How can we effectively compute the sqrt of some element in the group?How to find an element of high-order in...
Please help me identify the bold slashes between staves
Confirming resignation after resignation letter ripped up
Accent on í misaligned in bibliography / citation
Rule based coloured background for labeling in QGIS
Why is less being run unnecessarily by git?
Mathematical uses of string theory
In an emergency, how do I find and share my position?
What is the best option for High availability on a data warehouse?
LeetCode: Pascal's Triangle C#
Why different interest rates for checking and savings?
Is a player able to change alignment midway through an adventure?
Is using a hyperlink to close a modal a poor design decision?
Avoiding racist tropes in fantasy
Why isn't "I've" a proper response?
I have a player who yells
Can pay be witheld for hours cleaning up after closing time?
Irish Snap: Variant Rules
Why were movies shot on film shot at 24 frames per second?
Why is my Earth simulation slower than the reality?
Can you feel passing through the sound barrier in an F-16?
How is the list of apps allowed to install another apps populated?
Why can't an Airbus A330 dump fuel in an emergency?
Are illustrations in novels frowned upon?
Is it safe to remove the bottom chords of a series of garage roof trusses?
How can we effectively compute the sqrt of some element in the group?
How to find an element of high-order in an RSA group?Generation of a cyclic group of prime orderHow to construct a hash function into a cyclic group such that its discrete log is intractable?How is the order of a point calculated for elliptic curves over GF(p)Generating Diffie-Hellman parametersHow hard is the DLP in that simple group?Number of generators of an elliptic curveGenerators and Multiplicative group $mathbb{Z_7}$
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
$begingroup$
I only know one way, if this group is a cyclic group, and we know the element can be expressed in $g^m$, then $g^{(m/2)}$ is the answer.
Another question, if $m$ is an odd number, can we be sure there is no answer?
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element = $g_1^k$?
If we don't know whether or not the group is cyclic group, the complexity to find the sqrt or to confirm such an answer not exists is as difficult as DLP ?
group-theory
edited 2 days ago
kelalaka
9,8733 gold badges26 silver badges54 bronze badges
asked 2 days ago
Ray JamesRay James
162 bronze badges
New contributor
Ray James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
I only know one way, if this group is a cyclic group, and we know the element can be expressed in $g^m$, then $g^{(m/2)}$ is the answer.
Another question, if $m$ is an odd number, can we be sure there is no answer?
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element = $g_1^k$?
If we don't know whether or not the group is cyclic group, the complexity to find the sqrt or to confirm such an answer not exists is as difficult as DLP ?
group-theory
edited 2 days ago
kelalaka
9,8733 gold badges26 silver badges54 bronze badges
asked 2 days ago
Ray JamesRay James
162 bronze badges
New contributor
Ray James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
This is a pure math question with no effort. If you now $m$ everything easy. Alos, see Rabin Cryptosystem.
$endgroup$
– kelalaka
2 days ago
add a comment |
$begingroup$
I only know one way, if this group is a cyclic group, and we know the element can be expressed in $g^m$, then $g^{(m/2)}$ is the answer.
Another question, if $m$ is an odd number, can we be sure there is no answer?
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element = $g_1^k$?
If we don't know whether or not the group is cyclic group, the complexity to find the sqrt or to confirm such an answer not exists is as difficult as DLP ?
group-theory
edited 2 days ago
kelalaka
9,8733 gold badges26 silver badges54 bronze badges
asked 2 days ago
Ray JamesRay James
162 bronze badges
New contributor
Ray James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
I only know one way, if this group is a cyclic group, and we know the element can be expressed in $g^m$, then $g^{(m/2)}$ is the answer.
Another question, if $m$ is an odd number, can we be sure there is no answer?
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element = $g_1^k$?
