Quadratic residue

From Wikipedia, the free encyclopedia

An integer q is called a quadratic residue modulo n if it is congruent to a perfect square (mod n); i.e., if there exists an integer x such that:

${x^2}\equiv {q} \pmod{n} .$

Otherwise, q is called a quadratic nonresidue (mod n).

Originally an abstract mathematical concept from the branch of number theory known as modular arithmetic, quadratic residues are now used in applications ranging from acoustical engineering to cryptography and the factoring of large numbers.

[edit] Table of quadratic residues

Quadratic Residues
n	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25
n²	1	4	9	16	25	36	49	64	81	100	121	144	169	196	225	256	289	324	361	400	441	484	529	576	625
mod 2	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1
mod 3	1	1	0	1	1	0	1	1	0	1	1	0	1	1	0	1	1	0	1	1	0	1	1	0	1
mod 4	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1	0	1
mod 5	1	4	4	1	0	1	4	4	1	0	1	4	4	1	0	1	4	4	1	0	1	4	4	1	0
mod 6	1	4	3	4	1	0	1	4	3	4	1	0	1	4	3	4	1	0	1	4	3	4	1	0	1
mod 7	1	4	2	2	4	1	0	1	4	2	2	4	1	0	1	4	2	2	4	1	0	1	4	2	2
mod 8	1	4	1	0	1	4	1	0	1	4	1	0	1	4	1	0	1	4	1	0	1	4	1	0	1
mod 9	1	4	0	7	7	0	4	1	0	1	4	0	7	7	0	4	1	0	1	4	0	7	7	0	4
mod 10	1	4	9	6	5	6	9	4	1	0	1	4	9	6	5	6	9	4	1	0	1	4	9	6	5
mod 11	1	4	9	5	3	3	5	9	4	1	0	1	4	9	5	3	3	5	9	4	1	0	1	4	9
mod 12	1	4	9	4	1	0	1	4	9	4	1	0	1	4	9	4	1	0	1	4	9	4	1	0	1
mod 13	1	4	9	3	12	10	10	12	3	9	4	1	0	1	4	9	3	12	10	10	12	3	9	4	1
mod 14	1	4	9	2	11	8	7	8	11	2	9	4	1	0	1	4	9	2	11	8	7	8	11	2	9
mod 15	1	4	9	1	10	6	4	4	6	10	1	9	4	1	0	1	4	9	1	10	6	4	4	6	10
mod 16	1	4	9	0	9	4	1	0	1	4	9	0	9	4	1	0	1	4	9	0	9	4	1	0	1
mod 17	1	4	9	16	8	2	15	13	13	15	2	8	16	9	4	1	0	1	4	9	16	8	2	15	13
mod 18	1	4	9	16	7	0	13	10	9	10	13	0	7	16	9	4	1	0	1	4	9	16	7	0	13
mod 19	1	4	9	16	6	17	11	7	5	5	7	11	17	6	16	9	4	1	0	1	4	9	16	6	17
mod 20	1	4	9	16	5	16	9	4	1	0	1	4	9	16	5	16	9	4	1	0	1	4	9	16	5
mod 21	1	4	9	16	4	15	7	1	18	16	16	18	1	7	15	4	16	9	4	1	0	1	4	9	16
mod 22	1	4	9	16	3	14	5	20	15	12	11	12	15	20	5	14	3	16	9	4	1	0	1	4	9
mod 23	1	4	9	16	2	13	3	18	12	8	6	6	8	12	18	3	13	2	16	9	4	1	0	1	4
mod 24	1	4	9	16	1	12	1	16	9	4	1	0	1	4	9	16	1	12	1	16	9	4	1	0	1
mod 25	1	4	9	16	0	11	24	14	6	0	21	19	19	21	0	6	14	24	11	0	16	9	4	1	0

[edit] History, conventions, and elementary facts

Fermat, Euler, Lagrange, Legendre, and other number theorists of the 17th and 18th centuries proved some theorems^[1] and made some conjectures^[2] about quadratic residues, but the first systematic treatment is § IV of Gauss's Disquisitiones Arithmeticae (1801). Article 95 introduces the terminology "quadratic residue" and "quadratic nonresidue", and states that, if the context makes it clear, the adjective "quadratic" may be dropped.

