User:Endo999 - Knowledge (XXG)

This user is a native speaker of the English language.

Cet utilisateur peut contribuer avec un niveau avancé de français.

Este usuario puede contribuir con un nivel intermedio de español.

I have created some javascript in my GoogleTrans.js file that will marry the Google translation javascript api with Knowledge (XXG). Help for this gadget is at User:Endo999/GoogleTrans.

Install

You can install GoogleTrans by going to my preferences when you are logged into Knowledge (XXG). clicking on the Gadgets tab in your profile, and then selecting the GoogleTrans gadget.

Then, you may need to restart your browser (clear the cache) to get it working. (Shift+F5 also work for Firefox, and CTRL+F5 works for Internet Explorer).

From then on the following will happen

Features

1) Like the Google toolbar: whenever you place the cursor over a word (for say 2 seconds), a popup will happen with the foreign language translation of the word. When you move the cursor away from the word, the popup window will disappear.

Note: a new feature recently introduced means that you have to hold the shift key down after you have hovered over a word (or selected text). This feature can be turned off by clicking on the Translation Popups tab at the top of the page and clicking on the link that turns this feature off.

2) Over 50 languages: As many languages as Google does. The Change Translation Languages popup window has a To language. Click on the ->French (ie) at the top of the Popup window to change the language being translated to.

3) Work with: IE, Firefox, Epiphany, Safari, Opera, and Chrome. This feature is turned off for Konqueror at the moment because 2005 Konquerer does not run the javascript well. Perhaps later versions of Konqueror do, but I have not tested on them.

4) And: when a cursor is placed within selected text, then all the selected text is translated (this for IE, Firefox, Chrome, and Epiphany). Safari and Opera don't support this option.

5) Within the popup are some links

a) a '->FRENCH', as an example. This means translation is happening from English to French.
If you click on this link you get to change the language translation pair

b) a source link which takes you to the Google translation web page.

c) A 'X' link, just in case moving the cursor away from the popup does not get rid of the popup.

6) To stay up: move the cursor into the popup, or outside the frame of the document (like onto the nondocument part of the browser) the popup window will stay up.

7) There is a 'GoogleTrans (on/off)' tab. (on/off) tells whether the translation popups feature is on or off. Click on the tab to get the Change Translation Languages popup window, which will allow you to toggle the feature on or off.

Others

The page goes beyond the Google translation feature of their toolbar in that over 50 languages are supported (translations between them and not just from English), and translation of selected text paragraphs (up to 500 characters) happens for IE, Firefox, Chrome, and Epiphany.

The translation software at Google is very powerful and I thought I would marry the premier language site on the web with it. The Javascript for determining the word under the cursor in a web page and/or the selected text under the cursor is mine.

Endo999 (talk) 02:59, 11 October 2008 (UTC)

Selected Text Translation

Translation of small amounts of selected text is possible. Select less than 500 characters of text, put the cursor within the selected text (preferably right on a word within the selected text), and hit the SHIFT key. At this point you will see a popup (like the picture shown) with the translated text. If you wish to have the next sentence translated, simply click on the "Translate Next Sentence?" link at the bottom left of the popup.

Math Blog

The following material is Endo999's math blog.

Fun Mathematical Observations

For fun, consider the following:

Everybody knows the following is true:

{\frac {r^{3}}{r^{2}}}==r^{1}

However, the following analogue for $r^{x}+r^{-x}$ is also true:

{\frac {r^{3}+r^{-3}}{r^{2}+r^{-2}-1}}==r^{1}+r^{-1}

So:

{\frac {8+{\frac {1}{8}}}{4+{\frac {1}{4}}-1}}==2+{\frac {1}{2}}

and

{\frac {27+{\frac {1}{27}}}{9+{\frac {1}{9}}-1}}==3+{\frac {1}{3}}

Viola! Make sure to remember the $-1$ in the denominator.

Redrafting Cubes

With the equation in the section above, we can take a cube and draft the equation as:

2^{8*3}+2^{-8*3}{\bmod {89*29}}\equiv 2385\equiv (2^{8}+2^{-8})(2^{16}+2^{-16}-1)

2^{5*3}+2^{-5*3}{\bmod {89*29}}\equiv 2013\equiv (2^{5}+2^{-5})(2^{10}+2^{-10}-1)

2^{4*3}+2^{-4*3}{\bmod {89*29}}\equiv 670\equiv (2^{4}+2^{-4})(2^{8}+2^{-8}-1)

Thus,

2^{x*3}+2^{-x*3}{\bmod {p*q}}\equiv (2^{x}+2^{-x})(2^{2*x}+2^{-2*x}-1)

This is a redrafting of any cube or power of cubes.

