Kunerth's algorithm

Last updated March 08, 2024

Kunerth's algorithm is an algorithm for computing the modular square root of a given number.^[1]^[2] The algorithm does not require the factorization of the modulus, and relies on modular operations that is often easy when the given number is prime.

Algorithm

To find y from a given value

B=y^{2}{\bmod {N}},

it takes the following steps:

find the modular square root of $r\equiv {\sqrt {\pm N}}{\pmod {B}}$ . This step is quite easy, irrespectively of how big N when $B$ is a prime.
solve a quadratic equation associated with the modular square root of $w^{2}=A\cdot z^{2}+B\cdot z+C$ . Most of Kunerth's examples in his original paper solve this equation by having C be a integer square and thus setting z to zero.
Expand out the following equation to obtain the quadratic
$((B\cdot z+r)^{2}\pm N)/B=w^{2}.$
One can always make sure that the quadratic can be solved by adjusting the modulus N in the above equation. Thus
$((B\cdot z+r)^{2}+(B\cdot F+N))/B=w^{2}$
will ensure a quadratic of $A\cdot z^{2}+D\cdot z+C+F$ .
One can then adjust F to make sure that $C+F$ is a square. For large moduli, such as ${\sqrt {67}}{\bmod {67F+RSA260}}$ , can have their square roots computed quickly via this method.
The parameters of the polynomial expansion are quite flexible, in that $((67z+r)^{2}+X\cdot RSA260)/(67y)$ can be done, for instance. It is quite easy to choose X and Y such that $(r^{2}+X\cdot RSA260)/(67y)$ is a square. The modular square root of ${\sqrt {67y}}{\bmod {RSA260}}$ can be taken this way.
Having solved the associated quadratic equation we now have the variables w and set v = r (if C in the quadratic is a natural square).
Solve for variables $\alpha$ and $\beta$ the following equation:
$\alpha =w(v+w\beta ),$
Obtain a value for X via factorization of the following polynomial:
$\alpha ^{2}\cdot x^{2}+(2\alpha \beta -N)x+(\beta ^{2}-(y^{2}{\bmod {N}}))$
obtaining an answer like
$(-37+9x)(1+25x)$
Obtain the modular square root by the equation. Remember to set X such that the term above is zero. Thus X would be 37/9 or -1/25.
$y\equiv \alpha X+\beta {\pmod {N}}.$

Example

To obtain ${\sqrt {41}}{\bmod {856}},$ first obtain ${\sqrt {-856}}\equiv 13{\pmod {41}}$ .

Then expand the polynomial:

((41z+13)^{2}+856)/41=w^{2}

into

25+26z+41z^{2}

Since, in this case the C term is a square, we take $w=5$ and compute $v=13$ (in general, $v=41\cdot z+13$ ).

Solve for

\alpha

and

\beta

the following equation

\alpha ==w(v+w\beta )

getting the solution

\alpha =15

and

\beta =-2

. (There may be other pairs of solutions to this equation.)

Then factor the following polynomial:

\alpha ^{2}x^{2}+(2\alpha \beta -856)x+(\beta ^{2}-41)

obtaining

(-37+9x)(1+25x)

Then obtain the modular square root via

15\cdot (37\cdot 9^{-1})+(-2)\equiv 345{\pmod {856}}.

Verify that

345^{2}\equiv 41{\pmod {856}}.

In the case that ${\sqrt {-856}}{\bmod {41}}$ has no answer, then $r\equiv {\sqrt {-856}}{\pmod {b\cdot 856+41}}$ can be used instead.

Related Research Articles

<span class="mw-page-title-main">Quadratic reciprocity</span> Gives conditions for the solvability of quadratic equations modulo prime numbers

In number theory, the law of quadratic reciprocity is a theorem about modular arithmetic that gives conditions for the solvability of quadratic equations modulo prime numbers. Due to its subtlety, it has many formulations, but the most standard statement is:

In elementary algebra, the quadratic formula is a formula that provides the solutions to a quadratic equation. Other ways of solving a quadratic equation, such as completing the square, yield the same solutions.

In mathematics, a reciprocity law is a generalization of the law of quadratic reciprocity to arbitrary monic irreducible polynomials $with integer coefficients. Recall that first reciprocity law, quadratic reciprocity, determines when an irreducible polynomial splits into linear terms when reduced mod . That is, it determines for which prime numbers the relation$

In mathematics, a quadratic irrational number is an irrational number that is the solution to some quadratic equation with rational coefficients which is irreducible over the rational numbers. Since fractions in the coefficients of a quadratic equation can be cleared by multiplying both sides by their least common denominator, a quadratic irrational is an irrational root of some quadratic equation with integer coefficients. The quadratic irrational numbers, a subset of the complex numbers, are algebraic numbers of degree 2, and can therefore be expressed as

The quadratic sieve algorithm (QS) is an integer factorization algorithm and, in practice, the second-fastest method known. It is still the fastest for integers under 100 decimal digits or so, and is considerably simpler than the number field sieve. It is a general-purpose factorization algorithm, meaning that its running time depends solely on the size of the integer to be factored, and not on special structure or properties. It was invented by Carl Pomerance in 1981 as an improvement to Schroeppel's linear sieve.

Pollard's rho algorithm for logarithms is an algorithm introduced by John Pollard in 1978 to solve the discrete logarithm problem, analogous to Pollard's rho algorithm to solve the integer factorization problem.

In mathematics, Hensel's lemma, also known as Hensel's lifting lemma, named after Kurt Hensel, is a result in modular arithmetic, stating that if a univariate polynomial has a simple root modulo a prime number $p$ , then this root can be lifted to a unique root modulo any higher power of $p$ . More generally, if a polynomial factors modulo $p$ into two coprime polynomials, this factorization can be lifted to a factorization modulo any higher power of $p$ .

In additive number theory, Fermat's theorem on sums of two squares states that an odd prime p can be expressed as:

In mathematics, a binary quadratic form is a quadratic homogeneous polynomial in two variables

Gauss's lemma in number theory gives a condition for an integer to be a quadratic residue. Although it is not useful computationally, it has theoretical significance, being involved in some proofs of quadratic reciprocity.

In number theory, the law of quadratic reciprocity, like the Pythagorean theorem, has lent itself to an unusually large number of proofs. Several hundred proofs of the law of quadratic reciprocity have been published.

The Tonelli–Shanks algorithm is used in modular arithmetic to solve for r in a congruence of the form r² ≡ n, where p is a prime: that is, to find a square root of n modulo p.

Cubic reciprocity is a collection of theorems in elementary and algebraic number theory that state conditions under which the congruence x³ ≡ p (mod q) is solvable; the word "reciprocity" comes from the form of the main theorem, which states that if p and q are primary numbers in the ring of Eisenstein integers, both coprime to 3, the congruence x³ ≡ p is solvable if and only if x³ ≡ q is solvable.

Quartic or biquadratic reciprocity is a collection of theorems in elementary and algebraic number theory that state conditions under which the congruence x⁴ ≡ p is solvable; the word "reciprocity" comes from the form of some of these theorems, in that they relate the solvability of the congruence x⁴ ≡ p to that of x⁴ ≡ q.

Secret sharing consists of recovering a secret $S$ from a set of shares, each containing partial information about the secret. The Chinese remainder theorem (CRT) states that for a given system of simultaneous congruence equations, the solution is unique in some $Z / n Z$ , with $n > 0$ under some appropriate conditions on the congruences. Secret sharing can thus use the CRT to produce the shares presented in the congruence equations and the secret could be recovered by solving the system of congruences to get the unique solution, which will be the secret to recover.

In computational number theory, Cipolla's algorithm is a technique for solving a congruence of the form

In algebraic number theory the n-th power residue symbol is a generalization of the (quadratic) Legendre symbol to n-th powers. These symbols are used in the statement and proof of cubic, quartic, Eisenstein, and related higher reciprocity laws.