For a given n a list of the quadratic residues (mod n) may be obtained by simply squaring the numbers 0, 1, …, n − 1. Because a² ≡ (n − a)² (mod n), the list of squares (mod n) is symmetrical around n/2, and the list only needs to go that high. This can be seen in the above table.

Thus, the number of quadratic residues (mod n) cannot exceed n/2 + 1 (n even) or (n + 1)/2 (n odd).^[3]

The product of two residues is always a residue.

[edit] Prime modulus

Modulo 2, only 1 is considered a quadratic residue.

Modulo an odd prime number p there are (p + 1)/2 residues (including 0) and (p − 1)/2 nonresidues. In this case, it is customary to consider 0 as a special case and work within the multiplicative group of nonzero elements of the field Z/pZ. (In other words, every congruence class except zero (mod p) has a multiplicative inverse. This is not true for composite moduli.)^[4]

Following this convention, the multiplicative inverse of a residue is a residue, and the inverse of a nonresidue is a nonresidue.^[5]

Following this convention, modulo a prime number there are an equal number of residues and nonresidues.^[6]

Modulo a prime, the product of two nonresidues is a residue and the product of a nonresidue and a (nonzero) residue is a nonresidue.^[7]

The first supplement^[8] to the law of quadratic reciprocity is that if p ≡ 1 (mod 4) then −1 is a quadratic residue (mod p), and that if p ≡ 3 (mod 4) −1 is a nonresidue (mod p). This implies

If p ≡ 1 (mod 4) the negative of a residue (mod p) is a residue and the negative of a nonresidue is a nonresidue.

If p ≡ 3 (mod 4) the negative of a residue (mod p) is a nonresidue and the negative of a nonresidue is a residue.

[edit] Prime power modulus

All odd squares are ≡ 1 (mod 8) and a fortiori ≡ 1 (mod 4). If a is an odd number and m = 8, 16, or some higher power of 2, then a is a residue (mod m) if and only if a ≡ 1 (mod 8).^[9]

For example, mod (32) the odd squares are

1² ≡ 15² ≡ 1

3² ≡ 13² ≡ 9

5² ≡ 11² ≡ 25

7² ≡ 9² ≡ 17

and the even ones are

0² ≡ 8² ≡ 16² ≡ 0

2² ≡ 6²≡ 10² ≡ 14²≡ 4

4² ≡ 12² ≡ 16

So a number is a residue mod 8, 16, etc, if and only if it is of the form 4^k(8n + 1).

A number A relatively prime to an odd prime p is a residue modulo any power of p if and only if it is a residue (mod p).^[10]

If the modulus is pⁿ,

then p^kA

is a residue (mod pⁿ) if k ≥ n

is a nonresidue (mod pⁿ) if k < n is odd

is a residue (mod pⁿ) if k < n is even and A is a residue

is a nonresidue (mod pⁿ) if k < n is even and A is a nonresidue.^[11]

Notice that the rules are different for powers of two and powers of odd primes.

Modulo an odd prime power n = p^k, the products of residues and nonresidues relatively prime to p obey the same rules as they do mod p; p is a nonresidue, and in general all the residues and nonresidues obey the same rules, except that the products will be zero if the power of p in the product ≥ n.

Modulo 8, the product of the nonresidues 3 and 5 is the nonresidue 7.

[edit] Composite modulus not a prime power

The basic fact in this case is

if a is a residue (mod n) then a is a residue (mod p^k) for every prime power dividing n.

if a is a nonresidue (mod n) then a is a nonresidue (mod p^k) for at least one prime power dividing n.

Modulo a composite number, the product of two residues is a residue, and the product of a residue and a nonresidue is a nonresidue (or zero). However, the product of two nonresidues may be either a residue, a nonresidue, or zero.

For example, from the table for (mod 15) 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 (residues in bold). The product of the nonresidues 2 and 8 is the residue 1, whereas the product of the nonresidues 2 and 7 is the nonresidue 14.

This phenomenon can best be described using the vocabulary of abstract algebra. The congruence classes relatively prime to the modulus are a group under multiplication, called the group of units of the ring Z/nZ, and the squares are a subgroup of it. Different nonresidues may belong to different cosets, and there is no simple rule that predicts which one their product will be in. Modulo a prime, there is only the subgroup of squares and a single coset.

The fact that, e.g., (mod 15) the product of the nonresidues 3 and 5, or of the nonresidue 5 and the residue 9, or the two residues 9 and 10 are all zero comes from working in the full ring Z/nZ, which has zero divisors for composite n.

For this reason some authors^[12] add to the definition that a quadratic residue q must not only be a square but must also be relatively prime to the modulus n.

Although it makes things tidier, this article does not insist that residues must be prime to the modulus.

[edit] Notations

Gauss^[13] used R and N to denote residuacity and non-residuacity, respectively;

for example, 2 R 7 and 5 N 7, or 1 R 8 and 3,5,7 N 8.

Although this notation is compact and convenient for some purposes,^[14]^[15] the most useful notation is the Legendre symbol, also called the quadratic character, which is defined for all integers a and positive odd prime numbers p as

$\left(\frac{a}{p}\right) = \begin{cases}\;\;\,0\mbox{ if }p \mbox { divides } a\\+1\mbox{ if }a \mbox{ R } p \mbox{ and }p \mbox { does not divide } a\\-1\mbox{ if }a \mbox{ N } p .\end{cases}$

There are two reasons why numbers ≡ 0 (mod p) are treated specially. As we have seen, it makes many formulas and theorems easier to state. The other (related) reason is that the quadratic character is a homomorphism from the multiplicative group of nonzero conguence classes (mod p) to the complex numbers. Setting $(\tfrac{np}{p}) = 0$ allows its domain to be extended to the multiplicative semigroup of all the integers.^[16]

One advantage of this notation over Gauss's is that the Legendre symbol is a function that can be used in formulas.^[17] It can also easily be generalized to cubic, quartic and higher power residues.^[18]

There is a generalization of the Legendre symbol for composite values of p, called the Jacobi symbol, but its properties are not as simple: if m is composite and the Jacobi symbol (a|m) = −1, then a N m, and if a R m then (a|m) = 1, but if (a|m) = 1 we do not know whether a R m or a N m. If m is prime, the Jacobi and Legendre symbols agree.

[edit] Distribution of Quadratic Residues

Although quadratic residues appear to occur in a rather random pattern (mod n), and this has been exploited in such applications as acoustics and cryptography, their distribution also exhibits some striking regularities.

Using Dirichlet's theorem on primes in arithmetic progressions, the law of quadratic reciprocity, and the Chinese remainder theorem (CRT) it is easy to see that for any M > 0 there are primes p such that the numbers 1, 2, …, M are all residues (mod p).

For example, if p ≡ 1 (mod 8), (mod 12), (mod 5) and (mod 28), then 2, 3, 5, and 7 will all be residues (mod p), and thus all numbers 1–10 will be. The CRT says that this is the same as p ≡ 1 (mod 840), and Dirichlet's theorem says there are an infinite number of primes of this form. 2521 is the smallest, and indeed 1² ≡ 1, 1046² ≡ 2, 123² ≡ 3, 2² ≡ 4, 643² ≡ 5, 87² ≡ 6, 668² ≡ 7, 429² ≡ 8, 3²≡ 9, and 529² ≡ 10 (mod 2521).

[edit] Dirichlet's formulas

The first of these regularities stems from Dirichlet's work (in the 1830s) on the analytic formula for the class number of binary quadratic forms^[19]. Let q be a prime number, s a complex variable, and define a Dirichlet L-function as

$L(s) = \sum_{n=1}^\infty\left(\frac{n}{q}\right)n^{-s}.$

Dirichlet showed that if q ≡ 3 (mod 4)

$L(1) = -\frac{\pi}{\sqrt q}\sum_{n=1}^{q-1}n\left(\frac{n}{q}\right) > 0.$

Therefore, in this case (prime q ≡ 3 (mod 4)), the sum of the quadratic residues minus the sum of the nonresidues in the range 1, 2, …, q − 1 is a negative number.

For example (mod 11), 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 (residues in bold)

1 + 4 + 9 + 5 + 3 = 22, 2 + 6 + 7 + 8 + 10 = 33, and the difference is −11.

In fact the difference will always be an odd multiple of q.^[20]

Dirichlet also proved that (still with prime q ≡ 3 (mod 4))

$L(1) = \frac{\pi}{\left(2-\left(\frac{2}{q}\right)\right)\sqrt q}\sum_{n=1}^\frac{q-1}{2}\left(\frac{n}{q}\right) > 0.$

This implies that there are more quadratic residues than nonresidues among the numbers 1, 2, …, (q − 1)/2.

For example, (mod 11) there are four residues less than 6 (namely 1, 3, 4, and 5), but only one nonresidue (2).

An intriguing fact about these two theorems is that all known proofs rely on analysis; no-one has ever published a simple or direct proof of either statement.^[21]

[edit] Pairs of residues and nonresidues

Modulo a prime p, the number of pairs n, n + 1 where n R p and n + 1 R p, or n N p and n + 1 R p, etc., are almost equal. More precisely,^[22]^[23]

Let p be an odd prime. For i, j = 0, 1 define the sets

$A_{ij}=\left\{k\in\{1,2,\dots,p-1\}: \left(\frac{k}{p}\right)=(-1)^i\land\left(\frac{k+1}{p}\right)=(-1)^j\right\},$

and let

α i j = | A i j | .

That is,

α₀₀ is the number of residues that are followed by a residue,

α₀₁ is the number of residues that are followed by a nonresidue,

α₁₀ is the number of nonresidues that are followed by a residue, and

α₁₁ is the number of nonresidues that are followed by a nonresidue.

Then if p ≡ 1 (mod 4)

$\alpha_{00} = \frac{p-5}{4},\;\alpha_{01} =\alpha_{10} =\alpha_{11} = \frac{p-1}{4}$

and if p ≡ 3 (mod 4)

$\alpha_{01} = \frac{p+1}{4},\;\alpha_{00} =\alpha_{10} =\alpha_{11} = \frac{p-3}{4}.$

For example: (residues in bold)
Modulo 17

1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16

A₀₀ = {1,8,15},

A₀₁ = {2,4,9,13},

A₁₀ = {3,7,12,14},

A₁₁ = {5,6,10,11}.

Modulo 19

1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18

A₀₀ = {4,5,6,16},

A₀₁ = {1,7,9,11,17},

A₁₀ = {3,8,10,15},

A₁₁ = {2,12,13,14}.

Gauss (1828)^[24] introduced this sort of counting when he proved that if p ≡ 1 (mod 4) then x⁴ ≡ 2 (mod p) can be solved if and only if p = a² + 64 b².

[edit] The Pólya–Vinogradov inequality

The values of (a|p) for consecutive values of a mimic a random variable like a coin flip.^[25] Specifically,
Pólya and Vinogradov proved^[26] (independently) in 1918 that for any nonprincipal Dirichlet character χ(n) (mod q) and any integers M and N,

$\left|\sum_{n=M+1}^{M+N}\chi(n)\right| =O\left( \sqrt q \log q\right).$ Settting $\chi(n) = \left(\frac{n}{q}\right),$

this shows that the number of quadratic residues (mod q) in any interval of length N is

$\frac{1}{2}N + O(\sqrt q\log q).$ It is easy^[27] to prove that $\left| \sum_{n=M+1}^{M+N} \left( \frac{n}{q} \right) \right| < \sqrt q \log q.$