You can also redraft the cube as:

(2^{x}-2^{-x})(2^{2*x}+2^{-2*x}+1){\bmod {p*q}}\equiv 2^{x*3}-2^{-x*3}

Redrafting an RSA cipher to the 23rd power

As $m^{23}{\bmod {p*q}}\equiv c$ , in our RSA cipher, then $2^{23/3}{\bmod {89*29}}\equiv 1529$ , therefore,

(1529+1529^{-1})(1529^{2}+1529^{-2}-1){\bmod {89*29}}\equiv 2^{23}+2^{-23}\equiv 1115

If $m^{e}{\bmod {p*q}}$ has a cube power then the equation holds.

You can solve for $2^{23/3}+2^{-23/3}$ by solving the cubic modular equation:

x(x^{2}-3){\bmod {89*29}}\equiv 1115

where $x=1924\equiv 1529+1529^{-1}{\bmod {89*29}}$

(1529-1529^{-1})(1529^{2}+1529^{-2}+1){\bmod {89*29}}\equiv 2^{23}-2^{-23}\equiv 2182

Back To Fun Facts On Math

How about the 2 modular square roots of a modular power. For instance,

$2^{31}{\bmod {8}}03$ is the modular square root for $2^{62}{\bmod {8}}03$ . So is $2^{14}{\bmod {8}}03$ because $2^{90}{\bmod {8}}03\equiv 1$ .

As the power cycle is $90$ for the modulus $803$ , then $2^{62}{\bmod {8}}03\equiv 2^{-28}{\bmod {8}}03$ since $62+28=90$ . As such $2^{62/2}\equiv 2^{31}$ and $2^{-28/2}\equiv 2^{-14}$

{\frac {2^{31}+2^{-31}{\bmod {8}}03}{2^{14}+2^{-14}{\bmod {8}}03}}{\bmod {8}}03\equiv {\sqrt {1}}{\bmod {8}}03\equiv 2^{45}{\bmod {8}}03

and

{\frac {2^{31}-2^{-31}{\bmod {8}}03}{2^{14}-2^{-14}{\bmod {8}}03}}{\bmod {8}}03\equiv -{\sqrt {1}}{\bmod {8}}03\equiv -2^{45}{\bmod {8}}03

Also,

${\frac {x^{2}-y^{2}}{x-y}}{\bmod {n}}\equiv (y+x){\bmod {n}}$

Also,

$(g^{p*q+1})^{p*q-1}+(g^{p*q+1})^{-(p*q-1)}{\bmod {p}}*q\equiv g^{p^{2}-q^{2}}+g^{q^{2}-p^{2}}{\bmod {p}}*q$

Also,

$g^{p*q-1}+g^{-(p*q-1)}{\bmod {p}}*q\equiv g^{p-q}+g^{q-p}{\bmod {p}}*q$

and

$g^{p*q-1}-g^{-(p*q-1)}{\bmod {p}}*q\equiv {\sqrt {1}}(g^{p-q}-g^{q-p}){\bmod {p}}*q$

Also,

$g^{p*q}+g{\bmod {p}}*q\equiv g^{p}+g^{q}{\bmod {p}}*q$

and

$g^{p*q}-g{\bmod {p}}*q\equiv {\sqrt {1}}(g^{p}-g^{q}){\bmod {p}}*q$

Also,

$(({\sqrt {1}}+1)^{2}+({\sqrt {1}}-1)^{2}))^{evenpower}{\bmod {p}}q\equiv (({\sqrt {1}}+1)^{2}-({\sqrt {1}}-1)^{2}))^{evenpower}{\bmod {p}}q$

Also, while the above equations usually show the sum of powers mod p*q, the terms, individually, usually show powers of p and q mod p or q. Thus,

$g^{pq}{\bmod {p}}q\equiv g^{p}{\bmod {q}}$

$g^{pq-1}{\bmod {p}}q\equiv g^{p-q}{\bmod {q}}$

Most of the above equations of sums of powers can be split up in the manner shown just above.

Also, $(pq-1){\bmod {p}}q\equiv {\sqrt {1}}{\bmod {q}}$ This seems obvious since $(pq-1){\bmod {p}}q\equiv -1{\bmod {q}}$ and $-1*-1{\bmod {n}}\equiv 1{\bmod {n}}$ ,however, $g^{(q-1)/2}{\bmod {q}}\equiv -1{\bmod {q}}$ many times

Also, ${\frac {g^{3x}+g^{-3x}}{g^{x}-g^{-x}}}-{\frac {g^{x}+g^{-x}}{g^{x}-g^{-x}}}==g^{2x}-g^{-2x}$

$i+1$ as the base or generator for modular powers is also fun to do

\alpha =(i+1)^{pq}-(i+1){\bmod {p}}q

will equal a complex number with the real or imaginary numbers sometimes being $\alpha =-((2^{(p-1)/2})(-+)(2^{(q-1)/2}))+{\sqrt {1}}((2^{(p-1)/2})(+-)(2^{(q-1)/2}))i$ or $\alpha =-((2^{(p-1)/2})(-+)(2^{(q-1)/2}))i+{\sqrt {1}}((2^{(p-1)/2})(+-)(2^{(q-1)/2}))$

It seems to vary with the semi-prime looked at.