In algebraic number theory Eisenstein's reciprocity law is a reciprocity law that extends the law of quadratic reciprocity and the cubic reciprocity law to residues of higher powers. It is one of the earliest and simplest of the higher reciprocity laws, and is a consequence of several later and stronger reciprocity laws such as the Artin reciprocity law. It was introduced by Eisenstein, though Jacobi had previously announced a similar result for the special cases of 5th, 8th and 12th powers in 1839.

In number theory, Berlekamp's root finding algorithm, also called the Berlekamp–Rabin algorithm, is the probabilistic method of finding roots of polynomials over the field $with elements. The method was discovered by Elwyn Berlekamp in 1970 as an auxiliary to the algorithm for polynomial factorization over finite fields. The algorithm was later modified by Rabin for arbitrary finite fields in 1979. The method was also independently discovered before Berlekamp by other researchers.$

In mathematics, in number theory, Gauss composition law is a rule, invented by Carl Friedrich Gauss, for performing a binary operation on integral binary quadratic forms (IBQFs). Gauss presented this rule in his Disquisitiones Arithmeticae, a textbook on number theory published in 1801, in Articles 234 - 244. Gauss composition law is one of the deepest results in the theory of IBQFs and Gauss's formulation of the law and the proofs its properties as given by Gauss are generally considered highly complicated and very difficult. Several later mathematicians have simplified the formulation of the composition law and have presented it in a format suitable for numerical computations. The concept has also found generalisations in several directions.

References

↑ Adolf Kunerth, "Sitzungsberichte. Academie Der Wissenschaften" vol 78(2), 1878, p 327-338 (for quadratic equation algorithm), pp. 338–346 (for modular quadratic algorithm), available at Ernest Mayr Library, Harvard University
↑ Leonard Eugene Dickson, "History of Numbers", vol 2, pp. 382–384.

Adolf Kunerth, "Sitzungsberichte. Academie Der Wissenschaften" vol 75, II, 1877, pp. 7–58
Adolf Kunerth, "Sitzungsberichte. Academie Der Wissenschaften" vol 82, II, 1880, pp. 342–375

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Adolf Kunerth, "Sitzungsberichte. Academie Der Wissenschaften" vol 78(2), 1878, p 327-338 (for quadratic equation algorithm), pp. 338–346 (for modular quadratic algorithm), available at Ernest Mayr Library, Harvard University

[2] Leonard Eugene Dickson, "History of Numbers", vol 2, pp. 382–384.

[1]

[2]

v t e Number-theoretic algorithms
Primality tests	AKS APR Baillie–PSW Elliptic curve Pocklington Fermat Lucas Lucas–Lehmer Lucas–Lehmer–Riesel Proth's theorem Pépin's Quadratic Frobenius Solovay–Strassen Miller–Rabin
Prime-generating	Sieve of Atkin Sieve of Eratosthenes Sieve of Pritchard Sieve of Sundaram Wheel factorization
Integer factorization	Continued fraction (CFRAC) Dixon's Lenstra elliptic curve (ECM) Euler's Pollard's rho p − 1 p + 1 Quadratic sieve (QS) General number field sieve (GNFS) Special number field sieve (SNFS) Rational sieve Fermat's Shanks's square forms Trial division Shor's
Multiplication	Ancient Egyptian Long Karatsuba Toom–Cook Schönhage–Strassen Fürer's
Euclidean division	Binary Chunking Fourier Goldschmidt Newton-Raphson Long Short SRT
Discrete logarithm	Baby-step giant-step Pollard rho Pollard kangaroo Pohlig–Hellman Index calculus Function field sieve
Greatest common divisor	Binary Euclidean Extended Euclidean Lehmer's
Modular square root	Cipolla Pocklington's Tonelli–Shanks Berlekamp Kunerth
Other algorithms	Chakravala Cornacchia Exponentiation by squaring Integer square root Integer relation (LLL; KZ) Modular exponentiation Montgomery reduction Schoof Trachtenberg system
Italics indicate that algorithm is for numbers of special forms

Kunerth's algorithm

Contents

Algorithm

Example

See also

Related Research Articles

References