In fact^[28], $\left| \sum_{n=M+1}^{M+N} \left( \frac{n}{q} \right) \right| < \frac{4}{\pi^2} \sqrt q \log q+0.41\sqrt q +0.61.$

Montgomery and Vaughan improved this in 1977, showing that, if the generalized Riemann hypothesis is true then

$\left|\sum_{n=M+1}^{M+N}\chi(n)\right|=O\left(\sqrt q \log \log q\right).$

This result cannot be substatially improved, for Paley had proved in 1932 that

$\max_N \left|\sum_{n=1}^{N}\left(\frac{d}{n}\right)\right|>\frac{1}{7}\sqrt q \log \log q$

for infinitely many d > 0.

[edit] Complexity of finding square roots

That is, given a number a and a modulus n, how hard is it 1) to tell whether an x solving x² ≡ a (mod n) exists, and 2) assuming one does, to calculate it?

An important difference between prime and composite moduli shows up here. Modulo a prime p, a quadratic residue a has 1 + (a|p) roots (i.e. zero if a N p, one if a ≡ 0 (mod p), or two if a R p and gcd(a,p) = 1.)

In general if a composite modulus n is written as a product of powers of distinct primes, and there are n₁ roots modulo the first one, n₂ mod the second, …, there will be n₁n₂… roots (mod n).

The theoretical way solutions modulo the prime powers are combined to make solutions (mod n) is called the Chinese remainder theorem; it can be implemented with an efficient algorithm.^[29]

For example:

Solve x² ≡ 6 (mod 15).

x² ≡ 6 (mod 3) has one solution, 0; x² ≡ 6 (mod 5) has two, 1 and 4.

and there are two solutions (mod 15), namely 6 and 9.

Solve x² ≡ 4 (mod 15).

x² ≡ 4 (mod 3) has two solutions, 1 and 2; x² ≡ 4 (mod 5) has two, 2 and 3.

and there are four solutions (mod 15), namely 2, 7, 8, and 13.

[edit] Prime or prime power modulus

First off, if the modulus n is prime the Legendre symbol (a|n) can be quickly computed using a variation of Euclid's algorithm.^[30]; if it is −1 there is no solution. Secondly, assuming that (a|n) = 1, if n ≡ 3 (mod 4), Lagrange found that the solutions are given by

$x \equiv \pm\; a^{\frac{n+1}{4}} \pmod{n} ,$

and Legendre found a similar solution^[31] if n ≡ 5 (mod 8).

For prime n ≡ 1 (mod 8), however, there is no known formula or deterministic algorithm. Tonelli^[32] (in 1891) and Cipolla^[33] found efficient algorithms that work for all prime moduli. Both algorithms require finding a quadratic nonresidue (mod n), and there is no determistic algorithm known for doing that. But since half the numbers between 1 and n are nonresidues, picking numbers x at random and calculating the Legendre symbol (x|n) until a nonresidue is found will quickly produce one.

If the modulus n is a prime power n = p^e, a solution may be found (mod p) and "lifted" to a solution (mod n) using Hensel's lemma or an algorithm of Gauss's.^[34]

[edit] Composite modulus

If the modulus n has been factored into prime powers the solution was discussed above.

If the Jacobi symbol (a|n) = −1 then there is no solution. If it is +1, there may or may not be.

If the factorization of n is not known, and (a|n) = 1, the problem is known to be equivalent to integer factorization of n (i.e. an efficient solution to either problem could be used to solve the other efficiently).

The above discussion indicates how knowing the factors of n allows us to find the roots efficiently. Say there were an efficient algorithm for finding square roots modulo a composite number. The article congruence of squares discuses how finding two numbers x and y where x² ≡ y² (mod n) and x ≠ ±y suffices to factorize n efficiently. Generate a random number, square it (mod n), and have the efficient square root algorithm find a root. Repeat until it returns a number not equal to the one we originally squared (or its negative (mod n)), then follow the algorithm described in congruence of squares. The efficiency of the factoring algorithm depends on the exact characteristics of the root-finder (e.g. does it return all roots? just the smallest one? a random one?), but it will be efficient.^[35]

Simply determining whether a N n or a R n (which can be done efficiently for prime n by computing the Legendre symbol) is known as the quadratic residuosity problem when n is composite. It is not as hard as factorization, but is thought to be quite hard.