$(i+1)$ as a generator is really wild and you should definitely check it out. In general the real and imaginary terms will equal the square roots of what the powers would produce if the generator was $2$ .

Fun Math Observations for Modular Square Roots

{\frac {2^{p-q}+2^{q-p}}{2^{pq-1}+2^{-(pq-1)}}}{\bmod {p}}q\equiv 1

{\frac {2^{p-q}-2^{q-p}}{2^{pq-1}-2^{-(pq-1)}}}{\bmod {p}}q\equiv {\sqrt {1}}{\bmod {p}}q

As the power cycle is $90$ for the modulus $803$ , then $2^{62}{\bmod {8}}03\equiv 2^{-28}{\bmod {8}}03$ since $62+28=90$ . As such $2^{62/2}\equiv 2^{31}$ and $2^{-28/2}\equiv 2^{-14}$

{\frac {2^{31}+2^{-31}{\bmod {8}}03}{2^{14}+2^{-14}{\bmod {8}}03}}{\bmod {8}}03\equiv {\sqrt {1}}{\bmod {8}}03\equiv 2^{45}{\bmod {8}}03

and

{\frac {2^{31}-2^{-31}{\bmod {8}}03}{2^{14}-2^{-14}{\bmod {8}}03}}{\bmod {8}}03\equiv -{\sqrt {1}}{\bmod {8}}03\equiv -2^{45}{\bmod {8}}03

You can take a modular square root of any odd composite modulus in square root of the modulus steps via:

Multiply the root by squares (i*i) until the resulting number mod the modulus is an actual square. At this point you can take the real square root, and modular divide by i (the root of the square you multiplied the left side with). This will give the modular square root.

i*i*modularsquare{\bmod {p}}*q\equiv <actualsquare>

After which:

root{\bmod {p}}*q\equiv {\frac {\sqrt {<actualsquare>}}{i}}{\bmod {p}}*q

I have a way, which is similar but more complex, which introduces $\alpha$ and $\beta$ coefficients into the equation. By manipulating the coefficients you can get a small number of the right (after moding). This small number can be worked with something like the quadratic sieve to find a square root in less that ${\sqrt {modulus}}$ steps.

Sum Of Squares

Interestingly the sum of all the squares in a modulus is $0$ . Thus:

\sum _{x=1}^{x=p*q-1}x^{2}{\bmod {p*q}}\equiv 0

This means that:

x^{2}{\bmod {p*q}}\equiv -(\sum _{y=1}^{y=x-1}y^{2}+\sum _{y=x+1}^{y=p*q-1}y^{2}){\bmod {p*q}}

This means that any quadratic number (a square in mod p*q) is equal to the minus of all the sums of squares of all the other numbers

The well known sum of squares formula shows the sum of squares for the first $t$ squares.

t*(t+1)*(2*t+1)/6

The sum of all numbers in a modulus field is also 0. Since every number $N$ in a semiprime modulus field is countered by $-N$ on the other side of the field then this has to be.

\sum _{x=1}^{x=p*q-1}x{\bmod {p*q}}\equiv 0

Sum of Powers and RSA

Even though we don't know what $m$ is, when we are given $m^{e}{\bmod {p*q}}$ , we do know that

m^{e}{\bmod {p*q}}\equiv -(\sum _{x=1}^{x=m-1}x^{e}+\sum _{x=m+1}^{x=p*q-1}x^{e})

You can take the sum of consecutive powers from 1 to N quite easily according to Faulhaber's formula. The mathematica for doing this follows:

 Faulhaber := Module[{a1, a2},
   a1 = 0;
   For[a2 = 0, a2 <= p, a2++,
    a1 += (-1)^a2 (Binomial) BernoulliB (m^(p + 1 - a2));
    ];   
   a1 /= (p + 1);
   Print];
   ];

An Equation For A Modular Square Root

Since

{\frac {2^{3x}-1}{2^{x}-1}}{\bmod {p}}*q\equiv 2^{2x}+2^{x}+1

then every modular square is equivalent to:

{\frac {(2^{3x}-1)}{(2^{x}-1)}}-2^{x}-1{\bmod {p}}*q\equiv 2^{2x}

and every power root is defined as:

{\frac {(2^{3x}-1)}{(2^{x}-1)}}-2^{2x}-1{\bmod {p}}*q\equiv 2^{x}

Now viewers may say that ${\frac {(2^{3x}-1)}{(2^{x}-1)}}$ is a hard term to come up with, however, terms like this are possible. Note:

{\frac {2^{804-402-3}}{2^{401}}}{\bmod {8}}03\equiv {\frac {2^{15}(2^{93}-1)}{2^{5}(2^{31}-1)}}

So terms like the one needed are almost instantly possible to generate from moduli of $p*q$ .

