prove a sum of two squares algorithm works

Question

I was wondering how to prove the following sum of two squares algorithm works. Let $p$ be a prime congruent to $1$ mod $4$.

1. Find a nonzero quadratic nonresidue $a$ modulo $p$.
2. Find $r\in \{0,\cdots, p-1\}$ so that $r\equiv a^{(p-1)/4}\mod p.$
3. Write the GCD of $p$ and $r-i$ in the form $x +iy$ (where the GCD is in $\mathbb{Z}[i]$).
4. Output $x,y$.

The algorithm's output satisfies $x^2 + y^2 = p$, which is what I want to prove.

To prove why the algorithm works, I was thinking of using some properties of the gcd in the Gaussian integers, but I can't seem to make much progress. For instance, I know $x+iy = ap+b(r-i)$ for some $a,b\in \mathbb{Z}[i]$. Also, $\gcd(r-i, p) = \gcd(a^{(p-1)/4} - i, p)$. Perhaps it might be useful to show that $p$ is a nonzero nonunit? To show this, one would just need to find Gaussian integers $a,b$ so that $p | ab$ but $p\nmid a, b$.

Answer 1

Since $p\equiv 1\mod 4$, $p$ splits in $\mathbb{Z}$. That is, we can write $p=(x+iy)(x-iy)=x^2+y^2$. Your question is to find such factors.

Since $a$ is a quadratic non-residue, $a^{\frac{p-1}{4}}=c$, where $c^4\equiv 1\mod p$, and $c^j\not\equiv 1\mod p$ for $j<4$. Notice that $c\in \mathbb{Z}$.

By a similar argument, we have that $a^{\frac{p-1}{4}}\equiv \pm i\mod x+iy$. Since $(x+iy)$ is a prime ideal, these are the only possible solutions.

Thus $a^{\frac{p-1}{4}}-i\equiv 0\mod x+iy$. (WLOG, because if it’s $-2i$ then we will get the result by modding out by $x-iy$).

But importantly we noted that $a^{\frac{p-1}{4}}-i\equiv c-i\not\equiv 0\mod p$, because $c$ is an integer modulo $p$.

Thus use the $\gcd$ algorithm in the gcd domain $\mathbb{Z}[i]$ and you get the result: $a^{\frac{p-1}{4}}-i$ is divisible in $\mathbb{Z}[i]$ by $x+iy$ (or $x-iy$) but not $p$.