Available online at www.sciencedirect.

com
Available online at www.sciencedirect.com
Available online at www.sciencedirect.com

ScienceDirect
Procedia Computer Science 00 (2017) 000–000
Procedia
Procedia Computer
Computer Science
Science 11600 (2017)
(2017) 000–000
198–205 www.elsevier.com/locate/procedia
www.elsevier.com/locate/procedia

2nd International Conference on Computer Science and Computational Intelligence 2017,

2nd International Conference on Computer
ICCSCI 2017, Science
13-14 October andBali,
2017, Computational
Indonesia Intelligence 2017,
ICCSCI 2017, 13-14 October 2017, Bali, Indonesia
An
An Algorithm
Algorithm to
to Find
Find Square
Square Root
Root of
of Quadratic
Quadratic Residues
Residues over
over
Finite Fields using Primitive Elements
Finite Fields using Primitive Elements
Faisalaa , Wikaria Gazaliaa
a Mathematics
Faisal , Wikaria Gazali
Department, School of Computer Science, Bina Nusantara University, Jl. K.H. Syahdan No. 9 Palmerah, Jakarta Barat 11480,
a Mathematics Department, School of Computer Science, Bina Nusantara University, Jl. K.H. Syahdan No. 9 Palmerah, Jakarta Barat 11480,
Indonesia
Indonesia

Abstract
Abstract
Quadratic residue is an important concept in number theory because it has both theoretical and practical application in mathematics
Quadratic residue
and other areas is an
such asimportant
computer concept
science in number
and theory because
communication. it hashave
We also botha theoretical andof
same concept practical application
quadratic ingeneral
residue in mathematics
finite
and other areas such as computer science and communication. We also have a same concept of quadratic residue in general
fields. Finding a square root of a quadratic residue in finite fields is an essential problem in computational algebra. In this paper finite
we
fields.
presentFinding a square
an algorithm of root of a quadratic
computing residue
square root in finite fields
of quadratic is an
residue in essential problem
finite fields using ainprimitive
computational algebra. In this paper we
element.
present an algorithm of computing square root of quadratic residue in finite fields using a primitive element.
c 2017

© 2017 The
The Authors.
Authors. Published
Published byby Elsevier
Elsevier B.V.
B.V.
c 2017 The under

Peer-review Authors. Published by
responsibility of Elsevier B.V. committee of the 2nd International Conference on Computer Science and Com-
the scientific
scientific
Peer-review under responsibility of the committee of the 2nd International Conference on Computer Science and
Peer-review
putational under responsibility
Intelligence 2017.
Computational Intelligence 2017. of the scientific committee of the 2nd International Conference on Computer Science and Com-
putational Intelligence 2017.
Keywords: quadratic residue, square root; finite field; polynomial, primitive element.
Keywords: quadratic residue, square root; finite field; polynomial, primitive element.

