Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?

Charles Greathouse on Tue, 01 Oct 2024 15:52:12 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?

To: hermann@stamm-wilbrandt.de
Subject: Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
From: Charles Greathouse <crgreathouse@gmail.com>
Date: Tue, 1 Oct 2024 09:51:57 -0400
Cc: Loïc Grenié <loic.grenie@gmail.com>, pari-users@pari.math.u-bordeaux.fr
Delivery-date: Tue, 01 Oct 2024 15:52:12 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727790729; x=1728395529; darn=pari.math.u-bordeaux.fr; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3kbycp+sztnrT1y6fZE+0T+AAMzbmNMHB6hSlX9gNKw=; b=J5sMCXusAQ7XcEqIhzxLIghZ65w6pP/9UtzzBVF2pKCXABkW5f1IPHIXpwPKskOiz7 84Ax3Huj6y7EnzT42vCMSdoI0auKfweSTAUjzSWOh5kM1dqUnz4xa9fghkkvYArV/QXY dr0JUYDjlQBMcqI1+fp5GZuLBSfWWcXy1hxl8QMQxudIwK3iEW6GPz2nFjvanY50AaT7 lA1RmNh74KqIsVT27kzB+Yp09bCwRurapUX6MAUdd69RmzFdoEYOt1R1YH6/3IUkC+Af CN/PF9xD31H/0ZTfMPeDi9gSrMzWnYu5KMuz51FnKnpBkzuDsNkakGaN7NozGE8Y6mgY NS1g==
In-reply-to: <1cf562af92031d2a59ffd66889e18706@stamm-wilbrandt.de>
References: <a32dd9dd61e9456aab11b15d06323aef@stamm-wilbrandt.de> <CAMLkfFTe76Gh5-hueQqPDGiGsT5T2awyr_-93xXffaujT3hSbg@mail.gmail.com> <0c662ddea0500a8cc160bc9c8700de2e@stamm-wilbrandt.de> <ZvvXgdAaF1fV_4G3@math.u-bordeaux.fr> <1cf562af92031d2a59ffd66889e18706@stamm-wilbrandt.de>

Schoof’s algorithm works mod p; if you are working mod a composite, again all of your time is spent factoring.

Schoof’s algorithm isn’t practical compared to Berlekamp or whatever sorcery PARI does under the hood. Its advantage is that it doesn’t need a nonresidue, which are easy to find in practice and with high probability, but without strong hypotheses we can’t probably find in polynomial time.

On Tue, Oct 1, 2024 at 9:38 AM <hermann@stamm-wilbrandt.de> wrote:

On 2024-10-01 13:05, Karim Belabas wrote:
> Note that 100% of computing time is spent factoring the modulus. If
> many
> square roots must be computed for the same modulus, then the
> factorization
> should be precomputed.
>
Thanks.

The "100% of computing time is spent factoring the modulus" can be seen
by these runtimes for 59-, 79- and 100-digit RSA numbers on AMD 7950X
CPU:

2s, 2:24min, 6:16h

Mathworld page on qudratic residue mentions a polynomial time algorithm:
https://mathworld.wolfram.com/QuadraticResidue.html

Schoof (1985) gives an algorithm for finding x with running time
O(ln^{10} n) (Hardy et al. 1990).
The congruence can solved by the Wolfram Language command PowerMod[q,
1/2, p].

Since "PowerMod[]" is much slower than PARI/GP "issquare()" they likely
did not implement
that polynomial time (10th power though) algorithm.

Regards,

Hermann.

References:
- What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
  - From: hermann@stamm-wilbrandt.de
- Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
  - From: Loïc Grenié <loic.grenie@gmail.com>
- Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
  - From: hermann@stamm-wilbrandt.de
- Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
  - From: Karim Belabas <Karim.Belabas@math.u-bordeaux.fr>
- Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
  - From: hermann@stamm-wilbrandt.de

Prev by Date: Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
Next by Date: Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
Previous by thread: Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
Next by thread: Re: What is the Mathematica "PowerMod[a, 1/2, m]" equivalent in PARI/GP?
Index(es):
- Date
- Thread