathematica procedure and its invocation.

try112[] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, For[a1 = 2^1000 + 1, a1 < 2^1000 + 1000, a1++, a2 = a1 28 + 1; If[! PrimeQ[a2], Continue[];]; a3 = PowersRepresentations[a2, 2, 2]; a4 = Solve[x^2 + 7 y^2 == a2 && x > 0 && y > 0, {x, y}, Integers]; Print[{"Prime", a2}]; Print[{"Sum Of Squares", a3}]; Print[{"X^2+7 y^2", a4}]; Break[]; ]; ]

try112[]

{Prime,3000224100121548498655590137368005069571933472775494100842501087436982943149821142980955460683948402757265084169148811110524006 79993847932207568172091560094510167897695078467591790088941746391972582717100285301299540294355487165491656635230490157761607993501375 223180694492035286273482831441758705949137}

{Sum Of Squares,}

{X^2+7 y^2,}

The above routine will work with the square of the prime as well, in other words a2^n instead of a2.

I was unable to get a quick answer for the following in Mathematica. Mathematica returned a nil answer quickly:

a4 = Solve[x^2 + 10001 y^2 == a2 && x > 0 && y > 0, {x, y}, Integers];

Solving x^2 + 7 y^2 mod p*q equiv 2^n Has A Strange Trigonmetric Answer
In an unpublished proof by Euler which is shown by the Mathematica help pages put together by Eric Weisstein

In an unpublished proof, Euler showed that the quadratic Diophantine equation


 * $$2^{n}=7x^{2}+y^{2}$$

has a unique solution for every positive n>=3 in which x and y are both odd and positive (Engel 1998, p. 126). Rather amazingly, these can be given analytically by


 * $$x=((2^{n/2})/(\sqrt{7}))|sin[n* tan^{-1}(\sqrt{7})]|$$


 * $$y=2^{n/2}|cos[n *tan^{-1}(\sqrt{7})]|$$

which is related to the norms of elements of the ring of integers in the quadratic field Q(sqrt(-7)) which exhibits unique factorization (Hickerson 2002). The first few solutions (x,y) for n=1, 2, 3, ... are (1, 1), (1, 3), (1, 5), (3, 1), (1, 11), (5, 9), (7, 13), (3, 31), ... (OEIS A077020 and A077021).

I was able to derive this equation using Mathematica. If Mathematica can, as seen above, can derive $$x^{2}+7*y^{2}=large 1\bmod{7} prime \equiv 2^{n}\bmod{p*q}$$.

So you can derive Euler's equation above in the modular domain, in Mathematica for large primes, via the following Mathematica procedure:

try113[pq_] := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a6 = 0; a7 = 0; a8 = 0; a9 = 0; For[a1 = 2^10 + 1, a1 < 2^10 + 1000, a1++, a2 = 7 pq + 2^(4 + a6); a6 += 2; a9++; a2 = 7 pq + 2^(2 + a6); If[Mod[a2, 7] != 1, Continue[];]; a7++; If[! PrimeQ[a2], Continue[];]; a8++; a4 = Solve[x^2 + 7 y^2 == a2 && x > 0 && y > 0, {x, y}, Integers]; Print[{"Prime", a2, (2 + a6)}]; Print[{"X^2+7 y^2", a4}]; (*Return[a4];  Break[];*)]; Print[{a9, a7, a8}];]

ensure that p*q has square root of 7

try113[401 113]

{Prime,281474977027847,48}

{X^2+7 y^2,}

now divide by 2^24 to get trigometric sums

this is supposed to be |sin[ntan^{-1}(\sqrt{7})]|/squarerootof7

Mod[4781161 PowerMod[2, -24, 401 113], 401 113]=41533

this is suppose to be


 * cos[ntan^{-1}(\sqrt{7})]|

Mod[11020820 PowerMod[2, -24, 401 113], 401 113]=38882

get square root of 7 to check sums

PowerMod[7, 1/2, 401 113]=4326

now make sure that sin^2[alpha]+cos^2[alpha]==1

Mod[(4326 41533)^2 + 38882^2, 401 113]= 1

I was unable to go further into the complicated trigonmetic identity shown. Also, I was able to do something similar with the code that finds $$x^{2}+3*y^{2}==1\bmod{3}Prime$$. But I have been unable to prove it is a trigonmetric identity.

The Above Equation Seems Not To Be A Trigonmetric Identity
With Euler's unpublished identity shown above, it seems that this may not be a trigometric identity in modular arithmetic.


 * $$|sin[n*tan^{-1}(\sqrt{7})]|/\sqrt{7}$$

If the Sin is a real number then the norm of it is itself. Thus we should have a $$Sin[\Theta]/\sqrt{7}\bmod{p*q}$$ value.

With knowledge of $$cos[\Theta]$$ we can easily create $$Sin[2*\Theta]/\sqrt{7}\bmod{p*q} \equiv Sin[\Theta]*2*cos[\Theta]/\sqrt{7}\bmod{p*q}$$

We can also use Chebychev polynomials, which I have verified work in modular arithmetic.


 * $$U_{2}(Sin[\Theta])\bmod{p*q}\equiv Sin[2*\Theta]\equiv ((4*(7*Sin[\Theta]/\sqrt{7})^{2})-7)*7^{-1}$$

Since we now have $$Sin[2*\Theta]/\sqrt{7}\bmod{p*q}$$ and $$Sin[2*\Theta]$$ we should be able to divide and get the modular square root of 7.

I have done this equations and we do not get anything that is the modular square root of 7. I have either misapplied the equations, or the norm of the trigonometric identities is not themselves, or Euler's math does not work in modular numbers.

Ah, my mistake is that one of the squares is even, they both have to be odd, according to Weiss.

This math may not work for modular arithmetic as $$tan^{-1}[\Theta]$$ is the ARCTAN function and the resulting Sin[\Theta] may not be expressable as a rational number and thus may not be part of the p*q field.

As far as the Weiss quote goes, it has two references for the unpublished Euler equation. I have checked the Engel reference and it does not have the trigometric identity claim that Weiss gives. I was unable to get a hold of the Hickerson reference. It is in an email group and I couldn't retrieve it. It would be interesting to see what that reference had to say regarding the trigometric identities because I cannot get them to work in mod p*q space.

With $$ARCTAN[\sqrt{7}]\bmod{p*q}$$ sought then possibly the sides of the triangle are $$\sqrt{7}, 1, \sqrt{8}$$ and the sine of this triangle would be $$\sqrt{7}*\sqrt[-1]{8}$$ or $$\sqrt[-1]{8}$$. I used p*q combinations that had both square roots of both 7 and 8, but could not make the trigometric identity in p*q space.

Get \sqrt{7}*sin[2*\Theta]

Mod[7 41533 2 38882, 401 113]=27890

Use Chebychev polynomials to get Sin[2*\Theta]

Mod[((41533 7)^2 4 - 7) PowerMod[7, -1, 401 113], 401 113]=6722

try to get \sqrt{7}\bmod{p*q}

Mod[(27890 PowerMod[6722, -1, 401 113]), 401 113]= 24083

show we don't have square root of 7

Mod[24083^2, 113 401]= 29802

On the possibility that symmetry is available here, I have been able to get two odd X and Y values for the equation: $$x^{2}+3*y^{2}\bmod{p*q}= 4*(1\bmod{3} prime)\equiv 2^{n}\bmod{p*q}$$ which is the other equation Jacobi said could be solved.

