# Square roots modulo N

Sources are 

* https://minds.wisconsin.edu/bitstream/handle/1793/11024/file_1.pdf?sequence=1&isAllowed=y
* https://asecuritysite.com/encryption/jacobi
* https://asecuritysite.com/encryption/q_res
* https://asecuritysite.com/encryption/modsq

In [1]:
from Crypto.Util import number
from Crypto.Hash import SHA256
import libnum

## Modulo $N$ where $N = pq$

If a solution exists to $x^2 \equiv y \mod n$, where $n$ is the product of two primes, then $y$ is a quadratic residue mod $n$

In [2]:
def easy_sqrt_prime(N, k=1):
    """
    Returns list of k N bit prime(s) that is congruent to 3 mod 4.
    """
    primes = []
    for i in range(k):
        q = 0
        while q % 4 != 3:
            q = number.getPrime(N)
        primes.append(q)
    return primes

In [79]:
primes = easy_sqrt_prime(128, 2) # these are primes where the sqrt is easy to find
p, q = primes[0], primes[1]
n = p*q
y = number.getRandomNBitInteger(256)

In [81]:
%time
if libnum.has_sqrtmod(y, {p: 1}):
    print(f'The quadratic residuo {y} mod {p} has a square root {next(libnum.sqrtmod(y, {p: 1}))}')

if libnum.has_sqrtmod(y, {q: 1}):
    print(f'The quadratic residuo {y} mod {q} has a square root {next(libnum.sqrtmod(y, {q: 1}))}')
    
if libnum.has_sqrtmod(y, {p:1, q: 1}):
    print(next(libnum.sqrtmod(y, {p:1, q: 1})))

CPU times: user 2 µs, sys: 0 ns, total: 2 µs
Wall time: 5.72 µs
The quadratic residuo 107503068719395177855054088324446719083867320133616401147401633275393465444999 mod 176528126503887317220563372817762238051 has a square root 120387321284597132451406132544978295669
The quadratic residuo 107503068719395177855054088324446719083867320133616401147401633275393465444999 mod 305485388058091105617532626333982122163 has a square root 2839720760574330135142627600330178302
3939342245843168774200378494823930656539758729701022834172236585160139683932


In [82]:
p,q = number.getPrime(128),number.getPrime(128)
n = p*q
y = number.getRandomNBitInteger(512)

In [87]:
%time
if libnum.has_sqrtmod(y, {p: 1}):
    print(f'The quadratic residuo {y} mod {p} has a square root {next(libnum.sqrtmod(y, {p: 1}))}')

if libnum.has_sqrtmod(y, {q: 1}):
    print(f'The quadratic residuo {y} mod {q} has a square root {next(libnum.sqrtmod(y, {q: 1}))}')
    
if libnum.has_sqrtmod(y, {p:1, q: 1}):
    print(f'The quadratic residuo {y} mod {p}{q} has a square root {next(libnum.sqrtmod(y, {p:1, q: 1}))}')

CPU times: user 3 µs, sys: 0 ns, total: 3 µs
Wall time: 6.2 µs
The quadratic residuo 7846977667790728952584092768955731942520595222724435448964471785640160473850507773437624775493693496289223051754127584410241017525425878540283366171168404 mod 335125305627611444184520795802854249483 has a square root 130755080072372295486832110263226855233
The quadratic residuo 7846977667790728952584092768955731942520595222724435448964471785640160473850507773437624775493693496289223051754127584410241017525425878540283366171168404 mod 174620092990639438698951229496745760613 has a square root 103478347061535177300132987511545474097
The quadratic residuo 7846977667790728952584092768955731942520595222724435448964471785640160473850507773437624775493693496289223051754127584410241017525425878540283366171168404 mod 335125305627611444184520795802854249483174620092990639438698951229496745760613 has a square root 12890021748422692041420958698877065144674472005398372156944833302288180970105