On the other hand, if we want to know if there is a solution for x less than some given limit c, this problem is NP-complete; ^[36] however, this is a fixed-parameter tractable problem, where c is the parameter.

[edit] Applications of quadratic residues

[edit] Acoustics

Sound diffusers have been based on number-theoretic concepts such as primitive roots and quadratic residues.

[edit] Graph theory

Paley graphs are dense undirected graphs, one for each prime p ≡ 1 (mod 4), that form an infinite family of conference graphs, which yield an infinite family of symmetric conference matrices.

Paley digraphs are directed analogs of Paley graphs, one for each p ≡ 3 (mod 4), that yield antisymmetric conference matrices.

The construction of these graphs uses quadratic residues.

[edit] Cryptography

The fact that finding a square root of a number modulo a large composite n is equivalent to factoring (which is widely believed be a hard problem) has been used for constructing cryptographic schemes such as the Rabin cryptosystem and the oblivious transfer. The quadratic residuosity problem is the basis for the Goldwasser-Micali cryptosystem.

The discrete logarithm is a similar problem that is also used in cryptography.

[edit] Primality testing

Euler's criterion is a formula for the Legendre symbol (a|p) where p is prime. If p is composite the formula may or may not compute (a|p) correctly. The Solovay-Strassen primality test for whether a given number n is prime or composite picks a random a and computes (a|n) using a modification of Euclid's algorithm,^[37] and also using Euler's criterion.^[38] If the results disagree, n is composite; if they agree, n may be composite or prime. For a composite n at least 1/2 the values of a in the range 2, 3, ..., n − 1 will return "n is composite"; for prime n none will. If, after using many different values of a, n has not been proved composite it is called a "probable prime".

The Miller-Rabin primality test is based on the same principles. There is a deterministic version of it, but the proof that it works depends on the generalized Riemann hypothesis; the output from this test is "n is definitely composite" or "either n is prime or the GRH is false". If the second output ever occurs for a composite n it will be on the front page of every newspaper in the world.^[39]

[edit] Integer factorization

In § VI of the Disquisitiones Arithmeticae^[40] Gauss discusses two factoring algorithms that use quadratic residues and the law of quadratic reciprocity.

Several modern factorization algorithms (including Dixon's algorithm, the continued fraction method, the quadratic sieve, and the number field sieve) generate small quadratic residues (modulo the number being factorized) in an attempt to find a congruence of squares which will yield a factorization. The number field sieve is the fastest general-purpose factorization algorithm known.

[edit] See also

[edit] Notes

^ Lemmemeyer, Ch. 1
^ Lemmermeyer, pp 6–8, p. 16 ff
^ Gauss, DA, art. 94
^ Gauss, DA, art. 96
^ Gauss, DA, art. 98
^ Gauss, DA, art. 96
^ Gauss, DA, art. 98
^ Gauss, DA, art 111
^ Gauss, DA, art. 103
^ Gauss, DA, art. 101
^ Gauss, DA, art. 102
^ e.g. Ireland & Rosen, p. 50
^ Gauss, DA, art. 131
^ e.g. Hardy and Wright use it
^ Gauss, DA, art 230 ff.
^ This extension of the domain is necessary for defining L functions.
^ See Legendre symbol#Formulas for the Legendre symbol for examples
^ Lemmermeyer, pp 111–end
^ Davenport, pp 8–9, 43–51. These are classical results.
^ Davenport, pp 49–51 (conjectured by Jacobi, proved by Dirichlet)
^ Davenport, p. 9
^ Lemmermeyer, p. 29 ex. 1.22; cf pp. 26–27, Ch. 10
^ Crandall & Pomerance, ex 2.38, pp 106–108
^ Gauss, Theorie der biquadratischen Reste, Erste Abhandlung (pp 511–533 of the Untersuchungen über hohere Arithmetik)
^ Crandall & Pomerance, ex 2.38, pp 106–108 discuss the similarities and differences. For example, tossing n coins, it is possible (though unlikely) to get n/2 heads followed by that many tails. V-P inequality rules that out for residues.
^ Davenport, pp 135-137 (proof of P–V, (in fact big-O can be replace by 2); journal references for Paley and Montgomery)
^ Planet Math: Proof of Pólya–Vinogradov Inequality in external links. The proof is a page long and only requires elementary facts about Gaussian sums
^ Pomerance & Crandall, ex 2.38 pp.106–108. result from T. Cochrane, "On a trigonometric inequality of Vinogradov", J. Number Theory, 27:9–16, 1987
^ Bach & Shallit, p 104 ff; it requires O(log² m) steps where m is the number of primes dividing n.
^ Bach & Shallit p 113; computing (a|n) requires O(log a log n) steps
^ Lemmermyer, p. 29
^ Bach & Shallit p. 156 ff; the algorithm requires O(log⁴n) steps.
^ Bach & Shallit p. 156 ff; the algorithm requires O(log³ n) steps and is also nondetermisitic.
^ Gauss, DA, art. 101
^ Crandall & Pomerance, ex. 6.5 & 6.6, p.273
^ Manders & Adleman 1978
^ Bach & Shallit p 113
^ Bach & Shallit pp 109–110; Euler's criterion requires O(log³ n) steps
^ Because whoever did it would get a million dollars for resolving the GRH. See Clay Mathematics Institute.
^ Gauss, DA, arts 329–334

[edit] References

The Disquisitiones Arithmeticae has been translated from Gauss's Ciceronian Latin into English and German. The German edition includes all of his papers on number theory: all the proofs of quadratic reciprocity, the determination of the sign of the Gauss sum, the investigations into biquadratic reciprocity, and unpublished notes.

Gauss, Carl Friedrich & Clarke, Arthur A. (translator into English) (1986), Disquisitiones Arithemeticae (Second, corrected edition), New York: Springer, ISBN 0387962549

Gauss, Carl Friedrich & Maser, H. (translator into German) (1965), Untersuchungen über hohere Arithmetik (Disquisitiones Arithemeticae & other papers on number theory) (Second edition), New York: Chelsea, ISBN 0-8284-0191-8

Bach, Eric & Shallit, Jeffrey (1966), Algorithmic Number Theory (Vol I: Efficient Algorithms), Cambridge: The MIT Press, ISBN 0-262-02045-5

Crandall, Richard & Pomerance, Carl (2001), Prime Numbers: A Computational Perspective, New York: Springer, ISBN 0-387-04777-9

Davenport, Harold (2000). Multiplicative Number Theory (Third edition). New York: Springer. ISBN 0-387-95097-4.

Michael R. Garey and David S. Johnson (1979). Computers and Intractability: A Guide to the Theory of NP-Completeness. W.H. Freeman. ISBN 0-7167-1045-5. A7.1: AN1, pg.249.}}

Hardy, G. H. & Wright, E. M. (1980), An Introduction to the Theory of Numbers (Fifth edition), Oxford: Oxford University Press, ISBN 978-0198531715

Ireland, Kenneth & Rosen, Michael (1990), A Classical Introduction to Modern Number Theory (Second edition), New York: Springer, ISBN 0-387-97329-X

Lemmermeyer, Franz (2000), Reciprocity Laws: from Euler to Eisenstein, Berlin: Springer, ISBN 3-540-66967-4

Kenneth L. Manders; Leonard Adleman (1978). "NP-Complete Decision Problems for Binary Quadratics". Journal of Computer and System Sciences 16 (2): 168–184. doi:10.1016/0022-0000(78)90044-2.

[edit] External links

Categories: Modular arithmetic | NP-complete problems