1. Introduction
1. Introduction
Finding square roots of quadratic residue in finite fields is an important problems in computational algebra. It is a
Finding square
generalization roots ofsquare
of modular quadratic
rootsresidue
problem in finite fieldstheory.
in number is an important
Calculationproblems
of rootsinin computational
finite fields playsalgebra. It is a
an essential
generalization of modular square roots problem in number theory. Calculation of roots in finite fields
role in cryptosystems based on elliptic curves. Another application of computing square roots can be found in Rabin 11 plays an essential
role in cryptosystems
cryptosystem, based on elliptic
point compression curves.
in Miller 2 Another
. Let p be a application
prime number of computing
and F p be asquare roots can
finite field. If a be found in Rabin
is quadratic residue
2
cryptosystem,
∗ point compression in Miller . Let p be a prime number and 2F p be a finite field. If a is quadratic residue
in F ∗p , the square root of a is the solutions of the quadratic congruence x2 ≡ a( mod p). In the case p ≡ 3( mod 4),
in F p , the square root of a is the solutions
p+1 of the quadratic congruence x ≡ a( mod p). In the case p ≡ 3( mod 4),
we have an explicit solution x ≡ ±a p+1 4 ( mod p). For the case p ≡ 1( mod 4), no general solution is known. However,
we have an explicit solution x ≡ ±a 4 ( mod p). For the case p ≡ 1( mod 4), no general solution is known.
there are explicit solutions for computing a square root in F p when p ≡ 5( mod 8) in Cohen and Frey 33 . The remaining However,
there are explicit solutions for computing a square root
case p ≡ 1( mod 8) is non trivial. There are many probabilistic in F p when p ≡ 5( mod 8) in Cohen and Frey . The
algorithms to compute a square root in this case. Two remaining
case p ≡ 1(
classical, mod 8) is non trivial.
non-deterministic There
algorithm forare
this many
caseprobabilistic algorithms
are the Tonelli 4
-Shankstoandcompute a square
the Cipolla 5 root inalgorithms.
-Lehmer this case. Two
classical, non-deterministic algorithm for this case are the Tonelli 4 -Shanks and the Cipolla 5 -Lehmer algorithms.

∗ Corresponding author. Tel.: +62-21-534-5830 ext 2230

∗ Corresponding
E-mail address:author. Tel.: +62-21-534-5830 ext 2230
faisal@binus.edu
E-mail address: faisal@binus.edu

1877-0509  c 2017 The Authors. Published by Elsevier B.V.

1877-0509 
Peer-review c 2017responsibility
The Authors. of
Published by Elsevier B.V. of the 2nd International Conference on Computer Science and Computational Intelli-
1877-0509 ©under
2017 The Authors. the scientific
Published bycommittee
Elsevier B.V.
Peer-review
gence 2017. under responsibility of the scientific committee of the 2nd International Conference on Computer Science and Computational Intelli-
Peer-review under responsibility of the scientific committee of the 2nd International Conference on Computer Science and
gence 2017.
Computational Intelligence 2017.
10.1016/j.procs.2017.10.033
 Faisal et al. / Procedia Computer Science 116 (2017) 198–205 199
2 Faisal et al. / Procedia Computer Science 00 (2017) 000–000

Many authors have studied the square root problem in finite fields. For the case Fq with q is an odd prime power.
In P. S. L. M. Bareto and Scott 6 , they presented an algorithm that can compute square roots for q ≡ 3( mod 4) or
q ≡ 5( mod 8).
The rest of this paper organized as follows. In Section 2 we give the original theory of quadratics residue in number
theory and the basic theory of finite fields. In Section 3 we present the general quadratic residue in an finite fields.
Then, in Section 4 we explain our algorithms using primitive elements.

2. Preliminaries

2.1. Quadratic Residues

The concept of quadratic residue appears in order to determine whether the general quadratic congruence

ax2 + bx + c ≡ 0( mod m), with a  0( mod m)

has a solution or not. Suppose that p is an odd prime and a is an integer with (a, p) = 1. Recall that a is a quadratic
residue of p if (a, p) = 1 and the congruence x2 ≡ a (mod p) has a solution. If the congruence x2 ≡ a ( mod p) has no
solution, we say that a is a quadratic nonresidue of p.

Proposition 1. Let p be an odd prime. The congruence

ax2 + bx + c ≡ 0( mod p), with a  0( mod p)

has a solution if and only if

x2 ≡ b2 − 4ac( mod p)

The above proposition tells us that the solution of the general quadratic congruence is depends on whether b2 − 4ac
is quadratic residue or not. Complete characterization of quadratic residue has been found and can be studied in many
textbook of number theory. For an odd prime p, we have known the number of quadratic residues and the quadratic
nonresidues of p.

Theorem 1. For an odd prime p, the number of quadratic residues modulo p in {1, 2, . . . , p − 1} is (p − 1)/2. Hence,
the number of quadratic nonresidues in {1, 2, . . . , p − 1} is (p − 1)/2.

Proof. See Rosen 7 .

The French mathematician Adrien-Marie Legendre introduce the special notation associated with quadratic
residues.
 
Definition 1. Let p be an odd prime and a be an integer not divisible by p. The Legendre symbol ap is defined by

  

a 1
 if a is a quadratic residue of p;
=

p −1 if a is a quadratic nonresidue of p.
200 Faisal et al. / Procedia Computer Science 116 (2017) 198–205
Faisal et al. / Procedia Computer Science 00 (2017) 000–000 3

Theorem 2. [Euler’s Criterion] Let p be an odd prime and let a be a positive integer with (a, p) = 1. Then

 
a
≡ a(p−1)/2 ( mod p)
p

Proof. See Rosen 7

2.2. Finite Fields

The first study of finite fields was started by French mathematician Pierre de Fermat (1601 − 1665) in the 17th
centuries. Fermat’s work in number theory is the structure theory of special finite fields Z p . In 18th centuries, the Swiss
mathematician Leonhard Euler (1707 − 1783) continues Fermat number theoretic work and made great contributions
in study of finite fields. The German mathematician Carl Friedrich Gauss (1777 − 1855) opened the door of the idea of
general theory of finite fields by his work on the factorization of polynomial equations. Évariste Galois (1811 − 1832)
in Galois 8 laid the foundations for general finite fields. The study of finite fields became major role played by applied
mathematicians and engineers. Today many applications of finite fields can be found in mathematics, computer science
and communication theory. Recently, the importance of the theory of finite fields was shown by practical applications
in various areas such as coding theory, cryptography, algebraic geometry and number theory. For a more complete
introduction to finite fields, we refer to Herstein 9 ,Kessler 10 , Ling and Xing 11 .
An abelian group under addition that also has associative multiplication that distributes over addition is called a
ring. A ring is called an integral domain if it is a commutative ring with identity 1  0 in which ab = 0 implies a = 0
or b = 0 (i.e. no zero divisors). A unit in ring R is any element u that has an inverse element in the multiplication.
A field is a commutative ring with identity in which every nonzero element is a unit. A finite field is a field that
has a finite number of elements. An infinite field is a field that has an infinite number of elements. Throughout, we
denote by Fq a finite field with q elements. Some authors use notation GF(q) for a field of order q, where GF stands
for Galois field. This name is used in honor of Évariste Galois (1811-1832), the first person who studied the general
finite fields.
Next, we present some basic notations and properties of fields and finite fields.
A polynomial f over a field F is an expression of the form

f (x) = a0 + a1 x + a2 x2 + · · · + an xn ,

where n is a nonnegative integer, and ai ∈ F for i = 0, 1, . . . , n. A polynomial is monic if the coefficient of the highest
power of x is 1. The ring of polynomials over F, denoted by F[x], is the ring formed by the polynomials over F
together with two operation addition and multiplication of polynomials.

Theorem 3. If F is a field, then the ring of polynomials F[x] is a Euclidean domain, whence F[x] is a principal ideal
domain and a unique factorization domain.

Proof. See Hungerford 12 , chap.III

Definition 2. A polynomial f ∈ F[x] is a reducible polynomial over F if f has positive degree and f = gh with g, h
are nonconstant polynomials. Otherwise, f is an irreducible polynomial.

Theorem 4. Let f (x) be a polynomial over a field F of degree ≥ 1. Then F[x]/ f (x) is a field if and only if f (x) is
irreducible over F.

Proof. See Ling and Xing 11

Definition 3. Let f be a polynomial over a field F. An element c ∈ F is called a root of f if f (c) = 0.

 Faisal et al. / Procedia Computer Science 116 (2017) 198–205 201
4 Faisal et al. / Procedia Computer Science 00 (2017) 000–000

We can characterize polynomials that have no roots using irreducible polynomial by the following
Lemma 1. Let f be a polynomial over a field F. If f does not have roots ,then f is either irreducible polynomials or
products of irreducible polynomials.
n

In other words, if f does not have roots then f = fi where fi is an irreducible polynomial for every i =
i=1
1, 2, . . . , n.
Lemma 2. Let f be a polynomial over a field F and the degree of f is 2 or 3. A polynomial f does not have roots if
and only if f is an irreducible polynomial.
Theorem 5. A polynomial of degree n over a field has at most n roots.
Proof. See Kessler 10 .
Lemma 3. Suppose that K is an extension finite field of a field Fq containing q elements. Then K is a vector space
over Fq and |K| = qm , where m is the dimension of K views as a vector space over K.
Theorem 6. Let F be a finite field. The cardinality of F is pn , where p is a prime number and n is a positive integer.
Proof. See Ling and Xing 11 .
Lemma 4. If Fq is a finite elements with q elements and a  0 ∈ Fq , then aq = a, for all a in Fq .
Proof. See Ling and Xing 11 .
Theorem 7. For any prime p and any positive integer n, there exists a unique finite field of pn elements.
Proof. See Ling and Xing 11 .
Theorem 8. Zm is a field if and only if m is a prime.
By Theorem 7 and Theorem 8, we may assume finite field F p with p elements by Z p .
Definition 4. An element g in a finite field Fq is called primitive element of Fq if Fq = {0, g, g2 , . . . , gq−1 }.
Proposition 2. (i) A nonzero element of Fq is a primitive element if and only if its order is q − 1.
(ii) Every finite field has at least one primitive element.

Proof. See Ling and Xing 11 .

3. Quadratic Residues of Finite Fields

In this section we generalize the concept of quadratic residue in fields. The reader is referred to Kessler 10 for a
same topic of this section.
Definition 5. Let a ∈ F where F is a field. A nonzero element a is called a quadratic residue if there exists an
element x ∈ F such that

a = x2 .

If there is no such x then a is called a quadratic nonresidue.

In the field of real numbers R, the quadratic residues of R are the positive numbers {x ∈ R|x > 0}. The quadratic
residues of C are the nonzero complex numbers. The solution of quadratic residue equation of complex number field
is given in the following.
202 Faisal et al. / Procedia Computer Science 116 (2017) 198–205
Faisal et al. / Procedia Computer Science 00 (2017) 000–000 5

Proposition 3. For every z ∈ C, then there exists a complex number w ∈ C such that w2 = z. Moreover, if z = a + bi
where a, b ∈ R then the equation w2 = z has solutions w = ±(α + µβi) where

 √  √
a+ a2 + b2 −a + a2 + b2
α= , β= ,
2 2

µ = 1 if b ≥ 0 and µ = −1 if b < 0.

Proof. See Marsden and Hoffman 13

 2 
The quadratic residues of the rational number field are the ratios of perfect squares qp2 : p, q ∈ Z .
Next, we will explore the quadratic residues of any finite field Fq . We will divide our exploration of quadratic
residue of finite fields into three parts: finite fields Z p for odd prime p, finite fields F pn with p = 2 and finite fields F pn
with p is an odd prime.

3.1. Z p for odd prime p

The quadratic residues of finite field Z p is simply the quadratic residues in the congruence modulo prime number
p. Thus, the number of the quadratic residues of Z p is p−1 2 by Theorem 1. The quadratic residues of Z p can also be
characterized use Euler’s Criterion. We summarize all this in.

Proposition 4. A nonzero element a ∈ Z p is quadratic residue(nonresidue) if and only if a(p−1)/2 = 1(a(p−1)/2 = −1).
Moreover, the number of quadratic residues in Z p is p−1
2 .

Proof. Use Theorem 1 and Theorem 2.

3.2. Finite Fields F pn with p = 2

Theorem 9. The quadratic residues of finite fields F pn with p = 2 are the nonzero elements of F pn .
n
Proof. Suppose that a is a nonzero element of F2n . Using Lemma 4, we get a2 = a. It follows that

n n−1 n−1
a = a2 = a2 .2
= (a2 )2 .

Consequently, a is a quadratic residue of F2n and the theorem is proved.

Corollary 1. The number of quadratic residues of F pn with p = 2 is pn − 1.

Proof. According to Theorem 9, the number of nonzero elements F2n is 2n − 1.

3.3. Finite Fields Fq for odd prime power q

Here we generalize the preceeding result for Z p to any finite field with odd prime power elements. The idea proof
of the following is originally comes from rec 14 .

Proposition 5. Let q be an odd prime power. A nonzero element a ∈ Fq is a quadratic residue(nonresidue) if and only
if a(q−1)/2 = 1 (a(q−1)/2 = −1). Moreover, the number of quadratic residues in Fq is q−1
2 .
 Faisal et al. / Procedia Computer Science 116 (2017) 198–205 203
6 Faisal et al. / Procedia Computer Science 00 (2017) 000–000

Proof. Consider the polynomial f (x) = xq−1 − 1 in Fq [x]. Let a be a nonzero element of Fq . By Lemma 4, we have
aq = a. Equivalently, aq−1 = 1 for every a  0 ∈ Fq . It follows that every a  0 ∈ Fq is a root of the polynomial f . By
q−1 q−1
Theorem 5, we conclude that f have q − 1 roots. Since q is odd, we have that f (x) = xq−1 − 1 = (x 2 − 1)(x 2 + 1).
Now, we have

q−1 q−1
(a 2 − 1)(a 2 + 1) = f (a) = 0

q−1 q−1
Since any field has no zero divisor, we get that either a 2 − 1 = 0 or a 2 + 1 = 0. But, again by Theorem 5, both
q−1 q−1 q−1 q−1
polynomials x 2 − 1 and x 2 + 1 has at most q−1 2 roots. We conclude that both polynomials x
2 − 1 and x 2 + 1 must

have exactly q−1

2 roots.
q−1
Suppose that QR(q) is the set of quadratic residues of Fq . If a = x2 is a quadratic residue in Fq then a 2 = xq−1 = 1.
q−1
Hence, a is a root of x 2 − 1. Therefore, |QR(q)| ≤ q−1 ∗
2 . On the other hand, suppose that F q = {x ∈ F q |x  0}. If a is a
2
quadratic residue then the polynomials x − a has at most two roots by Theorem 5. Hence


q − 1 = |Fq∗ | ≤ |{x|x2 = a}| ≤ 2|QR(q)|
a∈QR(q)

q−1 q−1
We conclude that |QR(q)| = 2 and thus the set of roots of x 2 − 1 is equal to QR(q), this finishes the proof.

4. Square root of quadratic residue in finite fields

In this section we propose our algorithm to compute square root of quadratic residue in finite field using primitive
element. Consider a finite field Fq , we have that a primitive element generates all nonzero elements of Fq . Thus, we
can characterize a square root of quadratic residue in any finite field by this property. Hence, the existence of primitive
elements provides a probabilistic algorithms of computing square root problem. The correctness of our algorithm is
based on the following theorem.

Theorem 10. 1. Let Fq be a finite field with q = 2m for positive integer m. If a ∈ Fq is a quadratic residue, then
m−1
a = (a2 )2 .
2. Let Fq be a finite field with q is an odd prime power and g be an arbitrary primitive element of Fq . If a ∈ Fq is a
quadratic residue, then a = (gk )2 for some k with 1 ≤ k ≤ q−1
2 .

Proof. 1. Since a is quadratic residue, we have that a  0. By Lemma 4, we obtain that

aq = a
m
a2 = a
m−1
(a2 )2 = a

2. If g ∈ Fq is a primitive element, then Fq∗ = {g, g2 , g3 , . . . , gq−1 }. Since q − 1 is even, set E = {g2 , g4 , . . . , gq−1 }. It
follows that |E| = q−1
2 . It is clear that E ⊆ QR(q). By Proposition 5 we conclude that E = QR(q). Hence, a ∈ E
or equivalently a = g2k with 1 ≤ k ≤ q−1 2 , the proof is complete.
204 Faisal et al. / Procedia Computer Science 116 (2017) 198–205
Faisal et al. / Procedia Computer Science 00 (2017) 000–000 7

If q is an odd prime power and a is quadratic residue in Fq , then the solution of x2 = a is x = gk for some positive
integer k. The following is our complete algorithm for computing the square root in this case. In our algorithm we

Algorithm Square root for odd prime power q

Input : a ∈ Fq∗
Output An element x in Fq such that x2 = a
q−1
1: if a 2 = 1 then x is exist, false otherwise
2: Choose a primitive element g in Fq
3: g0 ← g2
4: if a = g0 then x ← g
5: else
6: k←1
7: while gk0  a do
8: k ←k+1
9: x ← gk

need to know only one primitive element in Fq . Based on Proposition 2, we give an algorithm to compute or list all
primitive element of Fq .

Algorithm List all primitive element of Fq

Input : a ∈ Fq∗
Output List of all primitive elements in Fq
1: for a in Fq∗
2: i ← 0
3: q0 ← 1
4: while q0  1 or i = 0 do
5: q0 ← q0 ∗ a
6: i←i+1
7: if i = q − 1 then a is a primitive element, false otherwise

We applied our algorithm to compute a square root in finite fields F p with p is a prime based on Python programme.
The source code of the programme is given in the following figure
 Faisal et al. / Procedia Computer Science 116 (2017) 198–205 205
8 Faisal et al. / Procedia Computer Science 00 (2017) 000–000

Fig. 1. square root in F p

Acknowledgements

This research was supported by Hibah Binus 2016. We would like to express our thank to all colleagues for giving
insight and expertise in this research. We would also like to thank Bina Nusantara University for providing the funding
of this research and for giving the opportunity to attend conference.

References

1. Rabin, M.O.. Digitized signatures and public-key functions as intractable as factorization. Technical Report 1979;:212.
2. Miller, V.S.. Use of elliptic curves in cryptography. In H C Williams, editor, Advances in Cryptology - CRYPTO 85 1985;:417–426.
3. Cohen, H., Frey, G.. Handbook of elliptic and hyperelliptic curve crytography. Chapman and Hall 2006;:pp 211.
4. Tonelli, A.. Bemerkung uber die auflosung quadratischer congruenzen. Göttinger Nachrichten 1891;:344–346.
5. Cipolla, M.. Un metodo per la risoluzione della congruenza di secondo grando. Rend Accad Sci Fis Mat 1903;9:154–163.
6. P. S. L. M. Bareto H. Y. Kim, B.L., Scott, M.. Efficient algorithms for pairing-based cryptosystems. In M Yung, editor, Advances in Cryptology
- CRYPTO 2002 2012;2442:354–368.
7. Rosen, K.. Elementary Number Theory and Its Applications. Addison-Wesley; 2011. ISBN 9780321500311.
8. Galois, E.. Sur la theorie de nombres. Bulletin des Sciences Mathematiques de Ferussac 1830;(13):428–435.
9. Herstein, I.N.. Abstract Algebra; vol. 1. New Jersey: Prentice-Hall; 1996.
10. Kessler, I.. An Exploration of Quadratic Residues in Finite Fields. 2014. URL
https://books.google.co.id/books?id=gFnooQEACAAJ.
11. Ling, S., Xing, C.. Coding Theory A first Course. New york: Cambridge University Press; 2004.
12. Hungerford, T.W.. Algebra. New york: Springer-Verlag; 1974.
13. Marsden, J., Hoffman, M.. Basic Complex Analysis. W. H. Freeman; 1999. ISBN 9780716728771.
14. Quadratic Residues. 2017. URL https://www.ti.inf.ethz.ch/ew/lehre/extremal07/recitation2.pdf.