1

Suppose you want to prove that $\exists x \in \mathbb{Z}$ with $a \equiv x^2 \mod b$. Write $b = \prod_{i = 1}^{k} p_i^{e_i}$, the prime factorisation of $b$.

Why is the equivalent with finding solutions to $a \equiv x_i^2 \mod p_i$? How does one apply the Chinese Remainder Theorem here?

Thanks in advance!

Riley
  • 1,093
  • See for example this question and André's answer for reduction to all the moduli $p_i^{e_i}$ (using Chinese Remainder Theorem). Otherwise it does not always work. For example $x^2\equiv 3\pmod3$ is solvable byt $x^2\equiv 9\pmod 3$ is not. If $a$ is coprime to all the primes $p_i$ then you need to combine CRT and Hensel lifting. – Jyrki Lahtonen Aug 22 '15 at 10:12
  • I thought I had worked a general modular square root here once, but may be that thread got deleted (the question was IIRC bad, so that's not a loss). The best example where I used both lifting and CRT is this calculation finding square roots of $-1$ modulo $2873$. – Jyrki Lahtonen Aug 22 '15 at 10:36
  • 1
    Here is the correct version for the statement when $b$ is odd. If $2$ is one of the prime factors, then you first need to cancel as many fours as you can, and then recall that all odd squares are $\equiv1\pmod8$. A numerical example of lifting square roots module a power of two. – Jyrki Lahtonen Aug 22 '15 at 10:45
  • So a proper proof of this should use the Chinese Remainder Theorem, Hensel's lemma and the additional assumption that $b$ is not divisible by a prime squared? – Riley Aug 22 '15 at 17:19
  • It is ok for $b$ to be divisible by a square of a prime. Hensel takes care of that part. What will cause a problem is when $\gcd(b,a)$ is not a square, but non-solvability will then be easy to deduce. – Jyrki Lahtonen Aug 22 '15 at 17:23
  • 1
    The route is (assuming $\gcd(a,b)=1$): 1) Find the square roots modulo $p_i$ by whatever means you can (they may not exist, in which case you can conclude that there are no solutions). Do this for all $i$. 2) Whenever $p_i\neq2$, Hensel lifting then gives you the solutions modulo $p_i^{e_i}$. If $p_i=2$, then you need to first check solvability modulo $8$, and use Hensel from that point onwards. 3) The solutions modulo $p_i^{e_i}$ for all $i$ can then be combined to find the solutions modulo $b$. – Jyrki Lahtonen Aug 22 '15 at 17:26
  • Thanks, I will look at this more carefully tomorrow! – Riley Aug 22 '15 at 17:39

1 Answers1

1

That is because the ring $\mathbf Z/b\mathbf Z$ is isomorphic to the product of rings $\displaystyle\prod_i\mathbf Z/p_i^{e_i}\mathbf Z$.

Thus a number is a square modulo $b$ if and only if its images in each of the factors is a square.

Furthermore, Bézout's identity is the tool to go back from the set of squares modulo each of $p_i^{e_i}$ to square modulo $b$.

Some details on the workflow:

  • Suppose $x_i$ is a square modulo $p_i^{e_i}$, $x_j$ a square modulo $p_j^{e_j}$. We have to find an $x$ such that $$\begin{cases}x\equiv x_i\mod p_i^{e_i}\\x\equiv x_j\mod p_j^{e_j}\end{cases}$$ Let $\;u\mkern1mu p_i^{e_i}+v\mkern1mu p_j^{e_j}=1$ a Bézout relation between $p_i^{e_i}$ and $p_j^{e_j}$. Clearly $\;u\mkern1mu p_i^{e_i}\equiv 1\mod p_j^{e_j}$ and $\;v\mkern1mu p_j^{e_j}\equiv 1\mod p_i^{e_i}$. Hence a solution is:$$u\mkern1mu p_i^{e_i}x_j+v\mkern1mu p_j^{e_j}x_i\bmod p_i^{e_i}\mkern1mu p_j^{e_j}.$$
  • Next step: solve the system of congruences: $$\begin{cases}y\equiv x\mod p_i^{e_i}\mkern1mu p_j^{e_j}\\ y\equiv x_k\mod p_k^{e_k}\end{cases}$$
  • &c.
Bernard
  • 175,478