How can I find out whether a number is a quadratic residue in a large modulo?

Question

Without strenuous arithmetic.

Is there a program I can download to do so?

What are the quadratic residues modulo $5^4$ or $5^5$?

Thanks!

Answer 1

If you want to know the squares modulo $p^m$ where $p$ is an odd prime, they are congruent to $0$ or to numbers $a p^{2k}$ where $0\le k < m/2$ and the Legendre symbol $\left(\frac ap\right)=1$. For large primes $p$, Legendre symbols can be calculated by regarding them as Jacobi symbols and using the law of quadratic reciprocity for Jacobi symbols.

I don't regard $5$ as a large prime. :-)

Answer 2

The Euler criterion is easily generalized to yield the following test for squareness $\!\rm\bmod n$.

Theorem $\ $ Let $\rm\ a,\:n\:$ be integers, with $\rm\:a\:$ coprime to $\rm\:n\ =\ 2^e p_1^{e_1}\cdots p_k^{e_k},\, \ p_i\,$ primes.

$\rm\quad\quad \ x^2\ =\ a\pmod{n}\, $ is solvable for $\rm\:x\:$

$\rm\quad\quad \: \iff\ \ \: a^{(p_i\ -\ 1)/2} \ \ \equiv\ \ 1\ \ (mod\ p_i)\quad\quad\ \ $ for all $\rm\ i\le k$

$\quad\quad\ $ and $\rm\quad\ \ e>1 \:\Rightarrow\: a\equiv 1\ \ (mod\ 2^{2+\delta}\:),\ \ \ \delta = 1\ \ if\ \ e\ge 3\ \ else\ \ \delta = 0$

Proof: See Ireland and Rosen, A Classical Introduction to Modern Number Theory, Proposition 5.1.1 p. 50.

The above criterion is practical if one knows a full factorization of $\rm\:n\:$, since the exponentiations may be quickly computed by repeated squaring.

Beware $\ $ The criterion cannot be expressed equivalently as a simple Jacobi symbol calculation. For example we have $\rm(8|15) = 1\ $ but $8$ is not a square (mod $15$).

Answer 3

For completeness, i.e. to cover the cases where $\gcd(a, n) > 1$ or where $n$ is even, you need to put together the other two answers posted here, so for future reference, here is some code that correctly handles all cases.

def is_quadratic_residue_mod_prime_power(a, p, e):
    """Returns whether a is a quadratic residue modulo p^e,
    where p is prime and e is a nonnegative integer."""
    a = a % (p ** e)
    if a == 0: return True
    # Peel away even powers of p
    while a % (p * p) == 0: a = a // (p * p)
    if a % p == 0: return False
    if p == 2:
        if e == 1: return True
        if a % 4 != 1: return False
        if e >= 3 and a % 8 != 1: return False
        return True
    else: # Euler's criterion
        return power_mod(a, (p - 1)//2, p) == 1
def is_quadratic_residue(a, n):
    """Returns whether a is a quadratic residue mod n,
    where a is any integer and n is any nonzero integer."""
    assert n != 0
    if n < 0: n = -n # Just added for clarity; Sage handles this.
    # Loop over prime powers p^e in the factorization of n.
    for (p, e) in factor(n):
        if not is_quadratic_residue_mod_prime_power(a, p, e):
            return False
    return True

As you can see above, it is written in Python, and further relies on two functions (which are available in Sage, but if you're using this elsewhere you'd have to implement yourself):

• a factor(n) which returns a list of pairs (p, e) such that the product of these $p_i^{e_i}$ is $n$ — for example, factor(126) returns [(2,1), (3,2), (7,1)] because $126 = 2^1 3^2 7^1$.

• a power_mod(x, n, p) that returns $x^n \bmod p$. This is easy to implement yourself using repeated squaring.

• it relies on the fact that a % m always returns a positive result when m is positive, even if a is negative. This is how Python does it, but if you're using one of the languages that do it differently, you may have to change some of the definitions (not a big deal; instead of x % m != 1 you can check (x - 1) % m != 0).

---

A sidenote: you may wonder whether it's possible to answer whether $a$ is a quadratic residue mod $n$, without factoring $n$. If it were possible to do so and also find a square root when $a$ is a quadratic residue, then this would give an algorithm for factoring: pick random $x$ and ask whether $x^2 \bmod n$ is a quadratic residue; if you get a square root $y$ then with probability $1/2$ the fact that $x^2 \equiv y^2 \pmod n$ gives a nontrivial factorization of $n$ by taking $\gcd(n, x-y)$. For only answering yes or no (the quadratic residuosity problem), it is believed to be hard as well (not known whether it is equivalent to factoring, and not known to be easier than factoring).