Modular square root of a gaussian integer

Question

Let $a$ and $x$ be Gaussian integers.

How can I calculate the value of $x$ so that $x^2 \equiv a \pmod p$ where $p$ is a regular integer prime and $p \equiv 3 \pmod 4$ ?

Example:

$a = 2 + 5i$

$p = 7$

One possible value for $x$ is

$x = 2 + 3i$

which yields

$x^2 = (2 + 3i)^2 = -5 + 12i \equiv 2 + 5i \pmod 7$,

but this value I calculated manually. How can I compute $x$ for larger values of $a$ and $p$? Is it even possible to compute this value efficiently?

With regular big integers I can just use the method described here but so far I've failed to figure out how to adapt it to work for gaussian integers.

A little help would be much appreciated.

Answer 1

You did not tell us how you first determine whether or not $a$ is a square in $\mathbf Z[i]/(p)$. Do you use quadratic reciprocity in the Gaussian integers?

The field $\mathbf Z[i]/(p)$ has order $p^2$, which is $1 \bmod 4$, and when $p \equiv 3 \bmod 4$ the field $\mathbf Z/(p)$ has order $p$. There is a huge difference between finite fields of order that is $1 \bmod 4$ and $3 \bmod 4$ when you try to compute square roots explicitly. When $\mathbf F$ is a finite field with order $q$ and $q \equiv 3 \bmod 4$, then it is trivial to write down a solution to $x^2 = a$ in $\mathbf F$ when you already know that $a$ is a nonzero square: $a$ being a square in $\mathbf F^\times$ is equivalent to $a^{(q-1)/2} = 1$ in $\mathbf F$, and that implies $a^{(q+1)/4}$ is a square root of $a$ because $$ (a^{(q+1)/4})^2 = a^{(q+1)/2} = a^{(q-1)/2}a = a. $$ For finite fields with odd order that is $1 \bmod 4$, this trick fails to work and you need more serious ideas. Read about the Tonelli-Shanks algorithm and Cipolla's algorithm as two ways to solve $x^2 \equiv a \bmod p$ in $\mathbf Z$ when we already know that $a$ is a square in $\mathbf Z/(p)$. These two algorithms can be adapted to any finite field with odd order.