Shanks-Tonelli algorithm
From Wikipedia, the free encyclopedia
The Shanks-Tonelli algorithm is used within modular arithmetic to solve a congruence of the form
where n is a quadratic residue (mod p), and p is prime; typically, .
When , it is much more efficient to use the following identity: .
Shanks-Tonelli cannot be used for composite moduli, which is a problem equivalent to integer factorization.
[edit] The algorithm
Inputs: p, an odd prime. n, an integer which is a quadratic residue (mod p), meaning that the Legendre symbol (n/p) = 1.
Outputs: R, an integer satisfying .
- Factor out powers of 2 from (p-1), defining Q and S as: p − 1 = Q2S.
- Select a W such that the Legendre symbol (W/p) = -1 (that is, W should be a quadratic non-residue modulo p).
- Let .
- Let .
- Loop:
- Find the lowest i, , such that . This can be done efficiently by starting with R2n − 1 and squaring (mod p) until the result is 1.
- If i = 0, return R.
- Otherwise, let and repeat the loop with R' as the new R.
[edit] Uses
Modular square roots are used in, for example, the quadratic sieve and related integer factorization algorithms.
[edit] External links
- Quadratic Sieve Algorithm - contains a description of the Shanks-Tonelli algorithm.