Following the Guide to Elliptic Curve Cryptography, it provides the following elliptic curve on $E(\mathbb{F}_p)$ with $p=29$ on page 80:
$E: y^2 = x^3 + 4x + 20$
Page 81 provides a list of the points on the curve. For $x=2$ it includes the points $(2,6)$ and $(2,23)$. Let's do the calculation:
\begin{align*} x &= 2\\ y &= \pm \sqrt{x^3 + 4x + 20} \bmod 29\\ y &= \pm \sqrt{2^3 + 4 \times 2 + 20} \bmod 29\\ y &= \pm \sqrt{8 + 8 + 20} \bmod 29\\ y &= \pm \sqrt{36} \bmod 29\\ y &= \pm 6 \bmod 29\\ y_1 &= +6 \bmod 29 = 6\\ y_2 &= -6 \bmod 29 = 23\\ \end{align*}
Thus, we have the points $(2,6)$ and $(2,23)$.
Doing the same calculation for $x=3$ fails:
\begin{align*} x &= 3\\ y &= \pm \sqrt{x^3 + 4x + 20} \bmod 29\\ y &= \pm \sqrt{3^3 + 4 \times 3 + 20} \bmod 29\\ y &= \pm \sqrt{27 + 12 + 20} \bmod 29\\ y &= \pm \sqrt{59} \bmod 29\\ y &= \pm 7,68 \bmod 29 \end{align*}
This fails, since it is not an integer.
If I do the mod before the sqrt, I get the correct result for $x=3$:
$$\pm\sqrt{59 \bmod 29} = \pm\sqrt{1} = 1$$
If I do the same for $x=2$, then it fails again:
$$\pm\sqrt{36 \bmod 29} = \pm\sqrt{7} = \pm 2,64$$
Conclusion: Doing mod after sqrt breaks $x=3$, doing mod before sqrt breaks $x=2$.
Question: What do I miss respectively what am i doing wrong? Is there a special sqrt-operation for mod?
[EDIT 1]: Using Wolfram Alpha, I get the correct numbers.
- $x=2$: $y^2 = 36 \bmod 29$ $\Rightarrow y = 6$ and $y=23 \Rightarrow (2,6)$ and $(2,23)$
- $x=3$: $y^2 = 59 \bmod 29$ $\Rightarrow y = 1$ and $y=28 \Rightarrow (3,1)$ and $(3,28)$
But how does it work?
[EDIT 2]: Just found Cipolla's algorithm, which solves $x^2\equiv n \pmod{p}$.
