0

I have very large integers $m$, where ( $\log_2(m)> 630$), and I need to find square roots modulo m. I am aware of several theorems that allow me to find the roots $\mod m$ when m is a power of a prime, or can be factored into a product of powers of primes. Those theorems are applied, the roots are found for each prime tower $p_i^k$ of $m$ and then the Chinese Remainder Theorem is applied and voila, done.

But, some of my $m's$ don't factor even after a few minutes, and they all test negative for primality. I am using sympy and gmpy2 in python to do all this.

How can I find $x$ when I know $a$ and $m$ in $$x^2 \equiv a \mod m$$ but can't factor $m$?

Anything beyond trial and error in randomly selecting $x$ and then checking helps.

ReverseFlowControl
  • 1,074
  • 7
  • 20
  • 3
    I do not think that such a congruence can be found efficiently if the prime factorization of $m$ is unknown. If we could get all solutions in an efficient way, we could also factor $m$ efficiently which is believed not to be the case. – Peter Dec 04 '21 at 12:25
  • There is no known efficient algorithm. In some models of computation it is equivalent to factoring, viz. apply the sqrt algorithm to random squares till you get a nontrivial square root, which splits $m$ into nontrivial factors. For more see Emil Jeřábek, Integer factoring and modular square roots, JCSS, 2016. – Bill Dubuque Dec 04 '21 at 13:31

0 Answers0