In [1]:
mod = 101

In [3]:
(19 + 82) % mod


0

In [4]:
(77 + 20) % mod

97

In [5]:
(97 + 4) % mod

0

In [6]:
(43 + 44) % mod

87

In [7]:
(18 + 77 + 82 + 19 + 20 + 43 + 44 + 4 + 97) % mod

0

In [15]:
%%time
# Implementation of the Tonelli-Shanks algoritm as described at:
# https://en.wikipedia.org/wiki/Tonelli-Shanks_algorithm



# Determines if n is a quadratic residue of an
# odd prime p by using Euler's criterion.
def is_quadratic_residue(n,p):
	if n % p == 0:
		return True
	return pow(n, (p - 1)//2, p) == 1


# Given an odd prime p and integer n, this is an algorithm to
# find a mod-p square root of n when possible
def tonelli_shanks(n, p):
	# Case when p|n, so n=0(mod p). The square root of 0 is 0.
	if n % p == 0:
		return 0

	# So assume n is coprime to p.
	# Use Eulers criteria to see if n is a quadratic residue.
	if not is_quadratic_residue(n, p):
		print("This value of n is not a quadratic residue.")
		return None
	else:
		print("This value of n is a quadratic residue.")

	# If p=3(mod 4) and since we know that n is a quadratic residue
	# we can get the square root right now and be done.
	if p % 4 == 3:
		return pow(n, (p + 1)//4, p)

	# So now p=1(mod 4) but this is not used in the algorithm.
	# Write p - 1 = (2^S)Q
	Q = p - 1
	S = 0
	while Q % 2 == 0:
		S += 1
		Q //= 2
	print("Q=", Q)
	print("S=", S)

	# Find a quadratic non-residue of p by brute force search
	z = 2
	while is_quadratic_residue(z, p):
		z += 1
	print("z=", z)

	# Initialize variables
	M = S
	c = pow(z, Q, p)
	t = pow(n, Q, p)
	R = pow(n, (Q + 1)//2, p)

	print("M=", M)
	print("c=", c)
	print("t=", t)
	print("R=", R)

	while t != 1:
		print("Loop")

		# Calculate i
		i = 0
		temp = t
		while temp != 1:
			i += 1
			temp = (temp * temp) % p
		print("i=", i)

		# Calculate b, M, c, t, R
		pow2 = 2 ** (M - i - 1)
		b = pow(c, pow2, p)
		M = i
		c = (b * b) % p
		t = (t * b * b) % p
		R = (R * b) % p
		print("b=", b)
		print("M=", M)
		print("c=", c)
		print("t=", t)
		print("R=", R)

	# We have found a square root
	return R

# Test

print(tonelli_shanks(1,3))



This value of n is a quadratic residue.
1
Wall time: 0 ns