However, the math shown above, replicated onto the $$\sqrt{3}$$ does not work either. Either I have misapplied the math, the math does not work for $$\sqrt{3}\bmod{p*q}$$, the math does not work for modular arithmetic, or the norm of the trigometric identities is not the same as the identities.

Jacobi Has A Similar Trigometric Identity To Hickerson
Dickson says at that Jacobi stated:

C. G. J. Jacobi stated that, if p is a prime 4*n+1, and $$x^{2}-p*y^{2}==-4$$ then:


 * $$\sqrt{p}(x+y*\sqrt{p})=2^{(p+1)/2} \Pi Sin^{2}[a*\pi/p]$$,

where $$a$$ ranges over the quadratic residues, between 0 and p/2, of p. If q is a prime 8n+3, and $$x^{2}-q*y^{2}=-2$$, then


 * $$x+y*\sqrt{q}=\sqrt{2}*\Pi Sin[(a*\pi/q)+\pi/4]$$

This is a difficult statement to read. Dickson actually means by "ranges over the quadratic residues" include only the nonquadratic numbers.

I have confirmed that the first of the two equations has analogues in modular arthmetic. And also that Mathematica can find integer solutions to the problem. Mathematica cannot find integer solutions to the second problem.

Here is an example of the first equation:

Solve[x^2 - 5 y^2 == -4 && x > 0 && y > 0, {x, y}, Integers]

{{x -> 1, y -> 1}, {x -> 4, y -> 2},

get modular square root of 5 mod 89*29

PowerMod[5, 1/2, 89 29]=337

2 is the only nonquadratic between 1 and 2 inclusive for p=5/2

Sin[2 Pi/5]^2

5/8 + Sqrt[5]/8

make the right side of the equation above

Mod[8 (5 + 337) PowerMod[8, -1, 89 29], 89 29]=342

make the left side of the equation above

Mod[ 337 (1 + 1   337), 89 29]= 342

I can't find the Hickerson reference for the original equation of this section. However, Jacobi's equation above is pretty similar, and can be made to work. The answer (5+5^(1/2)) has some resonnance with Hickerson's claim that the trigonmetic identity is in the field of $$\bmod{\sqrt{-7}}$$

Adolf Kunerth's 1878 Modular Square Root Algorithm
Adolf Kunerth's little known 1878 Modular Square Root Algorithm, as detailed in his paper. Dickson's reference isn't enough to reconstruct the algorithm, but Kunerth's 1878 paper is. I was able to get copies of these two papers (one on the Quadratic Equation, and the other on the Modular Quadratic problem) from the Ernest Mayr Library at Harvard University. Thanks to Mary Sears for obtaining the copies.

I was able to confirm that Kunerth's four examples of solving the modular quadratic problem do work, and I have been able to create four examples where his algorithm does work. One such example that actually finds the square root of B mod (P*Q mod B) instead of B mod P*Q is shown below. I have been able to find the modular square root of B mod N in 3 other examples. All four examples require that C in the quadratic (A*x^2+B*x+C) be a natural square. You do not need to factor the modulus N to get the modular square root.

The algorithm is a fascinating algorithm in that it would be practible for large numbers if one can solve a quadratic equation of $$w^{2} == Az^{2}+Bz+C$$, which is often hard to solve. However, most of the equations are not modular and the one modular computation for the problem $$y^{2} \bmod{p*q}$$ is $$\sqrt{p*q}\bmod{(y^{2}\bmod{p*q})}$$. So the residue becomes the modulus and this is often much easier to factor than the hard semiprime of the original problem. Thus, I conclude, this equation would be solvable, for large numbers, and it is the resulting quadratic equation which makes the computation infeasible.

A naiive explanation of the algorithm follows:


 * 1) for $$y^{2}\bmod{p*q}$$ first solve $$r\equiv \sqrt{p*q}\bmod{(y^{2}\bmod{p*q})}$$
 * 2) create a w^2 == quadratic involving r and solve for w.  This is the hard equation and Kunerth usually solves it by having C of w^2==Ax^2+Bx+C be a natural square and X thus equals 0.  Set V == r in case X == 0 in the computation of w.  For the first example of his second paper, where $$r==17\equiv \sqrt{20521} \bmod{1124}$$, use the following Mathematica&reg; equation to obtain the quadratic:
 * Expand[((1124 z + 17)^2 - 20521)/1124]=
 * -18 + 34 z + 1124 z^2
 * for $$\sqrt{1124} \bmod{20521}$$
 * 3) having set W and V create alpha and beta in another equation: $$\alpha==w(v+\beta*w)$$
 * 4) figure out what Y is by $$y==\alpha * X + \beta$$ after figuring out what X is by the equation (which can be factored) of $$[\alpha^{2}*x^{2}+(2* \alpha * \beta - b)x+(\beta^{2}-c)]$$. Thus $$y=(\alpha*x+\beta)$$

As I said, the algorithm is a fascinating algorithm as it involves mostly sums and quadratic equations. If you can solve the quadratic equation the algorithm does seem to work. (An attempt of mine to solve the quadratic equation by making it modular did not work).

It looks as if $$(r^{2} \pm p*q)/(y^2 \bmod{p*q})$$ is a square then the algorithm is feasible, even for large numbers.

I found an example that fits this qualification for when Kunerth's algorithm can work. the square root of 4289 mod 2048764 === 4049. The square root of -2048764 mod 4289 is 2095. If we take the quadratic that this produces, we, indeed, see that C in the Quadratic is a square.

Expand[((4289 z + 2095)^2 + Mod[2048764, 4289])/4289] 1024 + 4190 z + 4289 z^2

So W=32 and V=2095.

Solving for alpha and beta we get

Solve[a == 32 (2095 + 32 b), {a, b}, Integers]

Thus alpha can be 480 and beta -65.

We do get a factor for the equation given above to discover X.

alpha =480 beta = -65 xx = Factor[alpha^2 x^2 + (2 alpha beta -      Mod[2048764, 4289]) x + (beta^2 - 4289)]

(-64 + 225 x) (1 + 1024 x)

However, this X does not recover Y or the modular square root 4289^(1/2) mod 2048764

Mod[alpha 64 PowerMod[225, -1, 2048764] + beta, 2048764]

1775667 Therefore, my first attempt to make an example of Kunerth's algorithm, besides his examples, didn't work.

The Example works for mod[2848764, 4289] equals 2911
Good news, I was able to make Kunerth's algorithm work, for my example, when I changed the modulus from 2848764 to 2911 or Mod[2048764, 4289]=2911.

The math follows:

alpha=480 beta=-65 Mod[alpha 64 PowerMod[225, -1, 2911] + beta, 2911] = 1430

Mod[alpha (-1) PowerMod[1024, -1, 2911] + beta, 2911] = 1481

Mod[1481^2, 2911]= 1378 Mod[1430^2, 2911]= 1378

and

1378 + 2911= 4289

which is the original square

so my example works for 4289^(1/2) Mod(2848764 mod 4289]

so two roots are found

1481 and 1430

So I have found an example where Kunerth's method does work in a sense. If I had found a quadratic that worked with the full original modulus, 2848764 instead of mod[2848764, 4289]=2911 then I would have found the square root of 4289^(1/2) mod 2848764.

2911 is a semiprime so it would normally have to be factored before the square root could be found by other methods.

FactorInteger[2911]= {{41, 1}, {71, 1}}

Kunerth with Big Modula
If the modula is of the form, no matter how big it is,


 * 5*(SQUARE-1)+1

then the resulting associated quadratic will have C as a square and you can take the modular square root of 5 easily.

If the modula is of the form, no matter how big it is,


 * 3*(SQUARE-2)+2

then the resulting associated quadratic will have C as a square and you can take the modular square root of 3 easily.

Details and examples at

Getting square root of Y times modulus of combined modulus
The talk page of Talk:Kunerth%27s_algorithm shows how to get the modular square root of 67*y mod RSA260. Here we will show how to get the square root of y*89 29 mod 89 29 (89 29+13) (in small numbers).

It's quite complicated but here is the mathematica with some notes

How to find square root of 139 mod 89 29 (89 29+13) times 89 29

given: square root of 67*139 mod 89 29 square root of 67 mod 89 29+13 square root of 139 mod 89 29+13

Output: square root of 139*89*29 mod 89 29(89 29+13)

take square roots in modulus near 89 29 (which is hopefully a prime) In[5]:= PowerMod[67, 1/2, 89 29 + 13]

Out[5]= 135

we know this, it is given by Kunerth's modified routine

In[4]:= PowerMod[67 139, 1/2, 89 29]

Out[4]= 694

In[6]:= PowerMod[67 139, 1/2, 89 29 (89 29 + 13)]

Out[6]= 151407

take chinese remainder and get a sum for combined modulus

In[6]:= x3 = ChineseRemainder[{694, 135}, {89 29, 89 29 + 13}]

Out[6]= 111677

we don't know this but will get this sum times 89 29 at end of procedure

In[15]:= PowerMod[139, 1/2, 89 29 (89 29 + 13)]

Out[15]= 557621

Show the equation that chinese remainder theorum has gotten us

In[2]:= Mod[ PowerMod[67, 1/2, (89 29 + 13) ( 89 29)] + PowerMod[67 , 1/2, ( 89 29) (89 29 + 13)] (( (557621 - 1)) (89 29 +       13)) PowerMod[13, -1, (89 29) (89 29 + 13)], (89 29) (89 29 +     13)]

Out[2]= 111677

get a sum for 67*139 in full modulus(we can do this)

In[26]:= Mod[PowerMod[67, 1/2, 89 29 (89 29 + 13)] (557621), 89 29 (89 29 + 13)]

Out[26]= 978893

redo the sum

In[25]:= Mod[ PowerMod[67, 1/2, 89 29 (89 29 + 13)] + PowerMod[67, 1/2, 89 29 (89 29 + 13)] (557620), 89 29 (89 29 + 13)]

Out[25]= 978893

multiply by difference between the two modula

In[36]:= Mod[ 13 PowerMod[67, 1/2, (89 29 + 13) ( 89 29)] + PowerMod[67 , 1/2, ( 89 29) (89 29 + 13)] (( (557621 - 1)) (89 29 +       13)), (89 29) (89 29 + 13)]

Out[36]= 1451801

substract two sums

In[37]:= Mod[1451801 - 13 978893, 89 29 (89 29 + 13)]

Out[37]= 2116420

get the new answer

In[35]:= Mod[PowerMod[67, 1/2, 89 29 (89 29 + 13)] (557620) 89 29, 89 29 (89 29 + 13)]

Out[35]= 2116420

square

In[40]:= Mod[2116420^2 PowerMod[67, -1, 89 29 (89 29 + 13)], 89 29 (89 29 + 13)]

Out[40]= 2720374

this is result of squaring after dividing by 67

In[44]:= Mod[557620^2 (89 29)^2, 89 29 (89 29 + 13)]

Out[44]= 2720374

multiply by former sum and divide by 67

In[42]:= Mod[2116420 978893 PowerMod[67, -1, 89 29 ( 89 29 + 13)], 89 29 (89 29 + 13)]

Out[42]= 588468

this is the new equation

In[43]:= Mod[557620 557621 89 29, 89 29 ( 89 29 + 13)]

Out[43]= 588468

subtract two sums to get

In[45]:= Mod[588468 89 29 - 2720374, 89 29 ( 89 29 + 13)]

Out[45]= 3019770

we have 1 less than square root of 139 with 89 29 square as multiplier

In[46]:= Mod[557620 (89 29)^2, 89 29 ( 89 29 + 13)]

Out[46]= 3019770

play with the modulus

In[51]:= Mod[ 2 3019770 PowerMod[89 29 - 13, -1, 89 29 ( 89 29 + 13)/2], 89 29 (89 29 + 13)/2]

Out[51]= 3115267

we now have 1 less than the square root of 139 times 89 29

In[52]:= Mod[557620 89 29, 89 29 ( 89 29 + 13)/2]

Out[52]= 3115267

add 89 29 to get square root of 139 times 89 29

In[53]:= Mod[557620 89 29 + 89 29, 89 29 ( 89 29 + 13)/2]

Out[53]= 3117848

we have final sum

In[55]:= Mod[557621 89 29, 89 29 ( 89 29 + 13)/2]

Out[55]= 3117848

Square Root of 5 mod X*RSA260+1
Kunerth's method is quite exciting since it doesn't have to factor the modulus. Follow the mathematica below and see how the square root of 5 mod x*RSA260+1 is found within seconds on a Raspberry PI 4 palmtop. Using the Pythagorean Theorum Solve the quadratic

In[11]:= w = Expand[((2 (RSA260^2 - 1^2 ))^2 + 1 (RSA260^2 - 1^2)^2 +      5 (((2 1 RSA260)^2)))/(5)]^(1/2)

Out[11]= 4889770528994189727851565631690024017165005555729269682395332\ 5863566645342454412925398180236065314500376295946985354254181805038742\ 4723625429992521654787837491618048319631364040388191253484698255313698\ 7424736875836220039610457304524305120045165665398590929500984074537021\ 3332671406165455614268623279672955402907322055976895600593186605328911\ 5169593626456219480475197831634106662908018989638508845064827782102219\ 8331778793835658611538459312186788747890608185252992497633380107893907\ 21301760772016869260727399301258323602

set v

In[12]:= v = 2 (RSA260^2 - 1^2)

Out[12]= 9779541057988379455703131263380048034330011111458539364790665\ 1727133290684908825850796360472130629000752591893970708508363610077484\ 9447250859985043309575674983236096639262728080776382506969396510627397\ 4849473751672440079220914609048610240090331330797181859001968149074042\ 6665342812330911228537246559345910805814644111953791201186373210657823\ 0339187252912438960950395663268213325816037979277017690129655564204439\ 6663557587671317223076918624373577495781216370505984995266760215787814\ 42603521544033738521454798602516647200

make the modulus a variable

In[13]:= mod = (RSA260^2 - 1^2)^2 + 5 (((2 1 RSA260)^2))

Out[13]= 2390985582622011804596626598395673467700135963629555889132984\ 5992580385378407468442673330055684425335333246848835333293215726575872\ 1355685125318060112890318777229278719348539134043483869594721596706402\ 4651101060452794751171383943446773743600355859434238217228786384923053\ 5389751388452988050713762957991442433151288721501791712710759860571865\ 5790897032492359755314922463372956523242589287663244150824214352062397\ 1538543656788644287421389533958059991841118958363279465471977198209879\ 2469088087239949376049602423582807491703992476167184773046653404954534\ 8594032808685422438526157752221902651776609480274917656256432838107178\ 4959761186928798048189304205947855234339204482167029856642017237764576\ 9783217378669834197799692670939878034230039774474178421414940663330766\ 6517128460930159144372737789700813274692324363089889374327026605350455\ 5763358876399563570064243443818628546720647588356443002938261756026433\ 0727573629317789549844076859516283862514294434927309207692660437108140\ 4188164670644817863924855879204361453559753554627758324307483432020

solve for alpha and beta

In[14]:= Solve[a == (w (v + w b)), {a, b}, Integers]

Out[14]=

set alpha

In[15]:= alpha = \ 2390985582622011804596626598395673467700135963629555889132984599258038\ 5378407468442673330055684425335333246848835333293215726575872135568512\ 5318060112890318777229278719348539134043483869594721596706402465110106\ 0452794751171383943446773743600355859434238217228786384923053538975138\ 8452988050713762957991442433151288721501791712710759860571865579089703\ 2492359755314922463372956523242589287663244150824214352062397153854365\ 6788644287421389533958059991841118958363279465471977198209879246908808\ 7239949376049602423582807490726038370368346827476340278616530055970279\ 7573963899161367087049189322708118597689838020209219775207103236786721\ 6220289684579226721003130148340700151209462358318407573838304170244099\ 6162864801289065273454930659062795766552086960510079639321733518633127\ 9071157176223663747034278993459233240236164718392435524768991165140508\ 5198377196853585620784709821429403692261403436611440423444829274829661\ 1627659894279872419849928103747162712619617345255302687530018781765868\ 5649551103709068064778326238119416169413210338282316959996

Out[15]= 2390985582622011804596626598395673467700135963629555889132984\ 5992580385378407468442673330055684425335333246848835333293215726575872\ 1355685125318060112890318777229278719348539134043483869594721596706402\ 4651101060452794751171383943446773743600355859434238217228786384923053\ 5389751388452988050713762957991442433151288721501791712710759860571865\ 5790897032492359755314922463372956523242589287663244150824214352062397\ 1538543656788644287421389533958059991841118958363279465471977198209879\ 2469088087239949376049602423582807490726038370368346827476340278616530\ 0559702797573963899161367087049189322708118597689838020209219775207103\ 2367867216220289684579226721003130148340700151209462358318407573838304\ 1702440996162864801289065273454930659062795766552086960510079639321733\ 5186331279071157176223663747034278993459233240236164718392435524768991\ 1651405085198377196853585620784709821429403692261403436611440423444829\ 2748296611627659894279872419849928103747162712619617345255302687530018\ 7817658685649551103709068064778326238119416169413210338282316959996

set beta

In[7]:= beta = -1

Out[7]= -1

find x value via factoring

In[16]:= Timing[ xxx1 = Factor[(alpha^2 x^2 + (2 alpha beta - (mod)) x + (beta^2 - (         5)))]]

Out[16]= {0.016567, 4 (-1 + 5977463956555029511491566495989183669250339909073889722832461\ 4981450963446018671106683325139211063338333117122088333233039316439680\ 3389212813295150282225796943073196798371347835108709673986803991766006\ 1627752651131986877928459858616934359000889648585595543071965962307633\ 8474378471132470126784407394978606082878221803754479281776899651429663\ 9477242581230899388287306158432391308106473219158110377060535880155992\ 8846359141971610718553473834895149979602797395908198663679942995524698\ 1172720218099873440124006058957018726326118873021448095905694133372322\ 7382091988379180478221022385036616642236051052932055232499442906567720\ 4623721055196470029643028060035462827852498212544872146634214102632624\ 0215714299153677304967349484894852960073367412419171670822768586299817\ 2300429606748391956484622346252430343031537539163549468013793271631745\ 7072535817395349805528635140444815190927887282605988808365190392321271\ 2881103020224084907917578829791642379984340920395197431919577844035986\ 135889372162624437916477625473279798757837173092575185269320916401 x) \ (1 + 23909855826220118045966265983956734677001359636295558891329845992\ 5803853784074684426733300556844253353332468488353332932157265758721355\ 6851253180601128903187772292787193485391340434838695947215967064024651\ 1010604527947511713839434467737436003558594342382172287863849230535389\ 7513884529880507137629579914424331512887215017917127107598605718655790\ 8970324923597553149224633729565232425892876632441508242143520623971538\ 5436567886442874213895339580599918411189583632794654719771982098792469\ 0880872399493760496024235828074909216291915281144165904029038841310166\ 5687997962556070343252200837319885218167742068539474186623877871182886\ 2460103619913573012422179920751655404010174009758579831295066235587318\ 5962726642586805911907529519201340962445681365052526910518441235401452\ 4907154429575698534785555675858497058514648069096495793537408852840473\ 7958434386144714957171853914935664876524714804113498768046899611500344\ 1520151656858253927133077831992555005890570811557177427742374456431091\ 759882648604455752225627663533281207483646456119935487350254404 x)}

find the root of 5 mod (modulus/4)

In[17]:= y20 = Mod[alpha (-1 PowerMod[      239098558262201180459662659839567346770013596362955588913298459\ 9258038537840746844267333005568442533533324684883533329321572657587213\ 5568512531806011289031877722927871934853913404348386959472159670640246\ 5110106045279475117138394344677374360035585943423821722878638492305353\ 8975138845298805071376295799144243315128872150179171271075986057186557\ 9089703249235975531492246337295652324258928766324415082421435206239715\ 3854365678864428742138953395805999184111895836327946547197719820987924\ 6908808723994937604960242358280749092162919152811441659040290388413101\ 6656879979625560703432522008373198852181677420685394741866238778711828\ 8624601036199135730124221799207516554040101740097585798312950662355873\ 1859627266425868059119075295192013409624456813650525269105184412354014\ 5249071544295756985347855556758584970585146480690964957935374088528404\ 7379584343861447149571718539149356648765247148041134987680468996115003\ 4415201516568582539271330778319925550058905708115571774277423744564310\ 91759882648604455752225627663533281207483646456119935487350254404, -1,       mod/4]) + beta, mod/4]

Out[17]= 2988731978277514755745783247994591834625169954536944861416230\ 7490725481723009335553341662569605531669166558561044166616519658219840\ 1694606406647575141112898471536598399185673917554354836993401995883003\ 0813876325565993438964229929308467179500444824292797771535982981153816\ 9237189235566235063392203697489303041439110901877239640888449825714831\ 9738621290615449694143653079216195654053236609579055188530267940077996\ 4423179570985805359276736917447574989801398697954099331839971497762349\ 0586360109049936720062003029478509364752234858433835709504605896985419\ 1746832262245710365578296023423967480854323210666782024826442680496482\ 5273688229999561105687889943052909678673818644078483258092972755196505\ 3239118771150663921813444263360465964683455219082984459381783457164587\ 4562760223895074176484556492459333378519541844219077299900607141760752\ 5218192819399602759231636532652525524062214972457433699463679861605741\ 8156876663858503144250621629353649297988759508947597992420495265082440\ 728151908643043067493304332580870621887973411643651640363750009905

verify root of 5 has been found

In[19]:= Mod[y20^2, mod/4]

Out[19]= 5

show modulus is 1 off a multiple of RSA260

In[20]:= GCD[mod - 1, RSA260]

Out[20]= 2211282552952966643528108525502623092761208950247001539441374\ 8319128822941402001986512729726569746599085900330031400051170742204560\ 8592763579537571859542988389587092292384910067030341246205457845664136\ 64540684214361293017694020846391065875914794251435144458199

How To Find Two Roots of 5 Mod P*Q, using Kunerth
I finally found out how to get the two roots of 5 mod 89*29, which allows the p*q modulus to be factored easily.

Any 1 mod 4 prime (which is the sum of two squares) can be used to factor p*q, if you can solve two equations (that I admit I can't solve for big numbers yet).

There are two equations to solve for the root of 5, which is the sum of two squares, 1 and 4.


 * $$((2(x^2-1))^2+(x^2-1)^2+5(2 *1 *x)^2)/5)^{1/2}$$
 * the modulus is $$(x^2-1)^2+5(2* 1 *x)^2)$$

and


 * $$(((x^2-1))^2+(2(x^2-1))^2+5(2 *1* x)^2)/5)^{1/2}$$
 * the modulus is $$(2(x^2-1))^2+5(2 *1 *x)^2)$$

If you solve for x in the two equations so that the two modula are both multiples of P*Q, then you will often get the two different square roots of 5 (in this case). With the two different roots of 5, factoring p*q is easy.

Look at the mathematica below where these equations are solved and then used in the Kunerth method to get the two different roots of 5 mod 89*29, which are 1265 and 337.

In[2]:= Solve[((x)^2 - 1)^2 + 5 (2* 1 *x)^2 == 89 29, Modulus -> 89 29]

Out[2]= {{x -> 134}, {x -> 269}, {x -> 311}, {x -> 443}, {x -> 714}, {x -> 888}, {x -> 1023}, {x -> 1113}, {x -> 1468}, {x -> 1558}, {x -> 1693}, {x -> 1867}, {x -> 2138}, {x -> 2270}, {x -> 2312}, {x -> 2447}}

In[3]:= Solve[4 ((x)^2 - 1)^2 + 5 (2 1 x)^2 == 89 29, Modulus -> 89 29]

Out[3]= {{x -> 73}, {x -> 217}, {x -> 317}, {x -> 495}, {x -> 607}, {x -> 785}, {x -> 1029}, {x -> 1262}, {x -> 1319}, {x -> 1552}, {x -> 1796}, {x -> 1974}, {x -> 2086}, {x -> 2264}, {x -> 2364}, {x -> 2508}}

In[7]:= w1 = ((5 (134^2 - 1)^2 + 5 (2* 1* 134)^2)/5)^(1/2)

Out[7]= 17957

In[8]:= w2 = ((5 (73^2 - 1)^2 + 5 (2 *1 *73)^2)/5)^(1/2)

Out[8]= 5330

In[6]:= v1 = 2 (134^2 - 1)

Out[6]= 35910

In[26]:= v2 = (73^2 - 1)

Out[26]= 5328

In[15]:= mod1 = (134^2 - 1)^2 + 5 (2 *1* 134)^2

Out[15]= 322741145

In[13]:= Mod[mod1, 89 29]

Out[13]= 0

In[16]:= mod2 = 4 (73^2 - 1)^2 + 5 (2 *1* 73)^2

Out[16]= 113656916

In[17]:= Mod[mod2, 89 *29]

Out[17]= 0

In[27]:= Solve[a == w2 (v2 + w2 b), {a, b}, Integers]

Out[27]=

In[19]:= alpha1 = 322382021

Out[19]= 322382021

In[20]:= beta1 = -1

Out[20]= -1

In[28]:= alpha2 = 28398240

Out[28]= 28398240

In[29]:= beta2 = 0

Out[29]= 0

In[24]:= Timing[ xx1 = Factor[ alpha1^2 x^2 + (2 alpha1 beta1 - mod1) x + (beta1^2 - (((5))))]]

Out[24]= {0.001582, (-4 + 322310209 x) (1 + 322453849 x)}

In[30]:= Timing[ xx2 = Factor[ alpha2^2 x^2 + (2 alpha2 beta2 - mod2) x + (beta2^2 - (((5))))]]

Out[30]= {0.000982, (-5 + 28387584 x) (1 + 28408900 x)}

In[31]:= y201 = Mod[alpha1 (-1 PowerMod[322453849, -1, 89 29]) + beta1, 89 *29]

Out[31]= 1265

In[32]:= Mod[y201^2, 89 *29]

Out[32]= 5

In[33]:= y201 = Mod[alpha2 (-1 PowerMod[28408900, -1, 89 29]) + beta2, 89 *29]

Out[33]= 337

In[34]:= Mod[337^2, 89* 29]

Out[34]= 5

In[35]:= GCD[Mod[1265 PowerMod[337, -1, 89 *29], 89* 29] + 1, 89 *29]

Out[35]= 89

In[36]:= GCD[Mod[1265 PowerMod[337, -1, 89* 29], 89* 29] - 1, 89* 29]

Out[36]= 29

This procedure above is not a deterministic way to get the two modular square roots. Sometimes it returns the same root.

Is Kunerth A Case Of Equivalent Squares
Is the Kunerth method a case of equivalent squares, in that the quadratic equation essentially presents as two equivalent squares.

My current answer is: Usually no, but close, sometimes it is.

For instance to take the root of 5 the quadratic is $$(x^{2}-1)^{2}+(2*1*x)^{2}$$ but the modulus for this quadratic is either $$(x^{2}-1)^{2}+5*(2*1*x)^{2}$$or $$4*(x^{2}-1)^{2}+5*(2*1*x)^{2}$$. Thus Kunerth's method is not usually equivalent squares. It may be equivalent squares for actual natural squares as in $$(5*(x^{2}-1))^{2}+25*(2*1*x)^{2}$$.

If you set x so that the modulus is mod 0 for the modulus you are seeking to solve for, then


 * $$(2(x^{2}-1))^{2}$$ is a square but the whole equation isn't, it is
 * $$5((x^{2}-1)^{2})+(2*1*x)^{2})$$ this isn't a square, it is $$5*SQUARE$$.
 * the actual quadratic is a square but remember that the modulus is this case ($$(2*1*x)^{2}$$
 * isn't a multiple of the intended modulus.

Conclusions About Kunerth's modular square root algorithm
I conclude that Kunerth's algorithm is an important, although limited in scope, modular square root algorithm.

It requires that C in the resulting quadratic Ax^2+Bx+C be a natural square, but I have shown that once you get this result that the square root can be found, in my example of a residue of the original modulus.

I have also shown in the example given above that Kunerth's algorithm can find one square root of a semiprime without factoring the semiprime. And once the quadratic with the natural square concerning C is found, it is probably quick to find the root.

The Quadratic equation that must be solved is equivalent to p*z^2-x^2 mod x*y===0, and so the square root associated can be solved in other ways than Kunerth's. However, with the Pythagorean Theorum it can be shown, for instance, that certain formula for modula can make taking the root of certain residues easy. Such as modula of x^2+x-1 allow the root of residue 5 to be taken easily using Kunerth. Endo999 (talk) 21:06, 26 February 2023 (UTC)

Who Is Adolf Kunerth
There is very little information on Adolf Kunerth. He was an Austrian, active between 1870s and 1880s. He was a professor of a German/Austrian university as well as being an engineer. Apparently he built a bridge in the former Yugoslavia.

Apparently, in 1869 he was an instructor at a training institute in Troppau, in today's Czech republic. Then this was a German speaking area of Austria. He may have been a professor of engineering at Brun (perhaps the Karlo university) in the 1870s when he published his mathematics, for which he is known today. After this he became a head engineer in Bosnia. So it is possible that his math was a second career for him and he was primarily an engineer.

Because there is so little personal information on Adolf Kunerth, and because his method is the most powerful modular square root algorithm known, it is possible that Kunerth is an alias for a more well known person.

However, Mary Sears, of the Ernest Mayr Library at Harvard University, who knows German, says the journal the paper is published in became the Royal Austrian Society journal, so it is a prestigious journal and it was meant to be seen. The publication is not meant to be kept from the academic world. It appeared at Harvard University in 1906.

The modular square root algorithm would have been an obvious diplomatic or military cipher in the precomputer age, since a mechanical calculator could have computed it.

It is strange that the only English language reference to the Kunerth algorithm is in Dickson's 1921 Theory of Numbers(vol ii, p382-384). 144 years have passed since its publication, and you could help your career by publicising it. As it is the only algorithm known to take the modular square root of composite modula without factoring the modulus.

Translating from the German at The w. M. Mr. Hofrath Petzval presented a treatise by Prof. Adolf Kunerth at the secondary school in Brunn, entitled: "Practical method for the numerical resolution of indefinite quadratic equations in whole and in rational numbers".

So it appears that a Mr Petzval presented the treatise of Kunerth's. Hofrath is a German word for Counsellor, so this may be an honorific. There is a Joseph Petzval who was a very well known and important Austrian/Hungarian mathematician. In 1878 when this paper was published Petzval had retired and was becoming a recluse in Kahlenberg, outside Vienna. Petzval was a mathematician of great reknown and is important in the history of optics. He was also a good engineer earlier in his career, as Kunerth was. It's possible that Kunerth actually existed, as an engineer, and that Petzel used his name for various reasons that are unknown, to publish Petzel's math on the modular square root algorithm. Petzel was a mathematician who could have produced the math presented in the papers authored by Kunerth.

This is a speculation. Against this argument, Petzval doesn't seem to have done any number theory. The Theory of Numbers by Dickson only has J. Petzval once in the author's index and this is only in a footnote. J. Petzval wasn't known for number theory. He did have a mathematician brother, named Petrol. It is possible that the math is Petrol Petzval's and not Joseph Petzval's. Petrol, better known as [| Otto Petzal] wrote several high school mathematical books in Hungaria, so it is more likely that Otto gave the lecture in Brun to a high school audience than Joseph, but Otto is not known for independent math. Endo999 (talk) 00:56, 31 October 2022 (UTC)

X+N and X-N found on unsolvable quadratic equations
$$x^{4}+18*x^{2}+1\bmod{p*q}\equiv 0$$ and $$x^{2}+x-1\bmod{p*q}\equiv 0$$, if x can be found then with Kunerth the modular square root of 5 can be found.

Both are unsolvable in the P*Q modula space.

We however can get an answer for $$x^{4}+18*x^{2}\bmod{N*P*Q-1}\equiv 0$$ if the modulus is a prime (often we can do this).

The two answers that will be found will be $$x_{1}+N$$ and $$x_{2}-N$$. I can't get further than this however, this happens for both quadratic equations shown above. One of them, the first, will have $$x_{1}+N$$ and $$x_{2}-N-1$$ actually.

The mathematica shown below will show this effect. In[28]:= Solve[x^4 + 18 x^2 == 0, {x}, Modulus -> 12 89 29 - 1]

Out[28]= {{x -> 0}, {x -> 0}, {x -> 4528}, {x -> 26443}}

In[2]:= Solve[x^4 + 18 x^2 + 1 == 0, {x}, Modulus -> 89 29]

Out[2]= {{x -> 134}, {x -> 269}, {x -> 311}, {x -> 443}, {x -> 714}, {x -> 888}, {x -> 1023}, {x -> 1113}, {x -> 1468}, {x -> 1558}, {x -> 1693}, {x -> 1867}, {x -> 2138}, {x -> 2270}, {x -> 2312}, {x -> 2447}}

In[3]:= Mod[4528, 89 29]

Out[3]= 1947

In[5]:= Mod[26443, 89 29]

Out[5]= 633

In[6]:= 714 - 633

Out[6]= 81

In[4]:= 1947 - 1867

Out[4]= 80

Note that it is possible to find x_1+n and x_2-n-1 for big numbers as well.

In[17]:= Solve[x^4 + 18 x^2 == 0, {x}, Modulus -> 998 RSA260 - 1]

Out[17]= {{x -> 0}, {x -> 0}, {x -> 2716082610274971337694474899142218136748963550135500602361031437724\ 1148029498527233843245349186917213241417399133612721259249692585804181\ 9818630648952854721813303764099692665262595635447345263101006568774477\ 6819639057085831464289459835504443854332275069363102750}, {x -> 1935251726819563576471604818537396032900790177332957476126388938476\ 6450492569345259155379732197915384563586789457975978942475750893157139\ 6070515431820538430231477541697830873720636717018978520619872151494668\ 26026293513345827168515238448239719110330657204806179851}}

One Plus A Cube Cannot Be A Square
Dickson says in fact, $$1+x^{3} = n^{2}$$ only when $$x=0,2,-1$$ This assertion is not true in modular arithmetic. I give the following Mathematica which shows 3 counter examples in 30 tries.

Table[{x, IntegerQ[PowerMod[x^3 + 1, 1/2, 89 29]]}, {x, 1, 30}] // Grid

{ {1, False}, {2, True}, {3, False}, {4, False}, {5, False}, {6, False}, {7, False}, {8, True}, {9, True}, {10, False}, {11, False}, {12, False}, {13, False}, {14, False}, {15, False}, {16, False}, {17, False}, {18, False}, {19, False}, {20, False}, {21, False}, {22, False}, {23, False}, {24, False}, {25, False}, {26, False}, {27, False}, {28, False}, {29, True}, {30, False} }

Bricard and x^2 - 2 y^2 equals 1(mod 8) prime
Dickson says that a Raoul Bricard has proven that all $$\pm 1 \bmod{8}$$ primes can always be decomposed into $$x^{2}-2*y^{2}==\pm 1\bmod{8} prime$$

Dickson says that at vol 2 p255 of his work the method for proving this is explained.

I was not able to get Mathematica to obtain $$x^{2}-2*y^{2}==\pm 1\bmod{8} prime$$ for a big 1000 bit prime number in quick time.

Brocard Studied Pell's Equation Which Bricard Generalised
Henri Brocard, who is mentioned in Dickson's work studied and published a bibliography of Pell's Equation.

Pell's Equation is: $$x^{2}-2*y^{2}=1$$.

R. Bricard, in the section above, generalised Pell's equation by proving that all 1 mod 8 primes numbers are of the form


 * $$x^{2}-2*y^{2}=1\bmod{8}prime$$.

Brocard was a noted geometer, like Bricard. They were both French, and were born only 25 years apart. Much of their mathematical work could be described as complimentary. They could almost have been father and son, except that they were actually from different families with no relation between them.

In the History vol 2 p571 Dickson states:

H. Brocard noted that $$x^{3}+(2*a+1)(x-1)=y^{2}$$ has the special solution


 * $$x=(a+1)^{2}+2*(a+1)-1$$ and $$y=(a+1)^{3}+3*(a+1)-1$$

I was unable to get this equation to work. I tried it out in mathematica several times. There may be a special solution for this, but it is not a general solution. This is unusual because Dickson usually gets it right.

N. Beguelin Is Trashed By Dickson
An amusing passage, from the point of distance of 100 years since the book was published, is the leveling of | N. Beguelin's reputation by Dickson at History of the Theory of Numbers, vol 2, p13-15 (Chelsea Publishing, 1952). Some elipsed quotes of this:

Nicholas Beguelin attempted to prove Fermat's theorem that every integer is a sum of s polygonial numbers of s sides. ... On p411 Beguelin states without proof the erroneous generalization ... Thus Beguelin contradicts himself in his generalisation of Fermat's theorem ... N. Beguelin made a puerile illogical attempt to prove that every number is the sum of three triangular numbers. ... Beguelin next attempted, but failed completely, to deduce

Dickson was known to be a hard man and he shows his metal against the reputation of Nicholas Beguelin, a Swiss mathematician of the 18th Century.

Another disparraging Beguelin quote for Dickson is at vol 1 p 381 N. Beguelin states that $$2^{n}+1$$ has a triniary divisor $$1+2^{p}+2^{q}$$ only when $$n=10,24,32$$ although his examples (p249) contradict this statement.

D.S Hart solution for x^2-Ay^2=1 Works in Modular Arithmetic
D.S. Hart gave a "new" method to solve $$x^{2}-A*y^{2}=1$$. Set $$ A = r^2\pm m$$. Then $$(x+ry)(x-ry)=1\pm m y^{2}$$ Set $$x-ry=1$$. Then


 * $$y=\pm 2r/m$$, $$x=1\pm 2r^{2}/m$$

But the solutions are not in general integers. This works in modular arithmetic, even for big numbers. The solutions being fractions are not a problem for modular arithmetic. For instance,

$$x^{2}-7*y{2}=1$$ In[1]:= A = 4 + 3

Out[1]= 7

In[16]:= yy = Mod[2 2 PowerMod[3, -1, RSA260], RSA260]

Out[16]= 1474188368635311095685405683668415395174139300164667692960916\ 5546085881960934667991008486484379831066057266886687600034113828136373\ 9061842386358381239695325593058061528256606711353560830803638563776091\ 09693789476240862011796013897594043917276529500956762972134

In[17]:= xx = Mod[1 + 2 4 PowerMod[3, -1, RSA260], RSA260]

Out[17]= 7370941843176555478427028418342076975870696500823338464804582\ 7730429409804673339955042432421899155330286334433438000170569140681869\ 5309211931791906198476627965290307641283033556767804154018192818880455\ 4846894738120431005898006948797021958638264750478381486070

show x^-7*y^2=1 found for RSA260 modulus

In[18]:= Mod[xx^2 - 7 yy^2, RSA260]

Out[18]= 1

This works for $$x^{2}-1*y^{2}\bmod{p*q}\equiv 1$$.

In[19]:= yy = Mod[2 2 PowerMod[-3, -1, RSA260], RSA260]

Out[19]= 7370941843176555478427028418342076975870696500823338464804582\ 7730429409804673339955042432421899155330286334433438000170569140681869\ 5309211931791906198476627965290307641283033556767804154018192818880455\ 4846894738120431005898006948797021958638264750478381486065 In[20]:= xx = Mod[1 + 2 4 PowerMod[-3, -1, RSA260], RSA260]

Out[20]= 1474188368635311095685405683668415395174139300164667692960916\ 5546085881960934667991008486484379831066057266886687600034113828136373\ 9061842386358381239695325593058061528256606711353560830803638563776091\ 09693789476240862011796013897594043917276529500956762972131

In[21]:= Mod[xx^2 - 1 yy^2, RSA260]

Out[21]= 1

Lucas Finds the Modular Imaginary Number Of Powers Of Primes From the Prime
According to Dickson:


 * "E. Lucas treated $$x^{2}+1 \bmod{p^{m}} \equiv 0$$, where p is a prime > 2, for use in the question of the number of satins.  Given $$a^{2}+1 \bmod{p}\equiv 0$$, set


 * $$(a+I)^{m}=A+Bi$$, $$\beta * B\bmod{p^{m}}\equiv 1$$


 * Then $$A \beta$$ is a root $$x$$ of the proposed congruence."

This allows the finding of the modular imaginary number for modula of powers of primes once the I number for the Prime modula is known.

This also seems to work for modula of (p*q) and (p*q)^m, as the following example shows. (this works for large numbers as well)

In[1]:= Expand[(568 + I)^5]

Out[1]= 59119154872088 + 520428000641 I

In[2]:= PowerMod[520428000641, -1, (89 29)^5]

Out[2]= 77612584756845935

In[3]:= Mod[-(59119154872088 77612584756845935)^2, (89 29)^5]

Out[3]= 1

This is a very powerful finding since the Pythagorean Bridge, mentioned elsewhere in this blog, between squares and roots can be used for powers of (P*Q)^m as well as (P*Q).

This works for powers of 2 as well, I checked on this.

R. Dedekind Reference In Author's Index Not Found In Text
The author's index of History Of Theory Of Numbers (Chelsea Publishing, 1952) is often the best way to navigate around the three volume reference. Normally, it is extremely accurate, however, in volume 3, p 304, the author's index for Chapter 3 says that  R. Dedekind is mentioned at p76. I was unable, after looking several times, to find this mention, although Dedekind is mentioned on the previous page, p75, and perhaps the math extends onto p76. In this case the index reference should be p75-76, but it is instead p75, p76.

An unusual mistake in the Index volume, normally it is very accurate.

After some time, I have reread p75 and p76 of vol 3. Dedekind is definitely mentioned in p75 and a rather long half page proof is given of his, however at the end of p75 Dickson says "we can prove" and then goes on from Dedekind's math to another proof that continues onto p76, and which I assume is Dickson's, but which he assumes follows from Dedekind's earlier proof. Dedekind is not mentioned by name on p76.

Joseph Bertrand Reference does not contain treatment of equation said
Dickson says at Theory of Numbers vol ii p629 that Joseph Bertrand has a treatment of $$a*x^{4}+b*y^{4}==SQUARE$$ but the reference at p244 does not have this treatment. The reference is at and is Traite Elementaire d'Algebra 1850, p 244. This is quite unusual for a bad reference to Appear in Dickson.

Also the line where Bertrand is mentioned has an asterick footnote, but there is no asterick footnote on p629.

However, a treatment of the equation $$x^{4}+y^{4}==z^{2}$$ can be found at p224-7 of the said math book.

C. G. Bachet math extends from p205 to p206 but he is not mentioned in p206
As a possibility of a fault, it is to be mentioned that in the author's index vol ii, p 205 that he is mentioned on p205 but not on p206. However, his math starts in p205 and goes into the first paragraph of p206. I think the author's index requires the name be on the page, however,in this case the math laps over from p205 to p206.

Can You Factor P*Q With Knowledge Of Only One Square Root Of -1 Mod P*Q
People reading my math blog may notice I spend a lot of effort on the rational square root of -1 mod p*q, or the modular imaginary number.

With knowledge of the 2 square roots of -1 it is trivial to factor p and q since the addition of both square roots will be a nontrivial multiple of p or q and the minus of the two square roots will be a multiple of either p or q.

However, it is possible to factor p*q with knowledge of only one square root of -1 mod p*q in the three following ways:


 * 1) by taking the square root of $$2*\sqrt{-1}_{i}\bmod{p*q}$$ that is not $$1+\sqrt{-1}_{i}\bmod{p*q}$$. See.


 * 2) Each square can be rewritten according to Squareless Numbers and the Square.  p*q can be factored via the following  Blog Entry


 * 3) Each square can be rewritten according to  Squareless Numbers and the Square.  p*q can be factored easily if the $$b(b+1) < p*q$$.  See for help on this.

If there were any easy way to factor p*q with knowledge of only one $$\sqrt{-1}_{i}\bmod{p*q}$$ then this would extend Euler who needs two sums of squares to do his factoring algorithm. Sums of Squares and the $$\sqrt{-1}_{i}\bmod{p*q}$$ are interchangeable and easily convertible into the other.

Three Treatments Of The Pythagorean Theorum

 * 1) Where Pythagorean Triples Allow The Complex Square Root Formula to be used in modular arithmetic:
 * 2) Another Formula Besides Euclid's To Generate Pythagorean Triples:
 * 3)Dickson's Method For Creating Pythagorean Triples Can Also Create Modular Pythagorean Triples:

Three Treatments To Make Adjacent Squares With Known Roots In Mod P*Q Fields

 * 1) How to make four squares equivalent to 0 with adjacent roots: x^2, (x+1)^2, y^2, (y+1)^2: User:Endo999
 * 2) Roots shown of Adjacent Squares Using Pythagorean Triples:
 * 3) Roots shown of Adjacent Squares From Any Residue:
 * 4) Roots shown of Squares N apart, not 1 apart:

Five Treatments That Make A Bridge Between Modular Root And Square
In these treatments the square is determined first and the root is then determined. The square whose root is made known is not known in advance, so these algorithms are not general modular square root algorithms. However, they do establish a bridge between the square and the root. The square can be determined before the root is found.


 * 1) Once the square root of -1 mod p*q is known any square root whose modular complex derivation is populated with Pythagorean Triples can be known:


 * 2) With any sum of two squares (or two powers actually) two modular square roots can be taken: . Some people may say that the root determined is a factor of the two squares involved, however all roots are the division of two squares.  And this section,, will show a root found that is 1 off the division of two squares.  See this section for taking the cube root of the sum of two cubes:


 * 3) With any two sums equalling 0 a modular square root can be taken:.


 * 4) Using Gauss' method of solving the modular quadratic equation and using Pythagorean Triples a method has been derived where the real component of the modular complex square, $$x^{2}\bmod{p*q}$$, is wiped out by knowledge of the modular complex root, $$x \bmod{p*q}$$. At this point the imaginary number is set to be an actual natural square root, and the Pythagorean Triple root/square equation is changed slightly to accommodate this.  As such a bridge between the square (D^2 - 4 * 1 * C* I mod p*q)  and the root (-D + 2* x  mod p* q ) is created.  The root is a modular root of the square.  See here available at the Australian IP patent search for more details on this algorithm.  The public domain part of this work is available at  but only part of the algorithm is shown.
 * The general idea of the algorithm is quoted from the Innovation Patent given above.
 * 1. let X^2 = 2*a + (I^2 + 1)* b_1^2 +2b* I mod p * q be a modular complex number, and let x = a_1 + b_1 * I mod p * q as described in the prior work section of this patent.
 * 2. let the imaginary root, I, have a known square, ie., 4 = 2^2 or 9 = 3^2
 * 3. create a x^2 - D * x + C mod p * q = 0 such that the real component of the complex square number is cancelled out instead of the imaginary component as in the public domain work

A quick example where the imaginary component of the $$A*x^{2}-1*x+c\bmod{p*q}\equiv 0$$ is cancelled out and where $$i=2$$ and $$x=3+i$$ and $$x^{2}\equiv 8+5+6*i$$ and $$A \bmod{p*q}\equiv 6^{-1}$$ follows:

the square is 8+5+6*i, find the inverse of 6

PowerMod[6, -1, 89 29]=2151

find the square using the pythagorean triple: 3,4,5 and the modified SQUARE equation shown above

Mod[(8 + 5 + 6 2), 89 29]=25

find C in the quadratic equation

Mod[2151 25 - 5, 89 29]=2150

make the quadratic equation

Mod[2151 25 - 5 - 2150, 89 29]= 0

make the square as per GAUSS equation

2151=A -1=B -2150=C

Mod[1 - 4 2151 (-2150), 89 29]=574

now make the root as per GAUSS equation

Mod[2 2151 5 - 1, 89 29]= 861

Note the root has been found

Mod[861^2, 89 29]= 574

Thus, this method can be used with any Pythagorean Triple and within each use of a Pythagorean triple any I can be used, and the I can be a rational number.

After quite a bit of reduction it appears that $$574 \bmod{89*29}\equiv 4*9^{-1}$$ and thus that the root is $$2*3^{-1}\bmod{89*29}\equiv 861$$

After some work on this the matter is still inconclusive as the following math shows the case where i=11 find C for quadratic equation Mod[2151 121 - 11, 89 29]= 2160

find the square Mod[1 - 2151 4 (-2160), 89 29]= 1441

find the root Mod[2 2151 (11) - 1, 89 29]= 863

confirm the root works Mod[863^2, 89 29]= 1441

note that 11/3 is 1 off the root, unlike the example for 2

Mod[11 PowerMod[3, -1, 89 29], 89 29]= 864


 * 5) Obtaining modular square roots from $$x^{2}+y^{2}\bmod{p*q}\equiv z^{2}$$ at User:Endo999


 * 6)Working Between Modula to get a root and square combination at User:Endo999