The general equation is a polynomial where:

{\frac {(2^{4x}-1)}{(2^{x}-1)}}{\bmod {p}}*q\equiv 2^{3x}+2^{2x}+2^{x}+1

The general equation is (Neal Koblitz reports this as well in ):

{\frac {(2^{\alpha x}-1)}{(2^{x}-1)}}{\bmod {p}}*q\equiv 2^{(\alpha -1)x}+2^{(\alpha -2)x}+2^{2x}+2^{x}+1

As well:

{\frac {(2^{3x}-1)}{(2^{2x}-1)}}{\bmod {p}}*q\equiv {\frac {(2^{2x})}{(2^{x}+1)}}+1

{\frac {(2^{4x}-1)}{(2^{3x}-1)}}{\bmod {p}}*q\equiv {\frac {(2^{2x}+1)}{{\frac {(2^{2x})}{(2^{x}+1)}}+1}}

A Link Between The Two Equivalent Modular Square Roots

If you take one modular square root, let's say $16*16{\bmod {9}}49\equiv 256$ , you can get the other square root (in this case $673*673{\bmod {9}}49\equiv 256$ , by:

ChineseRemainder\},\{73,13\}]=673

You can get the modular square root of 1 by

ChineseRemainder\},\{p,q\}]={\sqrt {1}}{\bmod {p}}*q

You can get a quad root of 1 by

ChineseRemainder=1^{1/4}{\bmod {p}}*q

So, using this ChineseRemainder method you usually get the other root, but in the two cases just shown above you get the square root of the inputs.(Mathematica code is above). The last equation tends to indicate that there are no quad roots of 1 for 3 mod 4 semiprimes.

Square Root Of 1 mod P*Q Definition

Quoting from Wilson's theorem:

Gauss proved that if m > 2

\prod _{k=1 \atop \gcd(k,m)=1}^{m}\!\!k\ \equiv {\begin{cases}-1{\pmod {m}}&{\text{if }}m=4,\;p^{\alpha },\;2p^{\alpha }\\\;\;\,1{\pmod {m}}&{\text{otherwise}}\end{cases}}

where p is an odd prime, and $\alpha$ is a positive integer.

This means that the multiplication of all numbers up to (n-1)/2, where n=p*q, that are not factors of n will equal the square root of 1 mod p*q:

\prod _{k=1 \atop \gcd(k,m)=1}^{(m-1)/2}\!\!k\ \equiv {\begin{cases}\;\;\,{\sqrt {1}}{\pmod {m}}&\end{cases}}

As in the following mathematica statement:

Mod=6

where 6*6 mod 35 === 1.

This works since, GAUSS has proven (see above) that

Mod==1

and thus that

Mod=== Mod==1

As such

Mod===Mod

and since

Mod*Mod==1

then

Mod===1^(1/2) mod 35

Definition Of Square Root Of -1 Mod P*Q

Working from Gauss' definition above, we can see that in the case of a prime modulus that, for instance:

Mod==-1==4

Thus since

Mod==Mod==-1==4

the same proof outlined just above can be applied to prime moduluses for ${\sqrt {-1}}{\bmod {p}}$ . Namely, that:

Mod==2  where 2*2==4==-1 mod 5

As such (this is partially revealed in an earlier section):

ChineseRemainder,Mod},{5,13}]==57 mod 5*13 where 57*57 mod 5*13 == -1

This can be rewritten, given the ChineseRemainder statement above, as the following Mathematica statement:

Mod, 5 13]=57 where 57*57 mod 5*13==-1

I've only tested this out for 1 mod 4 semiprimes.

Another Definition Of The Square Root of 1 Mod P*Q

Since the following two equations are the equations for the two square roots of -1:

ChineseRemainder,Mod},{5,13}]

ChineseRemainder,Mod},{5,13}]

since the ${\sqrt {-1}}_{1}*{\sqrt {-1}}_{2}{\bmod {p*q}}\equiv {\sqrt {1}}$ then the following applies:

ChineseRemainder,Mod},{5,13}]*ChineseRemainder,Mod},{5,13}]=14

this can be converted into the following equation below by observing that the muliply sign outside the ChineseRemainder symbols can be applied within them as such:

Mod  , 5 13]=14 where 14*14 mod 65 === 1

and also where

Mod  , 5 13]=64 where 64 mod 65 === -1

The definition of the square root of 1 mod p*q shown in the first equation in this section can be rewritten, with knowledge of the Chinese Remainder theorum, to be:

Mod, 5 13]=14 where 14*14 mod 65 == 1

this semiprime works as well:

Mod, 17 13]=103 where 103*103 mod 17*13 = 1

P/(P-Q) mod PQ Seems To Be A Special Number In the MOD PQ Field

If you take $p(p-q)^{-1}{\bmod {p*q}}$ it has some unusual properties, the main one being that it is its own square and square root. For instance,

Mod, 89 29]=1335 where 1335*1355 mod 89*29===1335

Also,

Mod, 89 29]=1247

$-1335{\bmod {89*29}}\equiv 1246$ which is one off 1247.

This number has unusual properties.

By and large, any number that is $0{\bmod {p}}$ and $1{\bmod {q}}$ will be its own square or square root.

The difference between 1335 and 1247 is 88 which is $-{\sqrt {1}}{\bmod {89*29}}\equiv 88$ . Thus:

-(p*(p-q)^{-1})+1{\bmod {p*q}}\equiv (q*(q-p)^{-1})

and

(p*(p-q)^{-1})-(q*(q-p)^{-1}){\bmod {p*q}}\equiv -{\sqrt {1}}

Moreover, $(p*(p-q)^{-1}){\bmod {p*q}}\equiv (p*(p+q)^{-1})$

Because both self-square numbers described here for 89*29 (1247 and 1335) are either 0 mod p and 1 mod q or 1 mod p and 0 mod q, then the Product To Sum Theorum, described elsewhere in the blog, applies. Thus:

2^{p*q-1}\equiv 2^{p+q-2}{\bmod {p*q}}\equiv 2^{88+28}{\bmod {89*29}}\equiv 1247(2^{28})+1335(2^{88})\equiv 509\equiv 1247(2^{28})-1246(2^{88})

where $2*1247-1{\bmod {89*29}}\equiv -2*1335+1\equiv {\sqrt {1}}$ . This is another way to unwind the multiplication!

Because $1247*1355{\bmod {89*29}}\equiv 0$ then:

(1247(2^{14})-1335(2^{44}))^{2}{\bmod {89*29}}\equiv 1247(2^{28})+1335(2^{88})

and by switching the sign of one of the numbers the other square root is found. Thus:

1247(2^{14})-1335(2^{44}){\bmod {89*29}}\equiv {\sqrt {1}}*(1247(2^{14})+1335(2^{44}))

Constructing the Squareless Number and Algebra With The Squareless Number

The Squareless number has the Idempotent (ring theory) property for a P*Q modulus.

Quoting from the wiki article Idempotent (ring theory):

There are two nontrivial idempotent elements given by e = (1 − j)/2 and e = (1 + j)/2. Recall that idempotent means that ee = e and ee = e. Both of these elements are null:

$\lVert e\rVert =\lVert e^{*}\rVert =e^{*}e=0.$

Zero divisor has the following quote:

An idempotent element e!= 1 of a ring is always a two-sided zero divisor, since e(1-e)=0=(1-e)e} e(1-e)=0=(1-e)e

There are two idempotent numbers in a P*Q modulus, and the multiplication of both mod p*q is equivalent to 0. These are the Zero Divisors that James Cockles spoke about in his Tessarines.

As well, according to Split-quaternion,

Unlike the quaternion algebra, the split-quaternions contain nontrivial zero divisors, nilpotent elements, and idempotents. (For example, ⁠1/2⁠(1 + j) is an idempotent zero-divisor, and i − j is nilpotent.)

However, in modular arithmetic, there are no nilpotent numbers, according to the passage above:

(i-j)^{2}{\bmod {p*q}}\not {\!\!\equiv }0\equiv (568-2493)^{2}{\bmod {89*29}}\equiv 1890

So nilpotentacy is not a thing in modular arithmetic for tessarines. As a result, there can't be any Unipotent numbers in the P*Q field either.

These items apply to the two SQUARELESS numbers of P*Q modula. $j$ in the above equations equals ${\sqrt {1}}{\bmod {p*q}}$

According to you can construct the squareless number via:

89*(89^{-1}{\bmod {2}}9){\bmod {89*29}}\equiv 1335\equiv 89*15

p*(p^{-1}{\bmod {q}}){\bmod {p*q}}

Moreover, these is a type of definition of any square with regard to the squareless number. If $\alpha _{i}$ are the two squareless numbers of $p*q$ then:

(\alpha _{1}+\beta )*(\alpha _{2}+\beta ){\bmod {p*q}}\equiv \beta ^{2}+\beta

Thus, since the difference between the two squareless numbers is $\pm {\sqrt {1}}{\bmod {p*q}}$ then

(x^{2}){\bmod {p*q}}\equiv (\alpha _{1}+\beta )(\alpha _{2}\pm {\sqrt {1}}+\beta )\equiv \beta ^{2}+\beta \pm {\sqrt {1}}*x

This is a type of algebra. An example:

1360=1335+25

1360^{2}{\bmod {89*29}}\equiv 1604\equiv 25^{2}+25-2493*1360

Idempotent Numbers And 3/2 mod p*q

Working with the residue as a modular complex number and working with the inverse definition of a complex number, one can derive the following equate for all p*q modulus:

(idempotent_{1}+1)^{-1}+(idempotent_{2}+1)^{-1}{\bmod {p*q}}\equiv 3*2^{-1}

and

{\sqrt {1}}((idempotent_{1}+1)^{-1}-(idempotent_{2}+1)^{-1}){\bmod {p*q}}\equiv 1*2^{-1}

Dropping into Mathematica to come up with examples:

Mod+ PowerMod, 89 29] = 1292
Mod, 89 29]= 1292
Mod= 1335
Mod= 1247
here's an example of the minus of the two items.
Mod- PowerMod), 89 29]=1291
PowerMod=1291 
lets try another number
Mod + PowerMod, 101 73]= 3688
Mod, 101 73]= 3688
Mod= 6060
Mod= 1314
lets try a 3 mod 4 semiprime
Mod + PowerMod, 79 19]=752
Mod, 79 19]=752
Mod=1027
Mod=475

Determining that

(idempotent_{1}+1)^{-1}{\bmod {p*q}}\equiv (3+{\sqrt {1}})*4^{-1}

An example:

PowerMod=624 
Mod+ PowerMod, 89 29] = 1292
Mod - PowerMod), 
 89 29]=44= (-\sqrt{1}/2)
Mod, 89 29]=624
Mod), 89 29]=624

By symmetry

(idempotent_{2}+1)^{-1}{\bmod {p*q}}\equiv (3-{\sqrt {1}})*4^{-1}

Mod), 89 29]=668
PowerMod=668

These numbers bear some similarity to Eisenstein integer.

Similarly,

(idempotent_{1}+2)^{-1}+(idempotent_{2}+2)^{-1}{\bmod {p*q}}\equiv (3*2^{-1}+1)*3^{-1}

{\sqrt {1}}((idempotent_{1}+2)^{-1}-(idempotent_{2}+2)^{-1}){\bmod {p*q}}\equiv 5*(3*2^{-1}+1)*3^{-1}-4

(examples soon)

Dropping into Mathematica to come up with examples:

Mod+ PowerMod, 89 29] = (1292+1)/3 = 431
Mod, 89 29]= 1292
here's the example for the minus of the two squares: 2493 is square root of 1 mod 89*29
Mod- PowerMod), 89 29]=2151
Mod=2151
lets try another number
Mod + PowerMod, 101 73]= (3688+1)/3 = 6145
Mod, 101 73]= 3688
lets try a 3 mod 4 semiprime
Mod + PowerMod, 79 19]= (752+1)/3 = 251
Mod, 79 19]=752

Working with the definition of the Idempotent number in terms of P and Q given above we can make the following statements:

(P-Q)(((N)*P-Q)^{-1}-((N)Q-P)^{-1}){\bmod {P*Q}}\equiv N^{-1}+1

((N-1)*P)(N*P-Q)^{-1}+((N-1)*Q)(N*Q-P)^{-1}=-(N^{-1}-1)

Finally,

(P)(N*P-Q)^{-1}+(Q)(N*Q-P)^{-1}{\bmod {P*Q}}\equiv N^{-1}

This above equation establishes a new relationship between a residue mod p*q and its inverse!

My math blog has previously defined numbers in terms of powers of p and q. This is the first time I have defined ordinary residues in terms of p and q (not powers of p and q).

Some examples follow:

Mod - 
    PowerMod), 89 29]= 2
now take the inverse of 1 
PowerMod= 1
now take 7 as the multiplier
PowerMod=1475
Mod - 
    PowerMod), 89 29]=1476
this converts to
Mod - (6 29) PowerMod[
     7 29 - 89, -1, 89 29]), 89 29]=1474
or 
Mod + (6 29) PowerMod[
     7 29 - 89, -1, 89 29]), 89 29]= -1474
Finally,
Mod + ( 29) PowerMod), 89 29]=1475
now take 5 as the multiplier
PowerMod=2065
Mod - 
    PowerMod), 89 29]=2066
Mod + ( 29) PowerMod), 89 29]=2065
lets try a 3 mod 4 semiprime
Mod - 
    PowerMod), 79 19]=430
Mod +  19    PowerMod), 79 19]=429
PowerMod=429

Minusing the sign introduces the square root of 1 into the equation, as per some of my other examples:

((P)(N*P-Q)^{-1}-(Q)(N*Q-P)^{-1}){\bmod {P*Q}}\equiv -{\sqrt {1}}*N^{-1}

Mod - 
  29 PowerMod, 89 29]= 1750
Mod, 89 29]= 1750
Mod, 89 29]= 1700
Mod - 
  29 PowerMod, 89 29]= 1700

Finally, since there is a close relationship between the idempotent numbers and the square root of 1 mod p*q, we have the following equation

$(-{\sqrt {1}}+3)^{-1}+({\sqrt {1}}+3)^{-1}{\bmod {p*q}}\equiv 3*4^{-1}$

2493 is the square root of 1 for the 89*29 modulus
Mod + PowerMod, 89 29]= 646
Mod, 89 29]= 646

The Relationship Between The Squareless Number And The Square Root Of -1

The relationship between the Squareless number and the two Square Roots of -1 mod p*q are shown in the following equations:

568+2*1247*945{\bmod {89*29}}\equiv 945

-945+2*1335*568{\bmod {89*29}}\equiv 568

where 568 and 945 are the two square roots of -1 mod 89*29 and 1247 and 1335 are the two squareless numbers of 89*29.

Thus:

\pm {\sqrt {-1}}_{1}+2*\alpha _{1}*{\sqrt {-1}}_{2}{\bmod {p*q}}\equiv {\sqrt {-1}}_{2}

where $\alpha$ is one of the squareless numbers.

The Relationship Between The Squareless Number And The Quad Root Of 1

Also, $(1335+1247*568)^{2}{\bmod {89*29}}\equiv 88\equiv -{\sqrt {1}}$

Thus this is the definition of the quad root of 1. The other quad root ${\sqrt{1}}{\bmod {p*q}}$ is:

(1335-1247*568){\bmod {89*29}}

Thus the idempotent numbers of the p*q modulus provide the coefficients for the modular complex definition of the quad roots of 1 (this is only for 1 mod 4 semiprimes now). You can swap the idempotent numbers and change the square root of -1 to get the other quad roots.

The Relationship Between The Squareless Number And g^(p-1)-1 mod p*q

Since, $6060$ and $1314$ are squareless numbers mod $101*73$ , and $6060+1314{\bmod {101*73}}\equiv 1$ then

(6060+1314)*\alpha {\bmod {101*73}}\equiv \alpha \equiv 6060*\alpha +1314*\alpha

. Remember that since

6060{\bmod {101}}\equiv 0

and

1314{\bmod {73}}\equiv 0

any multiplication by

\alpha

will keep the mod equivalents. In other words

6060*\alpha {\bmod {101}}\equiv 0

and

1314*\alpha {\bmod {73}}\equiv 0

Thus since $g^{p-1}-1{\bmod {p}}\equiv 0$ and $g^{q-1}-1{\bmod {q}}\equiv 0$ , and since $g^{p*q-1}-1{\bmod {p*q}}\equiv (g^{p-1}-1)+(g^{q-1}-1)$ then

SQUARELESS_{{\bmod {p}}\equiv 0}*(g^{p*q-1}-1){\bmod {p*q}}\equiv g^{p-1}-1

SQUARELESS_{{\bmod {q}}\equiv 0}*(g^{p*q-1}-1){\bmod {p*q}}\equiv g^{q-1}-1

6060*(2^{101*73-1}-1){\bmod {101*73}}\equiv 2^{100}-1

1314*(2^{101*73-1}-1){\bmod {101*73}}\equiv 2^{72}-1

Thus, probably all of the sums of $x_{x{\bmod {p}}\equiv 0}+y_{y{\bmod {q}}\equiv 0}$ are derivable from the squareless numbers. This is a conjecture but if each $sum=X+Y$ only has one $x_{x{\bmod {p}}\equiv 0}+y_{y{\bmod {q}}\equiv 0}$ , then the conjecture is probably proved.

Thus the squareless numbers seem to be the anchors of the ring of numbers that are of the form: $x_{i{\bmod {p}}\equiv 0}+y_{y{\bmod {q}}\equiv 0}$ .

As well as $g^{p-1}-1{\bmod {p*q}}\equiv X*p$ and $g^{q-1}-1{\bmod {p*q}}\equiv Y*q$ then the equation for $X_{i}$ and $Y_{i}$ is now known:

where

g^{p-1}-1{\bmod {p*q}}\equiv X*p

then

X{\bmod {p*q}}\equiv \pm (p^{-1}{\bmod {q}})*(g^{p*q-1}-1){\bmod {q}}

where

g^{q-1}-1{\bmod {p*q}}\equiv Y*q

then

Y{\bmod {p*q}}\equiv \pm (q^{-1}{\bmod {p}})*(g^{p*q-1}-1){\bmod {p}}

Implications For RSA

In another section of this blog there is the claim that

1145^{1010}{\bmod {89*29}}\equiv 37*(37^{9*89}+37^{9*29}-37^{9})\equiv 2458

where

(23*1010-1)/(89*29)=9

With knowledge of the self-square numbers for $89*29$ of $1247$ and $1335$ then the above equation can be turned into:

1145^{1010}{\bmod {89*29}}\equiv 37^{10}*(1335*37^{9*88}+1247*37^{9*28})\equiv 2458

where

(23*1010-1)/(89*29)=9

1145^{1010}{\bmod {89*29}}\equiv 37^{10}*(1335*37^{88}+1247*37^{28})^{9}\equiv 2458

