Modular Square Root Calculator

x² ≡ a (mod p)

CalculatorsFreeNo Signup
4.2(655 reviews)
All Tools

Loading tool...

About Modular Square Root Calculator

A modular square root calculator solving x² ≡ a (mod p) for prime p. Uses Tonelli-Shanks algorithm. Checks if a is a quadratic residue via Euler's criterion, then finds both roots. Shows step-by-step computation. Client-side.

Modular Square Root Calculator Features

  • Tonelli-Shanks
  • Both roots
  • QR check
  • Step-by-step
  • Euler criterion
Modular square root: find x with x² ≡ a (mod p). Not all a have roots (quadratic residues only). For p≡3 mod 4: x = a^((p+1)/4). General: Tonelli-Shanks algorithm (1891/1973). Two roots exist: x and p−x. Essential for elliptic curve cryptography.

How to Use

Enter a and prime p:

  • Roots: Both x and p−x
  • QR?: Quadratic residue check
  • Steps: Algorithm trace

Tonelli-Shanks

Write p−1 = Q·2^S. Find non-residue z. Set M=S, c=z^Q, t=a^Q, R=a^((Q+1)/2). Loop: if t≡1, return R. Find least i with t^(2^i)≡1. Update c,t,R,M. Runs in O(log²p) time.

Cryptography

Used in: elliptic curve point decompression (recover y from x), RSA-OAEP, and Rabin cryptosystem (decryption requires modular square roots). The Rabin system's security is provably equivalent to factoring.

Step-by-Step Instructions

  1. 1Enter value a.
  2. 2Enter prime p.
  3. 3Check QR.
  4. 4Compute roots.
  5. 5View algorithm.

Modular Square Root Calculator — Frequently Asked Questions

When does x² ≡ a (mod p) have solutions?+

If and only if a is a quadratic residue mod p, i.e., a^((p-1)/2) ≡ 1 (mod p) (Euler's criterion). Exactly (p-1)/2 non-zero values are QRs. If a solution exists, there are exactly two: x and p-x.

Is there a simpler formula for special primes?+

Yes! If p ≡ 3 (mod 4): x = a^((p+1)/4) mod p. About half of primes satisfy this. For p ≡ 5 (mod 8): the Atkin formula works. Tonelli-Shanks handles all cases but is more complex.

Can you take square roots mod composite n?+

If you know the factorization n=pq, use CRT: solve mod p and mod q separately, then combine. But computing sqrt mod n WITHOUT knowing the factorization is as hard as factoring n! This is the basis of the Rabin cryptosystem.

More Calculators Tools

Explore all 639 other calculators tools available on Generatr

1-Sample Z-Test Calculator2-Sample Z-Test Calculator3D Surface Area CalculatorA/B Testing Significance CalculatorAbsolute Value CalculatorAbundant Number CheckerAccelerated Aging CalculatorAchromatic Number CalculatorAcyclic Chromatic Number CalculatorAdditive Persistence CalculatorAge CalculatorAging Test CalculatorAlbertson Index CalculatorAlgebraic Connectivity CalculatorAliquot Sequence CalculatorAliquot Sum CalculatorAlternating Series Test CalculatorAmicable Number FinderAnnuity CalculatorAPY CalculatorAquarium CO2 Drop CheckerArea CalculatorArea Under Curve CalculatorArithmetic Sequence CalculatorArmstrong Number CalculatorASCVD Risk CalculatorAspect Ratio CalculatorAtom Bond Connectivity CalculatorAugmented Eccentric Connectivity CalculatorAugmented Zagreb Index Calculator
View all 639 calculators tools
Share this tool: