Solving the general quadratic congruence. y 2 Δ (mod p),

Similar documents
Quadratic Congruences, the Quadratic Formula, and Euler s Criterion

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Part II. Number Theory. Year

Rational Points on Conics, and Local-Global Relations in Number Theory

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Math 430 Midterm II Review Packet Spring 2018 SOLUTIONS TO PRACTICE PROBLEMS

Introduction to Number Theory

THESIS. Presented in Partial Fulfillment of the Requirements for the Degree Master of Science in the Graduate School of The Ohio State University

School of Mathematics

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

x 2 a mod m. has a solution. Theorem 13.2 (Euler s Criterion). Let p be an odd prime. The congruence x 2 1 mod p,

Quasi-reducible Polynomials

Elementary Number Theory MARUCO. Summer, 2018

Notes on Primitive Roots Dan Klain

The Jacobi Symbol. q q 1 q 2 q n

a mod a 2 mod

Elementary Number Theory Review. Franz Luef

M381 Number Theory 2004 Page 1

a mod a 2 mod

Predictive criteria for the representation of primes by binary quadratic forms

MATH 310: Homework 7

Public-key Cryptography: Theory and Practice

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Primitive Digraphs with Smallest Large Exponent

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

Math 314 Course Notes: Brief description

A First Look at the Complex Modulus

joint with Katherine Thompson July 29, 2015 The Wake Forest/Davidson Experience in Number Theory Research A Generalization of Mordell to Ternary

x 9 or x > 10 Name: Class: Date: 1 How many natural numbers are between 1.5 and 4.5 on the number line?

FACTORIZATION AND THE PRIMES

Number Theory. Final Exam from Spring Solutions

Wilson s Theorem and Fermat s Little Theorem

Applied Cryptography and Computer Security CSE 664 Spring 2018

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

ASSIGNMENT Use mathematical induction to show that the sum of the cubes of three consecutive non-negative integers is divisible by 9.

Necessary and Sufficient Conditions for the Central Norm to Equal 2 h in the Simple Continued Fraction Expansion of 2 h c for Any Odd Non-Square c > 1

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

A Guide to Arithmetic

MATH 115: ERRATA IN ELEMENTARY NUMBER THEORY, FOURTH EDITION BY KENNETH H. ROSEN

Quadratic reciprocity and the Jacobi symbol Stephen McAdam Department of Mathematics University of Texas at Austin

CHAPTER 3. Congruences. Congruence: definitions and properties

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Quadratic Residues, Quadratic Reciprocity. 2 4 So we may as well start with x 2 a mod p. p 1 1 mod p a 2 ±1 mod p

The primitive root theorem

G. Eisenstein, 2. Applications of algebra to transcendental arithmetic.

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

IRREDUCIBILITY TESTS IN F p [T ]

Part V. Chapter 19. Congruence of integers

MTH 346: The Chinese Remainder Theorem

Number Theory and Algebra: A Brief Introduction

Mathematics for Cryptography

Summary Slides for MATH 342 June 25, 2018

MATH 115, SUMMER 2012 LECTURE 12

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

(Primes and) Squares modulo p

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

THUE S LEMMA AND IDONEAL QUADRATIC FORMS

Number Theory. Henry Liu, 6 July 2007

198 VOLUME 46/47, NUMBER 3

Introduction to Information Security

MATH 537 Class Notes

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

22. The Quadratic Sieve and Elliptic Curves. 22.a The Quadratic Sieve

Lecture 2. The Euclidean Algorithm and Numbers in Other Bases

LECTURE NOTES IN CRYPTOGRAPHY

CSE 20: Discrete Mathematics

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

ENTRY NUMBER THEORY. [ENTRY NUMBER THEORY] Authors: Oliver Knill: 2003 Literature: Hua, introduction to number theory.

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

Basic Algorithms in Number Theory

MATH 115, SUMMER 2012 LECTURE 4 THURSDAY, JUNE 21ST

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

LEGENDRE S THEOREM, LEGRANGE S DESCENT

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

3.2 Solving linear congruences. v3

Number Theory Homework.

On a special case of the Diophantine equation ax 2 + bx + c = dy n

Solving Quadratic Equations by Formula

Math 223, Spring 2009 Final Exam Solutions

THUE S LEMMA AND IDONEAL QUADRATIC FORMS

SQUARE PATTERNS AND INFINITUDE OF PRIMES

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

The Impossibility of Certain Types of Carmichael Numbers

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

Integers and Division

Modulus. Peter Martinson

ORDERS OF UNITS IN MODULAR ARITHMETIC

Number Theory Math 420 Silverman Exam #1 February 27, 2018

LECTURE 2 FRANZ LEMMERMEYER

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Number Theory Proof Portfolio

History of Mathematics

Notes on Continued Fractions for Math 4400

CSE 20 DISCRETE MATH. Winter

Carmen s Core Concepts (Math 135)

Equivalence of Pepin s and the Lucas-Lehmer Tests

CS 514, Mathematics for Computer Science Mid-semester Exam, Autumn 2017 Department of Computer Science and Engineering IIT Guwahati

ECEN 5022 Cryptography

Transcription:

Quadratic Congruences Solving the general quadratic congruence ax 2 +bx + c 0 (mod p) for an odd prime p (with (a, p) = 1) is equivalent to solving the simpler congruence y 2 Δ (mod p), where Δ = b 2 4ac (the discriminant of the quadratic); further, x and y are related by the linear congruence y 2ax +b (mod p). (Since (2a, p) = 1, we can recover x once we find y.) The same line of argument works for arbitrary modulus m, as long as (2a,m) = 1. (Notice that we did not use the fact that p was prime above!) So solving quadratic congruences can be reduced to the consideration of the simple quadratic congruence (*) x2 a (modm). We say that a is a quadratic residue (resp. nonresidue) if (*) is (resp. is not) solvable.