If we don't know whether or not the group is cyclic group, the complexity to find the sqrt or to confirm such an answer not exists is as difficult as DLP ?
group-theory
group-theory
edited 2 days ago
kelalaka
9,8733 gold badges26 silver badges54 bronze badges
asked 2 days ago
Ray JamesRay James
162 bronze badges
New contributor
Ray James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 2 days ago
kelalaka
9,8733 gold badges26 silver badges54 bronze badges
asked 2 days ago
Ray JamesRay James
162 bronze badges
New contributor
Ray James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 2 days ago
kelalaka
9,8733 gold badges26 silver badges54 bronze badges
edited 2 days ago
kelalaka
9,8733 gold badges26 silver badges54 bronze badges
edited 2 days ago
kelalaka
9,8733 gold badges26 silver badges54 bronze badges
9,8733 gold badges26 silver badges54 bronze badges
asked 2 days ago
Ray JamesRay James
162 bronze badges
New contributor
Ray James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
Ray JamesRay James
162 bronze badges
asked 2 days ago
Ray JamesRay James
162 bronze badges
162 bronze badges
New contributor
Ray James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Ray James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$begingroup$
This is a pure math question with no effort. If you now $m$ everything easy. Alos, see Rabin Cryptosystem.
$endgroup$
– kelalaka
2 days ago
add a comment |
$begingroup$
This is a pure math question with no effort. If you now $m$ everything easy. Alos, see Rabin Cryptosystem.
$endgroup$
– kelalaka
2 days ago
$begingroup$
This is a pure math question with no effort. If you now $m$ everything easy. Alos, see Rabin Cryptosystem.
$endgroup$
– kelalaka
2 days ago
$begingroup$
This is a pure math question with no effort. If you now $m$ everything easy. Alos, see Rabin Cryptosystem.
$endgroup$
– kelalaka
2 days ago
add a comment |
2 Answers
2
active
oldest
votes
$begingroup$
TL;DR: Efficient algorithm only exist in specific cases. The problem, in its full generality (finite abelian groups) is equivalent to the integer factorization problem.
How can we effectively compute the square root of an element in a group?
One case where we can compute a square root is when the group order is known and it is odd.
Any element $g$ in a group has the following property: if $q$ is the order of the group, then $g^q=1$. This is due to Lagrage's Theorem. Equivalently, $g^{q+1}=g$. If $q$ is odd then $frac{q+1}{2}$ is an integer, hence we can compute $h:= g^{frac{q+1}{2}}$, which is a square root of $g$.
Another case is the following: Assume $G$ is isomorphic to the direct product group of $k$ copies of the group of order 2 and a group of order odd $q$:
$$
G simeq mathbb{G}_q times prod_{i=1}^k mathbb{Z}_2
$$
where $mathbb{G}_q$ denotes a group of order $q$ and $mathbb{Z}_2$ the group of order 2. Also, importantly, assume you know how to compute this isomorphism.
In the group of order 2, the non-unit element is its own inverse, hence it has no square root. This implies the following: Let $g in G$. Apply the isomorphism to get the representation of $g$ as an element in the direct product above: $g = (g', g_1, ..., g_k)$, where $g' in mathbb{G}_q$ and $g_i$ is in the $i$'th $mathbb{Z}_2$. If there exists $i$ such that $g_i$ is not the unit element, then $g$ does not have a square root.
On the other hand, if $g_i$ is the unit element in all copies of $mathbb{G}_2$, then the problem reduces to the case of a group of odd order: you just raise $g$ to the power of $frac{q+1}{2}$.
Another question, if $m$ is an odd number, can we be sure there is no answer?
No. The above explains this too. Actually, for the above, you don't need to know $m$ (which is typically the case).
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element is equal to $g^k$?
The above addresses this too, since it fully describes the set of squares in the group.
EDIT:
In "Oded Goldreich, Computational complexity: a conceptual perspective" it is shown that finding square roots modulo composite numbers is a computational problem equivalent to integer factorization. Hence, don't expect any "general purpose" algorithm, only algorithm for special cases. One such case is the multiplicative group of invertible element in a field of prime size $p$ - called Tonelli-Shanks.
answered 2 days ago
ChipotleChipotle
5792 silver badges10 bronze badges
$endgroup$
1
$begingroup$
Maybe you did it as a simplification, but your decomposition as a product of groups does not always work. Example : $mathbb Z/2^kmathbb Z$ is not isomorphic to $(mathbb Z/2mathbb Z)^k$.
$endgroup$
– LeoDucas
yesterday
$begingroup$
@LeoDucas Yes, you're right. Thanks for pointing that out. I edited.
$endgroup$
– Chipotle
yesterday
add a comment |
$begingroup$
In a generic group, I don't know if it exists really a generic algorithm to solve your problem, but if you group is also a field ($mathbb{Z}_p$ with $p$ a prime number for example), then you can use the Berlekamp algorithm to factorize $X^2 -x$ where $x$ is your element.
I made an error, I've deleted the wrong part.
answered 2 days ago
IevgeniIevgeni
577 bronze badges
$endgroup$
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Ray James is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f72709%2fhow-can-we-effectively-compute-the-sqrt-of-some-element-in-the-group%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
TL;DR: Efficient algorithm only exist in specific cases. The problem, in its full generality (finite abelian groups) is equivalent to the integer factorization problem.
How can we effectively compute the square root of an element in a group?
One case where we can compute a square root is when the group order is known and it is odd.
Any element $g$ in a group has the following property: if $q$ is the order of the group, then $g^q=1$. This is due to Lagrage's Theorem. Equivalently, $g^{q+1}=g$. If $q$ is odd then $frac{q+1}{2}$ is an integer, hence we can compute $h:= g^{frac{q+1}{2}}$, which is a square root of $g$.
Another case is the following: Assume $G$ is isomorphic to the direct product group of $k$ copies of the group of order 2 and a group of order odd $q$:
$$
G simeq mathbb{G}_q times prod_{i=1}^k mathbb{Z}_2
$$
where $mathbb{G}_q$ denotes a group of order $q$ and $mathbb{Z}_2$ the group of order 2. Also, importantly, assume you know how to compute this isomorphism.
In the group of order 2, the non-unit element is its own inverse, hence it has no square root. This implies the following: Let $g in G$. Apply the isomorphism to get the representation of $g$ as an element in the direct product above: $g = (g', g_1, ..., g_k)$, where $g' in mathbb{G}_q$ and $g_i$ is in the $i$'th $mathbb{Z}_2$. If there exists $i$ such that $g_i$ is not the unit element, then $g$ does not have a square root.
On the other hand, if $g_i$ is the unit element in all copies of $mathbb{G}_2$, then the problem reduces to the case of a group of odd order: you just raise $g$ to the power of $frac{q+1}{2}$.
Another question, if $m$ is an odd number, can we be sure there is no answer?
No. The above explains this too. Actually, for the above, you don't need to know $m$ (which is typically the case).
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element is equal to $g^k$?
The above addresses this too, since it fully describes the set of squares in the group.
EDIT:
In "Oded Goldreich, Computational complexity: a conceptual perspective" it is shown that finding square roots modulo composite numbers is a computational problem equivalent to integer factorization. Hence, don't expect any "general purpose" algorithm, only algorithm for special cases. One such case is the multiplicative group of invertible element in a field of prime size $p$ - called Tonelli-Shanks.
answered 2 days ago
ChipotleChipotle
5792 silver badges10 bronze badges
$endgroup$
1
$begingroup$
Maybe you did it as a simplification, but your decomposition as a product of groups does not always work. Example : $mathbb Z/2^kmathbb Z$ is not isomorphic to $(mathbb Z/2mathbb Z)^k$.
$endgroup$
– LeoDucas
yesterday
$begingroup$
@LeoDucas Yes, you're right. Thanks for pointing that out. I edited.
$endgroup$
– Chipotle
yesterday
add a comment |
$begingroup$
TL;DR: Efficient algorithm only exist in specific cases. The problem, in its full generality (finite abelian groups) is equivalent to the integer factorization problem.
