You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
2.3 KiB
94 lines
2.3 KiB
# from http://eli.thegreenplace.net/2009/03/07/computing-modular-square-roots-in-python/ |
|
|
|
def modular_sqrt(a, p): |
|
""" Find a quadratic residue (mod p) of 'a'. p |
|
must be an odd prime. |
|
|
|
Solve the congruence of the form: |
|
x^2 = a (mod p) |
|
And returns x. Note that p - x is also a root. |
|
|
|
0 is returned is no square root exists for |
|
these a and p. |
|
|
|
The Tonelli-Shanks algorithm is used (except |
|
for some simple cases in which the solution |
|
is known from an identity). This algorithm |
|
runs in polynomial time (unless the |
|
generalized Riemann hypothesis is false). |
|
""" |
|
# Simple cases |
|
# |
|
if legendre_symbol(a, p) != 1: |
|
return 0 |
|
elif a == 0: |
|
return 0 |
|
elif p == 2: |
|
return p |
|
elif p % 4 == 3: |
|
return pow(a, (p + 1) / 4, p) |
|
|
|
# Partition p-1 to s * 2^e for an odd s (i.e. |
|
# reduce all the powers of 2 from p-1) |
|
# |
|
s = p - 1 |
|
e = 0 |
|
while s % 2 == 0: |
|
s /= 2 |
|
e += 1 |
|
|
|
# Find some 'n' with a legendre symbol n|p = -1. |
|
# Shouldn't take long. |
|
# |
|
n = 2 |
|
while legendre_symbol(n, p) != -1: |
|
n += 1 |
|
|
|
# Here be dragons! |
|
# Read the paper "Square roots from 1; 24, 51, |
|
# 10 to Dan Shanks" by Ezra Brown for more |
|
# information |
|
# |
|
|
|
# x is a guess of the square root that gets better |
|
# with each iteration. |
|
# b is the "fudge factor" - by how much we're off |
|
# with the guess. The invariant x^2 = ab (mod p) |
|
# is maintained throughout the loop. |
|
# g is used for successive powers of n to update |
|
# both a and b |
|
# r is the exponent - decreases with each update |
|
# |
|
x = pow(a, (s + 1) / 2, p) |
|
b = pow(a, s, p) |
|
g = pow(n, s, p) |
|
r = e |
|
|
|
while True: |
|
t = b |
|
m = 0 |
|
for m in xrange(r): |
|
if t == 1: |
|
break |
|
t = pow(t, 2, p) |
|
|
|
if m == 0: |
|
return x |
|
|
|
gs = pow(g, 2 ** (r - m - 1), p) |
|
g = (gs * gs) % p |
|
x = (x * gs) % p |
|
b = (b * g) % p |
|
r = m |
|
|
|
def legendre_symbol(a, p): |
|
""" Compute the Legendre symbol a|p using |
|
Euler's criterion. p is a prime, a is |
|
relatively prime to p (if p divides |
|
a, then a|p = 0) |
|
|
|
Returns 1 if a has a square root modulo |
|
p, -1 otherwise. |
|
""" |
|
ls = pow(a, (p - 1) / 2, p) |
|
return -1 if ls == p - 1 else ls
|
|
|