 This lecture is part of Berkeley Math 1-1-5, an introductory undergraduate course on number theory. And this will be about solving degree 2 congruences. So this means that we want to solve the equation Ax squared plus bx plus c is congruent to 0 modulo p. Now, we've already solved degree 1 congruences, Ax plus b is congruent to 0 by using Euclid's algorithm. So how do we solve degree 2 congruences? Well, we can start by just copying the usual way of solving quadratic equations over the reals by completing the square. So we write this as Ax plus b over 2 all squared. And now this is going to be congruent to b squared minus 4ac over 4a. Well, there's a little bit of a problem here because we need to be able to divide by 2. And if p is odd, this is okay because 2 is co-prime to p, so we can divide by it. What happens if p equals 2? Well, then we can't do this because we can't divide by 2. But if p is equal to 2, we just try x equals 0 and x equals 1 as roots. So it's very easy to do this just by trying all possible cases. So we may as well assume that p is odd. Now, you notice this bit here is just the usual discriminant of the quadratic equation. And now it's enough to solve x squared is congruent to d for d the discriminant. Because if we can find a square root of this discriminant, then if we move the a over here, we've got a 4a squared in the denominator, which is a square. So we can solve this, provide we can find a square root of the discriminant. So we're reduced to just solving this equation here. And now we should just check it has a solution before actually finding the solution. When we recall it has a solution and the solution exists, provided d to the p minus 1 over 2 is congruent to 1 modulo p. This was Euler's criterion that we discussed earlier and that we'll also discuss a bit later. I should say that we're taking d to be not congruent to 0 because otherwise this doesn't apply. If d is congruent to 0 and you can't figure out what its square root is, then you've really got problems. So suppose we now know that a square root of d exists. How do we find it? So we want problem is now to solve x squared is congruent to d modulo p. And let's try method one. So method one is going to be trial and error. We just try x equals 0, 1, 2 and so on until it works. So for example, if we want to solve x squared is congruent to 2 modulo 7, let's try 0 squared is congruent to 0, that's no good. 1 squared is congruent to 1, that's no good. 2 squared is congruent to 4, that's no good. 3 squared is congruent to 9, which is congruent to 2. And great, we've now found a square root of 2 just by checking all possible cases. And this method is obviously fine if our prime is very small and obviously utterly useless if our prime is large because it would just take too long. So let's try another method. Method two is a polynomial solver. So there are several methods that will solve any polynomial fx is congruent to 0 modulo p. So the first one was found by Berle-Camp and there was another one found by Kantor and Zassenhaus. And in the next lecture, we will be discussing the one found by Kantor and Zassenhaus. And these will actually find roots of any polynomial mod p rather fast. And you may think, well, if we've got this something that will work for all polynomials, why are we wasting time doing the special case of square roots? Well, first of all, the method for finding square roots is a lot faster. It's quite a lot easier and it also works in greater generality. For example, it will also find square roots of numbers in arbitrary groups, whereas the Berle-Camp and the Kantor-Zassenhaus method only work in rather special cases of finite fields or integers modulo p. So let's now try method three. Method three is to guess the answer. Well, guessing the answer sounds a kind of unprofessional. So what you should say is you're trying out an ansatz. Now, ansatz is a German word that basically just means guess, but since it's a German word, it sounds very serious and so on. So ansatz means you write down a sort of formula for the answer with some free parameters in it and you then try and adjust the free parameters to find your solution. So if we're trying to solve x squared is congruent to d, what we do is we try x is equal to some function of d. For instance, we could try something to the power of d or we could try d to the power of something or we could try a naught plus a1d plus a2d squared or something. There are various things you can try. And which of these should we do? Well, you notice this says x is equal to d to the half. So we want an ansatz that sort of looks a little bit like this and this is d to the power of something. So this suggests that maybe this one is the way to go. Let's try x is equal to d to the k for some k and try and figure out what k is. So k is going to be an integer and at first sight this kind of looks stupid because here we want to take x to the power of something so we want to take x to be d to the power of something that very definitely isn't an integer and it doesn't look as if you're going to be able to do that by taking d to the power of an integer but let's try and see what happens. So let's take this and substitute it into this equation here and this gives us d to the 2k is congruent to d or let's say d to the 2k minus 1 is congruent to 1 so we want to find a k satisfying this equation here. Well, you remember we had this condition that d to the p minus 1 over 2 was congruent to 1 because d has a square root and now let's just compare this with this and we see that we can solve it if p minus 1 over 2 is odd because then we can just take k is equal to p minus 1 over 2 and then we add 1 and divide it by 2 and this will now give us the solution x is equal to d to the k. Well, what's this condition equivalent to? Well, this just says that p is congruent to 3 modulo 4 but p is 1 modulo 4, this fails so we've managed to solve find square roots very quickly for half of all possible primes. Well, that does case p is 3 mod 4 what if p is 1 mod 4? What can we do? Well, let's just play around a bit and see what we can come up with. We know that d to the p minus 1 over 2 is congruent to 1 and now p is congruent to 1 modulo 4 well, what does that say? It says that this is even. Well, what can we do? Well, if it's even, let's try dividing it by 2 so we get d to the p minus 1 over 4 and this is going to be congruent to a square root of 1 so it'll either be plus 1 or minus 1 and we don't quite know which and we want to find the square root of d let's try multiplying both sides by d so we get d to the p plus 3 over 4 is now congruent to plus or minus 1 modulo p and now let's think about this a bit sorry, that'll be plus or minus d and now suppose that we get plus d here and also suppose that p plus 3 over 4 is even in that case we can find a square root of d just by taking the square root of this side so we get d to the p plus 3 over 8 squared is now congruent to plus d so there are some cases when we can do it and let's kind of just investigate these a bit further so first of all this case here corresponds to p being congruent to 5 mod 8 so if p is 1 mod 4 it's either 1 or 5 mod 8 and this at least does the ones that are 5 mod 8 and what about this condition? well what happens if it's minus d? well that's actually quite easy because minus 1 has a square root and you remember we could find a square root of minus 1 and p is 1 mod 4 just by taking a random number a and taking it to the p minus 1 over 4 and there was about a 50% chance that this gives us a square root of minus 1 so if minus d has a square root then the square root of d is just the square root of minus d times the square root of minus 1 so once we find the square root of minus d we can easily convert this into a square root of d so we can solve this equation quite quickly whenever p is congruent to 5 mod 8 and we can sort of go on like this if d is 1 mod 8 then it's either 1 or 9 mod 16 and it turns out that if we do it 9 mod 16 then we can solve it and so on so let's look at the worst case suppose p is of the form 1 plus 2 to the k so these are the ones that seem to be giving the most trouble so here we have a firm out prime and let's try and find square roots x squared is congruent to d modulo this firm out prime so here the number of non-zero residues is now a power of 2 and what we're going to do first is pick a primitive root g so g to the 2k is congruent to what g to the 2 to the k is congruent to 1 and that's true for no smaller exponent and we can find a primitive root easily just by sort of randomly guessing and now suppose that suppose d has ordered 2 to the i for some i some integer i it must have ordered power of 2 because it divides 2 to the k where we notice that g to the 2 to the k minus i also has order 2 to the i in fact we notice that d is equal to g to the 2 to the k minus i times something odd because these are the things that have ordered 2 to the i so g to the 2 to the k minus i times d is g to the 2 to the k minus i times something even so it has order less than 2 to the i because this bit here is even so we can now take the square root of d well first of all we can take the square root of this so we take g to the 2 to the k minus i minus 1 well I guess we should take g to the minus that and then we multiply it by the square root of this well how do we work out the square root of this bit well this is smaller order than g than d so we can find the square root of d by doing this series of steps each step reduces the order of d by a factor of at least 2 so after all the small finite number of steps we end up with the square root of d now let's discuss the general case so we've done the case of odd order and we've done the case of order of power of 2 and the idea is we can split up any case into the case of odd order and the case of order of power of 2 so suppose p minus 1 is equal to 2 to the k times n with n odd then we pick g to have order 2 to the k and how do we pick g like this well g is equal to some random number the power of n and sooner or later we'll find a random number to the nth power whose order is exactly 2 to the k and what we do now is we solve 2 to the k times s plus nt equals 1 by Euclid why do we do this well we're going to we're going to use this to write every element as the product of an element of order of power of 2 times an element of odd order so what we do is we pick an element y we write y which is y to the 1 it's going to be y to the n to the t times y to the 2k to the power of s and now this thing has ordered a power of 2 because it must have order must dividing 2 to the k and this thing has odd order so now we can find a square root a square root of this using method 3 and we can find a square root of things that have an order of power of 2 using the previous method so we can find a square root of this bit and a square root of this bit and we can obviously get the square root of y to the power of t times the square root of this bit to the power of s so this is a sort of divide and conquer method we split up finding the square roots into the problem of finding square roots of things of odd order and the problem of finding things of square roots of order of power of 2 and then we sort of combine them so in order to illustrate this I'll do an example so let's find let's solve x squared is congruent to 2 modulo 41 and of course we should pretend that 41 is so big that we can't do this by trial and error so we first of all look at the order of the group of residue classes prime to 41 which is order 40 so we write 40 is equal to 2 to the 5 so 2 cubed times 5 so this power of 2 and this is odd and this of course is just p minus 1 and let's find an element of order 2 to the 3 and what we do is we take a random number and to the power of 5 and see if it works and if we try 3 3 works 3 to the 5 so 3 to the 5 is congruent to 38 mod 41 and you can check this does in fact of order 2 cubed so that's a sort of analog of a primitive root in the case of firma primes we did next we solve 2 cubed times s plus 5 times t is equal to 1 using euclid and I'm not going to write this out we can just take s equals minus 3 t equals 5 so we write 2 is equal to 2 to the 8 to the minus 3 times 2 to the 5 to the power of 5 now what we want to do is we want to take a square root of this bit and a square root of this bit well the first bit is easy square root of 2 to the 8 2 to the 4 so that's that bit done now we've got the problem of finding a square root of 2 to the 5 and so we've got to solve x squared is congruent to 32 and this has order 8 so we find the order of 32 and we can do this by repeatedly squaring it until we get 1 so 32 squared is congruent to 40 40 squared is congruent to 1 so 32 has order 4 which is just 2 squared and now we write put 32 is equal to 38 squared times something and that becomes that becomes 38 squared times 40 so this now has order less than 2 squared and 38 squared has an obvious square root the square root of 38 squared is just 38 and now we write 40 that's this number here as 38 to the 4 times something in fact we find it's 38 to the 4 times 1 now that's rather nice because it's easy to find the square root of 1 and now 38 to the 4 has an obvious square root the square root is just equal to 38 squared so now we've managed to write 32 as a product of various things that whose square roots we know so we write 32 as equal to 38 squared times 38 to the 4 so the square root of 32 is just 38 times 38 squared which is congruent to 14 so finally we find the square root of 2 is equal to 2 to the 4 to the minus 3 times 14 to the power of 5 and we can now work this out as it's been congruent to 24 modulo 41 and by the way a similar version of this will not just not only find square roots you can also use it to find things like cube roots and fourth roots and fifth roots by doing something slightly more complicated but I won't give details of that ok next lecture we'll discuss the Kantor-Zazenhaus method for finding roots of arbitrary polynomials