But if m has prime factorization p 1 e 1 p 2 e 2 p k e k, then by the CRT, (*) is equivalent to the system of congruences (**) x 2 e a (mod p 1 1 ) x 2 e a (mod p 2 2 ) x 2 e a (mod p k k ) Further, each of these congruences in (**) is controlled by means of the Lifting Theorem: since the underlying polynomial whose roots we are searching for is f (x) = x 2 a, and f (x) = 2x, we will always have p / f (x 0 ) = 2x 0 for any potential solution x 0 (none of the p s equals 2 as (2a,m) = 1), thus each solution to the congruence x 2 a (mod p) will lift to a unique solution to x 2 a (mod p e ), for any e. This focuses our attention finally on the fundamental case x 2 a (mod p), p an odd prime. Earlier we showed that x 2 a (mod p) has only one solution a 0 (mod p), which is not the case here since (2a,m) = 1 (2a, p) = 1 p / a. But by Lagrange s Theorem, x 2 a (mod p) can have at most 2 solutions.

So either x 2 a (mod p) has 2 solutions when a is a quadratic residue mod p, or x 2 a (mod p) has no solutions when a is a quadratic nonresidue mod p. Working back through the analysis, it follows that (**) can have no solutions if any one of the congruences x 2 a (mod p i ) fails to have a solution. If all the congruences in (**) are solvable, they will have exactly two solutions each, whence the system will have 2 k solutions mod m. This leaves us with the problem of solving the fundamental congruence x 2 a (mod p): how does one tell whether a is a quadratic residue, and if so, how does one compute a square root of a mod p? Proposition Exactly half of the p 1 residue classes in U p are quadratic residues (p an odd prime). In fact, where a is a primitive root mod p, the even powers, a 2,a 4,,a p 1 (= 1), are the quadratic residues, and the odd powers, a 1,a 3,,a p 2, are the quadratic nonresidues mod p. Proof The residue classes in U p correspond to the powers a 1,a 2,,a p 1 (= 1) of a; a k is a quadratic residue iff a k (a n ) 2 (mod p) for some n, 1 n p 1, iff k 2n(mod( p 1)). But p 1 is even, so k is even iff a k is a quadratic residue. Exactly half the numbers between 1 and p 1 are even. //

Corollary Let p be an odd prime. (1) The product of two quadratic residues mod p is a quadratic residue. (2) The product of two quadratic nonresidues mod p is a quadratic residue. (3) The product of a quadratic residue and a quadratic nonresidue is a quadratic nonresidue. Proof Let a be a primitive root mod p. Then x is a quadratic residue iff it is congruent to 0 or an even power of a, and is a quadratic nonresidue iff it is an odd power of a. The result follows, since multiplying powers of a corresponds to adding exponents. // In 1798, a few years before the publication of Gauss Disquisitiones Arithmeticae, Adrien-Marie Legendre introduced the following notation in his Essai sur la theorie des nombres to deal with the study of quadratic residues: If p is an odd prime, the Legendre symbol a is defined to be 0 if p a, 1 if a is a quadratic residue mod p that is not divisible by p, and 1 iff a is a quadratic nonresidue mod p. The corollary we just proved allows us to say that the Legendre symbol is multiplicative:

Proposition Let p be an odd prime. Then (1) a b (mod p) a = b p ab (2) = a b p p Proof Immediate. // An important benefit of this notation is the way it simplifies the determination of quadratic residues mod p. In particular, if n has prime factorization q 1 e 1 q 2 e 2 q k e k, then n = q 1 e 1 q 2 p e 2 q k so we need only worry about the determination of Legendre symbols of the form 1 2,, and q, where q is an odd prime. One way to resolve this is through Theorem (Euler s Criterion) If p is an odd prime and a is prime to p, then a a ( p 1)/2 (mod p). e k

Proof Let g be a primitive root mod p. If a is a quadratic residue, then a g 2k (mod p) for some k and a ( p 1)/ 2 (g 2k ) ( p 1)/2 (g p 1 ) k 1 a (mod p). If p a is a quadratic nonresidue, then a g 2k+1 (mod p) for some k and // a ( p 1)/ 2 (g 2k+1 ) ( p 1)/2 (g p 1 ) k g ( p 1)/ 2 g ( p 1)/ 2 1 a (mod p) p We can also work out the Legendre symbol computation for 1 with ease: Corollary Let p be an odd prime. Then 1 p (mod 4) Proof ( 1) ( p 1)/2 is 1 p 1 (mod 4). //

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback