Abstract
<p style='text-indent:20px;'>Let <inline-formula><tex-math id="M1">\begin{document}$ p $\end{document}</tex-math></inline-formula> be a prime such that <inline-formula><tex-math id="M2">\begin{document}$ p = 1+2^nm $\end{document}</tex-math></inline-formula>, where <inline-formula><tex-math id="M3">\begin{document}$ n\geq 1 $\end{document}</tex-math></inline-formula> and <inline-formula><tex-math id="M4">\begin{document}$ m $\end{document}</tex-math></inline-formula> is odd. Given a square <inline-formula><tex-math id="M5">\begin{document}$ u $\end{document}</tex-math></inline-formula> in <inline-formula><tex-math id="M6">\begin{document}$ \mathbb{Z}_p $\end{document}</tex-math></inline-formula> and a non-square <inline-formula><tex-math id="M7">\begin{document}$ z $\end{document}</tex-math></inline-formula> in <inline-formula><tex-math id="M8">\begin{document}$ \mathbb{Z}_p $\end{document}</tex-math></inline-formula>, we describe an algorithm to compute a square root of <inline-formula><tex-math id="M9">\begin{document}$ u $\end{document}</tex-math></inline-formula> which requires <inline-formula><tex-math id="M10">\begin{document}$ \mathfrak{T}+O(n^{3/2}) $\end{document}</tex-math></inline-formula> operations (i.e., squarings and multiplications), where <inline-formula><tex-math id="M11">\begin{document}$ \mathfrak{T} $\end{document}</tex-math></inline-formula> is the number of operations required to exponentiate an element of <inline-formula><tex-math id="M12">\begin{document}$ \mathbb{Z}_p $\end{document}</tex-math></inline-formula> to the power <inline-formula><tex-math id="M13">\begin{document}$ (m-1)/2 $\end{document}</tex-math></inline-formula>. This improves upon the Tonelli-Shanks (TS) algorithm which requires <inline-formula><tex-math id="M14">\begin{document}$ \mathfrak{T}+O(n^{2}) $\end{document}</tex-math></inline-formula> operations. Bernstein had proposed a table look-up based variant of the TS algorithm which requires <inline-formula><tex-math id="M15">\begin{document}$ \mathfrak{T}+O((n/w)^{2}) $\end{document}</tex-math></inline-formula> operations and <inline-formula><tex-math id="M16">\begin{document}$ O(2^wn/w) $\end{document}</tex-math></inline-formula> storage, where <inline-formula><tex-math id="M17">\begin{document}$ w $\end{document}</tex-math></inline-formula> is a parameter. A table look-up variant of the new algorithm requires <inline-formula><tex-math id="M18">\begin{document}$ \mathfrak{T}+O((n/w)^{3/2}) $\end{document}</tex-math></inline-formula> operations and the same storage. In concrete terms, the new algorithm is shown to require significantly fewer operations for particular values of <inline-formula><tex-math id="M19">\begin{document}$ n $\end{document}</tex-math></inline-formula>.</p>
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callSimilar Papers
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