How can we effectively compute the square root of an element in a group?
One case where we can compute a square root is when the group order is known and it is odd.
Any element $g$ in a group has the following property: if $q$ is the order of the group, then $g^q=1$. This is due to Lagrage's Theorem. Equivalently, $g^{q+1}=g$. If $q$ is odd then $frac{q+1}{2}$ is an integer, hence we can compute $h:= g^{frac{q+1}{2}}$, which is a square root of $g$.
Another case is the following: Assume $G$ is isomorphic to the direct product group of $k$ copies of the group of order 2 and a group of order odd $q$:
$$
G simeq mathbb{G}_q times prod_{i=1}^k mathbb{Z}_2
$$
where $mathbb{G}_q$ denotes a group of order $q$ and $mathbb{Z}_2$ the group of order 2. Also, importantly, assume you know how to compute this isomorphism.
In the group of order 2, the non-unit element is its own inverse, hence it has no square root. This implies the following: Let $g in G$. Apply the isomorphism to get the representation of $g$ as an element in the direct product above: $g = (g', g_1, ..., g_k)$, where $g' in mathbb{G}_q$ and $g_i$ is in the $i$'th $mathbb{Z}_2$. If there exists $i$ such that $g_i$ is not the unit element, then $g$ does not have a square root.
On the other hand, if $g_i$ is the unit element in all copies of $mathbb{G}_2$, then the problem reduces to the case of a group of odd order: you just raise $g$ to the power of $frac{q+1}{2}$.
Another question, if $m$ is an odd number, can we be sure there is no answer?
No. The above explains this too. Actually, for the above, you don't need to know $m$ (which is typically the case).
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element is equal to $g^k$?
The above addresses this too, since it fully describes the set of squares in the group.
EDIT:
In "Oded Goldreich, Computational complexity: a conceptual perspective" it is shown that finding square roots modulo composite numbers is a computational problem equivalent to integer factorization. Hence, don't expect any "general purpose" algorithm, only algorithm for special cases. One such case is the multiplicative group of invertible element in a field of prime size $p$ - called Tonelli-Shanks.
answered 2 days ago
ChipotleChipotle
5792 silver badges10 bronze badges
$endgroup$
1
$begingroup$
Maybe you did it as a simplification, but your decomposition as a product of groups does not always work. Example : $mathbb Z/2^kmathbb Z$ is not isomorphic to $(mathbb Z/2mathbb Z)^k$.
$endgroup$
– LeoDucas
yesterday
$begingroup$
@LeoDucas Yes, you're right. Thanks for pointing that out. I edited.
$endgroup$
– Chipotle
yesterday
add a comment |
$begingroup$
TL;DR: Efficient algorithm only exist in specific cases. The problem, in its full generality (finite abelian groups) is equivalent to the integer factorization problem.
How can we effectively compute the square root of an element in a group?
One case where we can compute a square root is when the group order is known and it is odd.
Any element $g$ in a group has the following property: if $q$ is the order of the group, then $g^q=1$. This is due to Lagrage's Theorem. Equivalently, $g^{q+1}=g$. If $q$ is odd then $frac{q+1}{2}$ is an integer, hence we can compute $h:= g^{frac{q+1}{2}}$, which is a square root of $g$.
Another case is the following: Assume $G$ is isomorphic to the direct product group of $k$ copies of the group of order 2 and a group of order odd $q$:
$$
G simeq mathbb{G}_q times prod_{i=1}^k mathbb{Z}_2
$$
where $mathbb{G}_q$ denotes a group of order $q$ and $mathbb{Z}_2$ the group of order 2. Also, importantly, assume you know how to compute this isomorphism.
In the group of order 2, the non-unit element is its own inverse, hence it has no square root. This implies the following: Let $g in G$. Apply the isomorphism to get the representation of $g$ as an element in the direct product above: $g = (g', g_1, ..., g_k)$, where $g' in mathbb{G}_q$ and $g_i$ is in the $i$'th $mathbb{Z}_2$. If there exists $i$ such that $g_i$ is not the unit element, then $g$ does not have a square root.
