Computing Square Roots Faster than the Tonelli-Shanks/Bernstein Algorithm

Palash Sarkar

Paper 2020/1407

Computing Square Roots Faster than the Tonelli-Shanks/Bernstein Algorithm

Palash Sarkar

Abstract

Let $p$ be a prime such that $p = 1 + 2^{n} m$ , where $n \geq 1$ and $m$ is odd. Given a square $u$ in $Z_{p}$ and a non-square $z$ in $Z_{p}$ , we describe an algorithm to compute a square root of $u$ which requires $T + O (n^{3 / 2})$ operations (i.e., squarings and multiplications), where $T$ is the number of operations required to exponentiate an element of $Z_{p}$ to the power $(m - 1) / 2$ . This improves upon the Tonelli-Shanks (TS) algorithm which requires $T + O (n^{2})$ operations. Bernstein had proposed a table look-up based variant of the TS algorithm which requires $T + O ((n / w)^{2})$ operations and $O (2^{w} n / w)$ storage, where $w$ is a parameter. A table look-up variant of the new algorithm requires $T + O ((n / w)^{3 / 2})$ operations and the same storage. In concrete terms, the new algorithm is shown to require significantly fewer operations for particular values of .

Note: Minor revision.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Preprint. MINOR revision.
Keywords: square root Tonelli-Shanks algorithm table look-up
Contact author(s): palash @ isical ac in
History: 2021-11-29: last of 7 revisions; 2020-11-15: received; See all versions
Short URL: https://ia.cr/2020/1407
License: CC BY

BibTeX

@misc{cryptoeprint:2020/1407,
      author = {Palash Sarkar},
      title = {Computing Square Roots Faster than the Tonelli-Shanks/Bernstein Algorithm},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1407},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1407}
}