### UC Berkeley, MICS, W202-Cryptography
### Week 03 Breakout 3

### Square Roots in modulo prime using brute force 



Think about your schools days.  Which was easier on paper and pencil?  Calculating a square, essentially multiplying a number by itself, or finding a square root of a number?  

Of course in the above example, we were using real numbers, while in cryptography, we will be finding roots for two scenarios:
* square roots in modulo p where p is prime
* square roots in modulo n where n = pq, where both p and q are prime

For this breakout, we will look at the first scenario.  The next breakout will cover the second scenario.

Squaring a number, in modulo p, where p is prime, is very easy for a computer, even for large 4096 bit numbers.

Finding a square root of a number, in modulo p, where p is prime, is computationally intractible for large numbers. (Later today we will see that factoring n and finding square roots of an n are the same.)  As with RSA, 1024 bits today is considered unbreakable, while 2048 is recommended, and some even use 4096 bits.  In a previous breakout, we saw that we can break 128 bits in a couple of seconds.

In the examples below, we will use ridiculously low numbers that could easily be broken.  This is so we can learn.

We can find squares and square roots in modulo p, where p is prime, simply by looping through the integers 1..(p-1), squaring the number, and cutting it with a mod p.  If there is residue, called "quadratic residue", the quadratic residue is a square, and the integer that we squared to yield the quadratic residue is the square root.

In modulo p, where p is prime, if a square root exists, then two square roots will exist.  

Look at the example of 4 in modulo 11:

* 2^2 = 4 (mod 11)  4 is the quadratic residue when 2 is squared, so 4 is a square, and 2 is a square root of 4 in modulo 11
* 9^2 = 4 (mod 11)  4 is the quadratic residue when 9 is squared, so 4 is a square, and 9 is a square root of 4 in modulo 11

Remember that -2 (mod 11) = 9, so we can express the 2 square roots of 4 in modulo 11 as:
* square roots of 4 (mod 11) are 2 (mod 11), -2 (mod 11)
* OR square roots of 4 (mod 11) are 2 (mod 11), 9 (mod 11)

Sometimes, our calculations and proofs are easier when both are expressed as positive integers, and sometimes easier with the same integer as plus / minus.  We can express it either way, they are interchangeable.

The examples below go from 1..(p-1) for each p and find all the square roots modulo p by brute force.  Remember these are ridiculously small numbers, this brute force method is computationally intractible for large values of p.


In [1]:
from sage.all import *

In [2]:
def my_find_squares(p):
    "given p an odd prime, list all of the squares (quadratic residues) in modulo p"
    
    if p < 3:
        print ("p must be > 3")
        return
    
    if not is_prime(p):
        print ("p must be prime")
        return
    
    print ("\nSquares:\n")
    
    squares = []
    
    for i in range(1,p):
        
        print (str(i) + "^2 = " + str((i ** 2) % p) + " (mod " + str(p) + ")")
        squares.append([i,(i ** 2) % p])
        
    quadratic_residues = []
        
    for s in squares:
        quadratic_residues.append(s[1])
        
    quadratic_residues = sorted(list(set(quadratic_residues)))
        
    print ("\nSquare Roots (all shown as positive numbers):\n")
    
    for i in range(1,p):
        
        if i not in quadratic_residues:
            
            print (str(i) + " (mod " + str(p) + ") - square roots do NOT exist")
        
        else:
            
            s = str(i) + " (mod " + str(p) + ") has square roots:   "
            for sq in squares:
                if i == sq[1]:
                    s += str(sq[0]) + "   "
            print (s)
    
        
    print ("\nSquare Roots (secondary square root shown as both a positive and negative number):\n")
    
    for i in range(1,p):
        
        if i not in quadratic_residues:
            
            print (str(i) + " (mod " + str(p) + ") - square roots do NOT exist")
        
        else:  
        
            first_time = True
            s = str(i) + " (mod " + str(p) + ") has square roots:   "
            for sq in squares:
                if i == sq[1]:
                    if first_time:
                        s += str(sq[0]) + "   "
                        value = sq[0]
                        first_time = False
                    else:
                        s +=   str(sq[0]) + " = " + "-" + str(value) + " (mod " + str(p) + ")"
            print (s)
          
    print ("\nNumber of squares: " + str(len(quadratic_residues)) + " of " + str(p-1) + " = " + str((len(quadratic_residues) / (p-1)) * 100) + "%\n")

### Notice the following patterns for squares (quadratic residues) and square roots in modulo prime

Squares (modulo prime):

* Look at the pattern of squares (quadratic residues).  Note the symmetry.  The first half and second halfs are mirror images. 

* What percentage of 1..(p-1) are squares (quadratic residues)? Half of non-zeros, so, the probability an integer modulor prime is a square is 50%.

Square Roots (modulo prime): 

* Note that every square (quadratic residue) has exactly 2 square roots.

* Look at the square root of 1.  It's always 1 and (p-1) = -1 (mod p)

* Look at the square roots using the plus / minus notation.  Remember every negative number is converted to a positive number when taken modulo prime.  Do you see that it's similar to the plus / minus of square roots in the real number system?  

In [3]:
my_find_squares(3)


Squares:

1^2 = 1 (mod 3)
2^2 = 1 (mod 3)

Square Roots (all shown as positive numbers):

1 (mod 3) has square roots:   1   2   
2 (mod 3) - square roots do NOT exist

Square Roots (secondary square root shown as both a positive and negative number):

1 (mod 3) has square roots:   1   2 = -1 (mod 3)
2 (mod 3) - square roots do NOT exist

Number of squares: 1 of 2 = 50%



In [4]:
my_find_squares(7)


Squares:

1^2 = 1 (mod 7)
2^2 = 4 (mod 7)
3^2 = 2 (mod 7)
4^2 = 2 (mod 7)
5^2 = 4 (mod 7)
6^2 = 1 (mod 7)

Square Roots (all shown as positive numbers):

1 (mod 7) has square roots:   1   6   
2 (mod 7) has square roots:   3   4   
3 (mod 7) - square roots do NOT exist
4 (mod 7) has square roots:   2   5   
5 (mod 7) - square roots do NOT exist
6 (mod 7) - square roots do NOT exist

Square Roots (secondary square root shown as both a positive and negative number):

1 (mod 7) has square roots:   1   6 = -1 (mod 7)
2 (mod 7) has square roots:   3   4 = -3 (mod 7)
3 (mod 7) - square roots do NOT exist
4 (mod 7) has square roots:   2   5 = -2 (mod 7)
5 (mod 7) - square roots do NOT exist
6 (mod 7) - square roots do NOT exist

Number of squares: 3 of 6 = 50%



In [5]:
my_find_squares(11)


Squares:

1^2 = 1 (mod 11)
2^2 = 4 (mod 11)
3^2 = 9 (mod 11)
4^2 = 5 (mod 11)
5^2 = 3 (mod 11)
6^2 = 3 (mod 11)
7^2 = 5 (mod 11)
8^2 = 9 (mod 11)
9^2 = 4 (mod 11)
10^2 = 1 (mod 11)

Square Roots (all shown as positive numbers):

1 (mod 11) has square roots:   1   10   
2 (mod 11) - square roots do NOT exist
3 (mod 11) has square roots:   5   6   
4 (mod 11) has square roots:   2   9   
5 (mod 11) has square roots:   4   7   
6 (mod 11) - square roots do NOT exist
7 (mod 11) - square roots do NOT exist
8 (mod 11) - square roots do NOT exist
9 (mod 11) has square roots:   3   8   
10 (mod 11) - square roots do NOT exist

Square Roots (secondary square root shown as both a positive and negative number):

1 (mod 11) has square roots:   1   10 = -1 (mod 11)
2 (mod 11) - square roots do NOT exist
3 (mod 11) has square roots:   5   6 = -5 (mod 11)
4 (mod 11) has square roots:   2   9 = -2 (mod 11)
5 (mod 11) has square roots:   4   7 = -4 (mod 11)
6 (mod 11) - square roots do NOT exist
7 (mo

In [6]:
my_find_squares(17)


Squares:



1^2 = 1 (mod 17)
2^2 = 4 (mod 17)
3^2 = 9 (mod 17)
4^2 = 16 (mod 17)
5^2 = 8 (mod 17)
6^2 = 2 (mod 17)
7^2 = 15 (mod 17)
8^2 = 13 (mod 17)
9^2 = 13 (mod 17)
10^2 = 15 (mod 17)
11^2 = 2 (mod 17)
12^2 = 8 (mod 17)
13^2 = 16 (mod 17)
14^2 = 9 (mod 17)
15^2 = 4 (mod 17)
16^2 = 1 (mod 17)

Square Roots (all shown as positive numbers):

1 (mod 17) has square roots:   1   16   
2 (mod 17) has square roots:   6   11   
3 (mod 17) - square roots do NOT exist
4 (mod 17) has square roots:   2   15   
5 (mod 17) - square roots do NOT exist
6 (mod 17) - square roots do NOT exist
7 (mod 17) - square roots do NOT exist
8 (mod 17) has square roots:   5   12   
9 (mod 17) has square roots:   3   14   
10 (mod 17) - square roots do NOT exist
11 (mod 17) - square roots do NOT exist
12 (mod 17) - square roots do NOT exist
13 (mod 17) has square roots:   8   9   
14 (mod 17) - square roots do NOT exist
15 (mod 17) has square roots:   7   10   
16 (mod 17) has square roots:   4   13   

Square Roots (secon

In [7]:
my_find_squares(23)


Squares:

1^2 = 1 (mod 23)
2^2 = 4 (mod 23)
3^2 = 9 (mod 23)
4^2 = 16 (mod 23)
5^2 = 2 (mod 23)
6^2 = 13 (mod 23)
7^2 = 3 (mod 23)
8^2 = 18 (mod 23)
9^2 = 12 (mod 23)
10^2 = 8 (mod 23)
11^2 = 6 (mod 23)
12^2 = 6 (mod 23)
13^2 = 8 (mod 23)
14^2 = 12 (mod 23)
15^2 = 18 (mod 23)
16^2 = 3 (mod 23)
17^2 = 13 (mod 23)
18^2 = 2 (mod 23)
19^2 = 16 (mod 23)
20^2 = 9 (mod 23)
21^2 = 4 (mod 23)
22^2 = 1 (mod 23)

Square Roots (all shown as positive numbers):

1 (mod 23) has square roots:   1   22   
2 (mod 23) has square roots:   5   18   
3 (mod 23) has square roots:   7   16   
4 (mod 23) has square roots:   2   21   
5 (mod 23) - square roots do NOT exist
6 (mod 23) has square roots:   11   12   
7 (mod 23) - square roots do NOT exist
8 (mod 23) has square roots:   10   13   
9 (mod 23) has square roots:   3   20   
10 (mod 23) - square roots do NOT exist
11 (mod 23) - square roots do NOT exist
12 (mod 23) has square roots:   9   14   
13 (mod 23) has square roots:   6   17   
14 (mod 23) - s

In [8]:
my_find_squares(31)


Squares:

1^2 = 1 (mod 31)
2^2 = 4 (mod 31)
3^2 = 9 (mod 31)
4^2 = 16 (mod 31)
5^2 = 25 (mod 31)
6^2 = 5 (mod 31)
7^2 = 18 (mod 31)
8^2 = 2 (mod 31)
9^2 = 19 (mod 31)
10^2 = 7 (mod 31)
11^2 = 28 (mod 31)
12^2 = 20 (mod 31)
13^2 = 14 (mod 31)
14^2 = 10 (mod 31)
15^2 = 8 (mod 31)
16^2 = 8 (mod 31)
17^2 = 10 (mod 31)
18^2 = 14 (mod 31)
19^2 = 20 (mod 31)
20^2 = 28 (mod 31)
21^2 = 7 (mod 31)
22^2 = 19 (mod 31)
23^2 = 2 (mod 31)
24^2 = 18 (mod 31)
25^2 = 5 (mod 31)
26^2 = 25 (mod 31)
27^2 = 16 (mod 31)
28^2 = 9 (mod 31)
29^2 = 4 (mod 31)
30^2 = 1 (mod 31)

Square Roots (all shown as positive numbers):

1 (mod 31) has square roots:   1   30   
2 (mod 31) has square roots:   8   23   
3 (mod 31) - square roots do NOT exist
4 (mod 31) has square roots:   2   29   
5 (mod 31) has square roots:   6   25   
6 (mod 31) - square roots do NOT exist
7 (mod 31) has square roots:   10   21   
8 (mod 31) has square roots:   15   16   
9 (mod 31) has square roots:   3   28   
10 (mod 31) has square root

In [9]:
my_find_squares(53)


Squares:

1^2 = 1 (mod 53)
2^2 = 4 (mod 53)
3^2 = 9 (mod 53)
4^2 = 16 (mod 53)
5^2 = 25 (mod 53)
6^2 = 36 (mod 53)
7^2 = 49 (mod 53)
8^2 = 11 (mod 53)
9^2 = 28 (mod 53)
10^2 = 47 (mod 53)
11^2 = 15 (mod 53)
12^2 = 38 (mod 53)
13^2 = 10 (mod 53)
14^2 = 37 (mod 53)
15^2 = 13 (mod 53)
16^2 = 44 (mod 53)
17^2 = 24 (mod 53)
18^2 = 6 (mod 53)
19^2 = 43 (mod 53)
20^2 = 29 (mod 53)
21^2 = 17 (mod 53)
22^2 = 7 (mod 53)
23^2 = 52 (mod 53)
24^2 = 46 (mod 53)
25^2 = 42 (mod 53)
26^2 = 40 (mod 53)
27^2 = 40 (mod 53)
28^2 = 42 (mod 53)
29^2 = 46 (mod 53)
30^2 = 52 (mod 53)
31^2 = 7 (mod 53)
32^2 = 17 (mod 53)
33^2 = 29 (mod 53)
34^2 = 43 (mod 53)
35^2 = 6 (mod 53)
36^2 = 24 (mod 53)
37^2 = 44 (mod 53)
38^2 = 13 (mod 53)
39^2 = 37 (mod 53)
40^2 = 10 (mod 53)
41^2 = 38 (mod 53)
42^2 = 15 (mod 53)
43^2 = 47 (mod 53)
44^2 = 28 (mod 53)
45^2 = 11 (mod 53)
46^2 = 49 (mod 53)
47^2 = 36 (mod 53)
48^2 = 25 (mod 53)
49^2 = 16 (mod 53)
50^2 = 9 (mod 53)
51^2 = 4 (mod 53)
52^2 = 1 (mod 53)

Square Roots (all s

In [10]:
my_find_squares(97)


Squares:

1^2 = 1 (mod 97)
2^2 = 4 (mod 97)
3^2 = 9 (mod 97)
4^2 = 16 (mod 97)
5^2 = 25 (mod 97)
6^2 = 36 (mod 97)
7^2 = 49 (mod 97)
8^2 = 64 (mod 97)
9^2 = 81 (mod 97)
10^2 = 3 (mod 97)
11^2 = 24 (mod 97)
12^2 = 47 (mod 97)
13^2 = 72 (mod 97)
14^2 = 2 (mod 97)
15^2 = 31 (mod 97)
16^2 = 62 (mod 97)
17^2 = 95 (mod 97)
18^2 = 33 (mod 97)
19^2 = 70 (mod 97)
20^2 = 12 (mod 97)
21^2 = 53 (mod 97)
22^2 = 96 (mod 97)
23^2 = 44 (mod 97)
24^2 = 91 (mod 97)
25^2 = 43 (mod 97)
26^2 = 94 (mod 97)
27^2 = 50 (mod 97)
28^2 = 8 (mod 97)
29^2 = 65 (mod 97)
30^2 = 27 (mod 97)
31^2 = 88 (mod 97)
32^2 = 54 (mod 97)
33^2 = 22 (mod 97)
34^2 = 89 (mod 97)
35^2 = 61 (mod 97)
36^2 = 35 (mod 97)
37^2 = 11 (mod 97)
38^2 = 86 (mod 97)
39^2 = 66 (mod 97)
40^2 = 48 (mod 97)
41^2 = 32 (mod 97)
42^2 = 18 (mod 97)
43^2 = 6 (mod 97)
44^2 = 93 (mod 97)
45^2 = 85 (mod 97)
46^2 = 79 (mod 97)
47^2 = 75 (mod 97)
48^2 = 73 (mod 97)
49^2 = 73 (mod 97)
50^2 = 75 (mod 97)
51^2 = 79 (mod 97)
52^2 = 85 (mod 97)
53^2 = 93 (mod 97


48 (mod 97) has square roots:   40   57   
49 (mod 97) has square roots:   7   90   
50 (mod 97) has square roots:   27   70   
51 (mod 97) - square roots do NOT exist
52 (mod 97) - square roots do NOT exist
53 (mod 97) has square roots:   21   76   
54 (mod 97) has square roots:   32   65   
55 (mod 97) - square roots do NOT exist
56 (mod 97) - square roots do NOT exist
57 (mod 97) - square roots do NOT exist
58 (mod 97) - square roots do NOT exist
59 (mod 97) - square roots do NOT exist
60 (mod 97) - square roots do NOT exist
61 (mod 97) has square roots:   35   62   
62 (mod 97) has square roots:   16   81   
63 (mod 97) - square roots do NOT exist
64 (mod 97) has square roots:   8   89   
65 (mod 97) has square roots:   29   68   
66 (mod 97) has square roots:   39   58   
67 (mod 97) - square roots do NOT exist
68 (mod 97) - square roots do NOT exist
69 (mod 97) - square roots do NOT exist
70 (mod 97) has square roots:   19   78   
71 (mod 97) - square roots do NOT exist
72 (mod 

65 (mod 97) has square roots:   29   68 = -29 (mod 97)
66 (mod 97) has square roots:   39   58 = -39 (mod 97)
67 (mod 97) - square roots do NOT exist
68 (mod 97) - square roots do NOT exist
69 (mod 97) - square roots do NOT exist
70 (mod 97) has square roots:   19   78 = -19 (mod 97)
71 (mod 97) - square roots do NOT exist
72 (mod 97) has square roots:   13   84 = -13 (mod 97)
73 (mod 97) has square roots:   48   49 = -48 (mod 97)
74 (mod 97) - square roots do NOT exist
75 (mod 97) has square roots:   47   50 = -47 (mod 97)
76 (mod 97) - square roots do NOT exist
77 (mod 97) - square roots do NOT exist
78 (mod 97) - square roots do NOT exist
79 (mod 97) has square roots:   46   51 = -46 (mod 97)
80 (mod 97) - square roots do NOT exist
81 (mod 97) has square roots:   9   88 = -9 (mod 97)
82 (mod 97) - square roots do NOT exist
83 (mod 97) - square roots do NOT exist
84 (mod 97) - square roots do NOT exist
85 (mod 97) has square roots:   45   52 = -45 (mod 97)
86 (mod 97) has square root