On the other hand, if $g_i$ is the unit element in all copies of $mathbb{G}_2$, then the problem reduces to the case of a group of odd order: you just raise $g$ to the power of $frac{q+1}{2}$.
Another question, if $m$ is an odd number, can we be sure there is no answer?
No. The above explains this too. Actually, for the above, you don't need to know $m$ (which is typically the case).
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element is equal to $g^k$?
The above addresses this too, since it fully describes the set of squares in the group.
EDIT:
In "Oded Goldreich, Computational complexity: a conceptual perspective" it is shown that finding square roots modulo composite numbers is a computational problem equivalent to integer factorization. Hence, don't expect any "general purpose" algorithm, only algorithm for special cases. One such case is the multiplicative group of invertible element in a field of prime size $p$ - called Tonelli-Shanks.
answered 2 days ago
ChipotleChipotle
5792 silver badges10 bronze badges
$endgroup$
TL;DR: Efficient algorithm only exist in specific cases. The problem, in its full generality (finite abelian groups) is equivalent to the integer factorization problem.
How can we effectively compute the square root of an element in a group?
One case where we can compute a square root is when the group order is known and it is odd.
Any element $g$ in a group has the following property: if $q$ is the order of the group, then $g^q=1$. This is due to Lagrage's Theorem. Equivalently, $g^{q+1}=g$. If $q$ is odd then $frac{q+1}{2}$ is an integer, hence we can compute $h:= g^{frac{q+1}{2}}$, which is a square root of $g$.
Another case is the following: Assume $G$ is isomorphic to the direct product group of $k$ copies of the group of order 2 and a group of order odd $q$:
$$
G simeq mathbb{G}_q times prod_{i=1}^k mathbb{Z}_2
$$
where $mathbb{G}_q$ denotes a group of order $q$ and $mathbb{Z}_2$ the group of order 2. Also, importantly, assume you know how to compute this isomorphism.
In the group of order 2, the non-unit element is its own inverse, hence it has no square root. This implies the following: Let $g in G$. Apply the isomorphism to get the representation of $g$ as an element in the direct product above: $g = (g', g_1, ..., g_k)$, where $g' in mathbb{G}_q$ and $g_i$ is in the $i$'th $mathbb{Z}_2$. If there exists $i$ such that $g_i$ is not the unit element, then $g$ does not have a square root.
On the other hand, if $g_i$ is the unit element in all copies of $mathbb{G}_2$, then the problem reduces to the case of a group of odd order: you just raise $g$ to the power of $frac{q+1}{2}$.
Another question, if $m$ is an odd number, can we be sure there is no answer?
No. The above explains this too. Actually, for the above, you don't need to know $m$ (which is typically the case).
Is it possible to find another generator $g_1$ and an even number $k$ that satisfy the element is equal to $g^k$?
The above addresses this too, since it fully describes the set of squares in the group.
EDIT:
In "Oded Goldreich, Computational complexity: a conceptual perspective" it is shown that finding square roots modulo composite numbers is a computational problem equivalent to integer factorization. Hence, don't expect any "general purpose" algorithm, only algorithm for special cases. One such case is the multiplicative group of invertible element in a field of prime size $p$ - called Tonelli-Shanks.
answered 2 days ago
ChipotleChipotle
5792 silver badges10 bronze badges
edited 13 hours ago
answered 2 days ago
ChipotleChipotle
5792 silver badges10 bronze badges
answered 2 days ago
ChipotleChipotle
5792 silver badges10 bronze badges
answered 2 days ago
ChipotleChipotle
5792 silver badges10 bronze badges
5792 silver badges10 bronze badges
1
$begingroup$
Maybe you did it as a simplification, but your decomposition as a product of groups does not always work. Example : $mathbb Z/2^kmathbb Z$ is not isomorphic to $(mathbb Z/2mathbb Z)^k$.
