Unit 31 March 28, 2011 1 Quadratic Residues

∗ An element a ∈ Zn is a quadratic residue mod n if there is ∗ 2 an x ∈ Zn such that x ≡ a (mod n).

Let QR(n) denote the set of quadratic residues modulo n.

∗ The quadratic residue problem: Given a ∈ Zn, determine whether a ∈ QR(n).

c 2011 Clifford Bergman Unit 31 March 28, 2011 2

Example: with n = 15 k: 1 2 4 7 8 11 13 14 k2 : 1 4 1 4 4 1 4 1

So QR(15) = {1, 4}

c 2011 Clifford Bergman Unit 31 March 28, 2011 3

Prime moduli

∗ Theorem: Let p be an odd prime, a ∈ Zp. 1. a ∈ QR(p) ⇐⇒ a(p−1)/2 ≡ 1 (mod p).

2. a has either 0 or 2 square roots.

Thus the quadratic residue problem is easy to solve modulo a prime.

c 2011 Clifford Bergman Unit 31 March 28, 2011 4

∗ Suppose p ≡ 3 (mod 4). Then for every a ∈ Zp, a ∈ QR(p) ⇐⇒ −a ∈/ QR(p).

Thus (when p ≡ 3 (mod 4)) every quadratic residue has a unique square root which is also a quadratic residue. The principal square root.

In fact, the principal square root of a is a(p+1)/4

c 2011 Clifford Bergman Unit 31 March 28, 2011 5

Composite moduli

Let p and q be distinct odd primes. n = pq. a ∈ QR(n) ⇐⇒ a % p ∈ QR(p)& a % q ∈ QR(q).

Note that if n = pq then every quadratic residue has 4 square roots.

More generally, if we know the factorization of n, then the quadratic residue problem is easy.

Converse?

c 2011 Clifford Bergman Unit 31 March 28, 2011 6

Theorem: Let n be an odd integer. There is an easily a
computable quantity n ∈ {−1, 0, 1} such that a = 0 ⇐⇒ gcd(a, n) 6= 1 n a = −1 =⇒ a ∈/ QR(n) n a = 1 =⇒ ??? n

The Jacobi symbol

c 2011 Clifford Bergman Unit 31 March 28, 2011 7

a When p is prime, = a(p−1)/2 % p. p

For n = p1 · p2 ··· pk (not necessarily distinct) we define a  a   a   a  = · ··· . n p1 p2 pk

Example:

 66  66 66 66 = · · = 175 5 5 7 [1(5−1)/2 % 5]2 · 3(7−1)/2 % 7 = −1.

c 2011 Clifford Bergman Unit 31 March 28, 2011 8

Computing the Jacobi symbol

m m % n 1. = n n ( 2 1 if n ≡ ±1 (mod 8) 2. = n −1 if n ≡ ±3 (mod 8) uv uv 3. = n n n

c 2011 Clifford Bergman Unit 31 March 28, 2011 9

Gauss’ law of quadratic reciprocity: if m is odd then   n  − if m ≡ n ≡ 3 (mod 4) m  m 4. = n  n   otherwise  m

c 2011 Clifford Bergman Unit 31 March 28, 2011 10

Example:

 66   2  33   33  =3 =2 1 · 175 175 175 175 175 10  2  5   5  =4 =1 =3 =2 1 =4 33 33 33 33 33 33 3 5 2 =1 =4 =1 =2 −1 5 5 3 3

c 2011 Clifford Bergman Unit 31 March 28, 2011 11

Let  a  QR(f n) = a ∈ ∗ : = 1 & a ∈/ QR(n) Zn n “pseudosquares modulo n”.

Sharper statement of the quadratic residue problem:

a
Given an odd n with n = 1, determine whether a ∈ QR(n) or a ∈ QR(f n).

c 2011 Clifford Bergman Unit 31 March 28, 2011 12

Open problem: Is the quadratic residue problem easier than factoring?

Assumption: No

c 2011 Clifford Bergman Unit 31 March 28, 2011 13 Coin-tossing By Email

Alice and Bob communicate only by email. They wish to toss a coin. Assume they don’t trust each other.

c 2011 Clifford Bergman Unit 31 March 28, 2011 14

Alice picks primes p and q, n = pq, m ∈ QR(f n). Tells n, m to Bob.

1 ∗ Alice picks random r ∈ Zn and tosses coin c ∈ {0, 1}. Sends z = mc r 2 % n to Bob. 2 Bob calls “heads” (i.e. c = 0) or “tails” (c = 1) 3 Alice announces result and sends p, q, r, c to Bob.

c 2011 Clifford Bergman