Home Explore Help
Register Sign In
trizen
/
perl-scripts
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
perl-scripts
/
Math
/
square_root_modulo_n_tonelli-shanks.pl

square_root_modulo_n_tonelli-shanks.pl 4.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. #!/usr/bin/perl
    2. 

  2. 

  3. # Daniel "Trizen" Șuteu
    4. 

  4. # Date: 30 October 2017
    5. 

  5. # https://github.com/trizen
    6. 

  6. 

  7. # Find all the solutions to the congruence equation:
    8. 

  8. #   x^2 = a (mod n)
    9. 

  9. 

  10. # Defined for any values of `a` and `n` for which `kronecker(a, n) = 1`.
    11. 

  11. 

  12. # When `kronecker(a, n) != 1`, for example:
    13. 

  13. #
    14. 

  14. #   a = 472
    15. 

  15. #   n = 972
    16. 

  16. #
    17. 

  17. # which represents:
    18. 

  18. #   x^2 = 472 (mod 972)
    19. 

  19. #
    20. 

  20. # this algorithm may fail find all the solutions, although there exist four solutions in this case:
    21. 

  21. #   x = {38, 448, 524, 934}
    22. 

  22. 

  23. # Code inspired from:
    24. 

  24. #   https://github.com/Magtheridon96/Square-Root-Modulo-N
    25. 

  25. 

  26. use 5.020;
    27. 

  27. use warnings;
    28. 

  28. 

  29. use experimental qw(signatures);
    30. 

  30. 

  31. use List::Util qw(uniq);
    32. 

  32. use ntheory qw(factor_exp is_prime chinese forsetproduct);
    33. 

  33. use Math::AnyNum qw(:overload kronecker powmod invmod valuation ipow);
    34. 

  34. 

  35. sub tonelli_shanks ($n, $p) {
    36. 

  36. 

  37.     my $q = $p - 1;
    38. 

  38.     my $s = valuation($q, 2);
    39. 

  39. 

  40.     $s == 1
    41. 

  41.       and return powmod($n, ($p + 1) >> 2, $p);
    42. 

  42. 

  43.     $q >>= $s;
    44. 

  44. 

  45.     my $z = 1;
    46. 

  46.     for (my $i = 2 ; $i < $p ; ++$i) {
    47. 

  47.         if (kronecker($i, $p) == -1) {
    48. 

  48.             $z = $i;
    49. 

  49.             last;
    50. 

  50.         }
    51. 

  51.     }
    52. 

  52. 

  53.     my $c = powmod($z, $q, $p);
    54. 

  54.     my $r = powmod($n, ($q + 1) >> 1, $p);
    55. 

  55.     my $t = powmod($n, $q, $p);
    56. 

  56. 

  57.     while (($t - 1) % $p != 0) {
    58. 

  58. 

  59.         my $k = 1;
    60. 

  60.         my $v = $t * $t % $p;
    61. 

  61. 

  62.         for (my $i = 1 ; $i < $s ; ++$i) {
    63. 

  63.             if (($v - 1) % $p == 0) {
    64. 

  64.                 $k = powmod($c, 1 << ($s - $i - 1), $p);
    65. 

  65.                 $s = $i;
    66. 

  66.                 last;
    67. 

  67.             }
    68. 

  68.             $v = $v * $v % $p;
    69. 

  69.         }
    70. 

  70. 

  71.         $r = $r * $k % $p;
    72. 

  72.         $c = $k * $k % $p;
    73. 

  73.         $t = $t * $c % $p;
    74. 

  74.     }
    75. 

  75. 

  76.     return $r;
    77. 

  77. }
    78. 

  78. 

  79. sub sqrt_mod_n ($a, $n) {
    80. 

  80. 

  81.     $a %= $n;
    82. 

  82. 

  83.     return 0 if ($a == 0);
    84. 

  84. 

  85.     if (($n & ($n - 1)) == 0) {    # n is a power of 2
    86. 

  86. 

  87.         if ($a % 8 == 1) {
    88. 

  88. 

  89.             my $k = valuation($n, 2);
    90. 

  90. 

  91.             $k == 1 and return (1);
    92. 

  92.             $k == 2 and return (1, 3);
    93. 

  93.             $k == 3 and return (1, 3, 5, 7);
    94. 

  94. 

  95.             if ($a == 1) {
    96. 

  96.                 return (1, ($n >> 1) - 1, ($n >> 1) + 1, $n - 1);
    97. 

  97.             }
    98. 

  98. 

  99.             my @roots;
    100. 

  100. 

  101.             foreach my $s (sqrt_mod_n($a, $n >> 1)) {
    102. 

  102.                 my $i = ((($s * $s - $a) >> ($k - 1)) % 2);
    103. 

  103.                 my $r = ($s + ($i << ($k - 2)));
    104. 

  104.                 push(@roots, $r, $n - $r);
    105. 

  105.             }
    106. 

  106. 

  107.             return uniq(@roots);
    108. 

  108.         }
    109. 

  109. 

  110.         return;
    111. 

  111.     }
    112. 

  112. 

  113.     if (is_prime($n)) {    # n is a prime
    114. 

  114.         kronecker($a, $n) == 1 or return;
    115. 

  115.         my $r = tonelli_shanks($a, $n);
    116. 

  116.         return ($r, $n - $r);
    117. 

  117.     }
    118. 

  118. 

  119.     my @pe = factor_exp($n);    # factorize `n` into prime powers
    120. 

  120. 

  121.     if (@pe == 1) {             # `n` is an odd prime power
    122. 

  122. 

  123.         my $p = Math::AnyNum->new($pe[0][0]);
    124. 

  124. 

  125.         kronecker($a, $p) == 1 or return;
    126. 

  126. 

  127.         my $r = tonelli_shanks($a, $p);
    128. 

  128.         my ($r1, $r2) = ($r, $n - $r);
    129. 

  129. 

  130.         my $pk = $p;
    131. 

  131.         my $pi = $p * $p;
    132. 

  132. 

  133.         for (1 .. $pe[0][1]-1) {
    134. 

  134. 

  135.             my $x = $r1;
    136. 

  136.             my $y = invmod(2, $pk) * invmod($x, $pk);
    137. 

  137. 

  138.             $r1 = ($pi + $x - $y * ($x * $x - $a + $pi)) % $pi;
    139. 

  139.             $r2 = ($pi - $r1);
    140. 

  140. 

  141.             $pk *= $p;
    142. 

  142.             $pi *= $p;
    143. 

  143.         }
    144. 

  144. 

  145.         return ($r1, $r2);
    146. 

  146.     }
    147. 

  147. 

  148.     my @chinese;
    149. 

  149. 

  150.     foreach my $f (@pe) {
    151. 

  151.         my $m = ipow($f->[0], $f->[1]);
    152. 

  152.         my @r = sqrt_mod_n($a, $m);
    153. 

  153.         push @chinese, [map { [$_, $m] } @r];
    154. 

  154.     }
    155. 

  155. 

  156.     my @roots;
    157. 

  157. 

  158.     forsetproduct {
    159. 

  159.         push @roots, chinese(@_);
    160. 

  160.     } @chinese;
    161. 

  161. 

  162.     return uniq(@roots);
    163. 

  163. }
    164. 

  164. 

  165. say join(' ', sqrt_mod_n(993, 2048));    #=> 369 1679 655 1393
    166. 

  166. say join(' ', sqrt_mod_n(441, 920));     #=> 761 481 209 849 531 251 899 619 301 21 669 389 71 711 439 159
    167. 

  167. say join(' ', sqrt_mod_n(841, 905));     #=> 391 876 29 514
    168. 

  168. say join(' ', sqrt_mod_n(289, 992));     #=> 417 513 975 79 913 17 479 575
    169. 

  169. say join(' ', sqrt_mod_n(472, 972));     #=> 448 524
    170. 

  170. 

  171. # The algorithm works for arbitrary large integers
    172. 

  172. say join(' ', sqrt_mod_n(13**18 * 5**7 - 1, 13**18 * 5**7));    #=> 633398078861605286438568 2308322911594648160422943 6477255756527023177780182 8152180589260066051764557
    173. 

  173.