$endgroup$
– LeoDucas
yesterday
$begingroup$
@LeoDucas Yes, you're right. Thanks for pointing that out. I edited.
$endgroup$
– Chipotle
yesterday
add a comment |
1
$begingroup$
Maybe you did it as a simplification, but your decomposition as a product of groups does not always work. Example : $mathbb Z/2^kmathbb Z$ is not isomorphic to $(mathbb Z/2mathbb Z)^k$.
$endgroup$
– LeoDucas
yesterday
$begingroup$
@LeoDucas Yes, you're right. Thanks for pointing that out. I edited.
$endgroup$
– Chipotle
yesterday
1
1
$begingroup$
Maybe you did it as a simplification, but your decomposition as a product of groups does not always work. Example : $mathbb Z/2^kmathbb Z$ is not isomorphic to $(mathbb Z/2mathbb Z)^k$.
$endgroup$
– LeoDucas
yesterday
$begingroup$
Maybe you did it as a simplification, but your decomposition as a product of groups does not always work. Example : $mathbb Z/2^kmathbb Z$ is not isomorphic to $(mathbb Z/2mathbb Z)^k$.
$endgroup$
– LeoDucas
yesterday
$begingroup$
@LeoDucas Yes, you're right. Thanks for pointing that out. I edited.
$endgroup$
– Chipotle
yesterday
$begingroup$
@LeoDucas Yes, you're right. Thanks for pointing that out. I edited.
$endgroup$
– Chipotle
yesterday
add a comment |
$begingroup$
In a generic group, I don't know if it exists really a generic algorithm to solve your problem, but if you group is also a field ($mathbb{Z}_p$ with $p$ a prime number for example), then you can use the Berlekamp algorithm to factorize $X^2 -x$ where $x$ is your element.
I made an error, I've deleted the wrong part.
answered 2 days ago
IevgeniIevgeni
577 bronze badges
$endgroup$
add a comment |
$begingroup$
In a generic group, I don't know if it exists really a generic algorithm to solve your problem, but if you group is also a field ($mathbb{Z}_p$ with $p$ a prime number for example), then you can use the Berlekamp algorithm to factorize $X^2 -x$ where $x$ is your element.
I made an error, I've deleted the wrong part.
answered 2 days ago
IevgeniIevgeni
577 bronze badges
$endgroup$
add a comment |
$begingroup$
In a generic group, I don't know if it exists really a generic algorithm to solve your problem, but if you group is also a field ($mathbb{Z}_p$ with $p$ a prime number for example), then you can use the Berlekamp algorithm to factorize $X^2 -x$ where $x$ is your element.
I made an error, I've deleted the wrong part.
answered 2 days ago
IevgeniIevgeni
577 bronze badges
$endgroup$
In a generic group, I don't know if it exists really a generic algorithm to solve your problem, but if you group is also a field ($mathbb{Z}_p$ with $p$ a prime number for example), then you can use the Berlekamp algorithm to factorize $X^2 -x$ where $x$ is your element.
I made an error, I've deleted the wrong part.
answered 2 days ago
IevgeniIevgeni
577 bronze badges
edited 2 days ago
answered 2 days ago
IevgeniIevgeni
577 bronze badges
answered 2 days ago
IevgeniIevgeni
577 bronze badges
answered 2 days ago
IevgeniIevgeni
577 bronze badges
577 bronze badges
add a comment |
add a comment |
Ray James is a new contributor. Be nice, and check out our Code of Conduct.
Ray James is a new contributor. Be nice, and check out our Code of Conduct.
Ray James is a new contributor. Be nice, and check out our Code of Conduct.
Ray James is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f72709%2fhow-can-we-effectively-compute-the-sqrt-of-some-element-in-the-group%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
This is a pure math question with no effort. If you now $m$ everything easy. Alos, see Rabin Cryptosystem.
$endgroup$
– kelalaka
2 days ago