Another equation that can be made from this melange is:

1335*37^{9*29}+1247*37^{9*89}{\bmod {89*29}}\equiv 37^{9}\equiv 1639

all powers can be redrawn as sums of powers using P and Q

1335*37^{3*29}+1247*37^{3*89}{\bmod {89*29}}\equiv 37^{3}\equiv 1614

where $1335*37+1247*37{\bmod {89*29}}\equiv 37$

The Base Can Be Changed

or we can change the base of the powers to $1247*37$ and $1335*37$

1145^{1010}{\bmod {89*29}}\equiv 37^{10}*((1335*37)^{88}+(1247*37)^{28})^{9}\equiv 2458

In other words:

1335*37^{88}{\bmod {89*29}}\equiv (1335*37)^{88}

For instance,

Mod=712

and

Mod=712

Mod=712  where 2493 is square root of 1 mod 89*29

For instance:

Mod==981==Mod

and

Mod==981

For instance, with an rsa key of 23 then the base can be changed in the following equation:

Mod==915==Mod

This equals

Mod==915

The Product To Sum theorum of RSA semiprimes

If $p$ and $q$ are odd primes and

2^{x}{\bmod {p}}\equiv 1or-1

and

2^{y}{\bmod {q}}\equiv 1or-1

then the product of these

2^{x}2^{y}{\bmod {p}}*q\equiv \pm 2^{x}\pm 2^{y}\pm 1{\bmod {p}}*q

The sum or subtraction of the powers will be one off the product of the powers. This type of equivalence happens for

2^{p-1}|2^{(p-1)/2}|2^{q-1}|2^{(q-1)/2}|{\sqrt {1}}

Basically, any combination of the $p$ and $q$ powers above will yield a similarity between the product of these powers and the sum of the powers. The signs of the sums will change according to whether the congruence is $1$ or $-1$ .

Normally, the ${\sqrt {1}}$ is:

{\sqrt {1}}{\bmod {p}}*q{\bmod {p}}\equiv 1

{\sqrt {1}}{\bmod {p}}*q{\bmod {q}}\equiv -1

so it partakes of this relationship (theorum) as well.

Sometimes the quad root of 1 ( $1^{1/4}{\bmod {p}}*q$ and $1^{3/4}{\bmod {p}}*q$ ) and also the square root of -1 ( ${\sqrt {-1}}_{x}{\bmod {p}}*q$ ) also partake of this theorum as well.

Thus,

2^{p-q}{\bmod {p}}*q\equiv \pm 2^{p-1}\pm 2^{-(q-1)}\pm 1

2^{72}+2^{-10}-1{\bmod {7}}3*11\equiv 2^{73-11}

2^{72}{\bmod {7}}3\equiv 1

2^{-10}{\bmod {1}}1\equiv 1

so both signs will be pluses.

Since

2^{36}{\bmod {7}}3\equiv 1

2^{5}{\bmod {1}}1\equiv -1

-2^{36}+2^{5}{\bmod {7}}3*11\equiv 2^{36+5}-1{\bmod {7}}3*11

as the sign of the terms is switched among the terms due to polynomial expansion since:

2^{36}{\bmod {7}}3=\alpha 73+1

2^{5}{\bmod {1}}1=\beta 11-1

and

2^{36}2^{5}\equiv (\alpha 73+1)(\beta 11-1){\bmod {7}}3*11

Now

(\alpha 73)(\beta 11){\bmod {7}}3*11\equiv 0

The other three terms of the multiplication are:

(-1)(2^{36}-1)+(1)(2^{5}+1)-1=-2^{36}+2^{5}+1

This resulting residual is equal to $2^{41}$

This theorum is a type of analogue, among modular powers, to the Parallelogram law, which works on squares.

Even RSA can be manipulated with the Product To Sum Theorum

If we take $e=3$ and $p*q=89*29$ then $e^{-1}{\bmod {89*29}}\equiv 1721$

Please note that $(3*1721-1)/(89*29)=2$ and for this example $m=37$ :

m^{3}{\bmod {89*29}}\equiv 1614

1614^{1721}{\bmod {89*29}}\equiv 37^{1+2(89+29-1)}\equiv 902

If we divide the cipher, $37^{3}$ , which we know, away from $902$ then:

37^{1+2(89+29-1)-3}{\bmod {89*29}}\equiv 37^{2(88+28)}\equiv 2137

This is perfect for the Product To Sum theorum shown in the just previous section. As such

37^{2*88}+37^{2*28}{\bmod {89*29}}\equiv 2137+1

So either $m^{2*(p-1)+2*(q-1)}{\bmod {p*q}}$ or $m^{2*(p-1)}+m^{2*(q-1)}{\bmod {p*q}}$ can be derived from a public encryption key of 3.

With the example given, note that $2*88{\bmod {3}}\equiv 2$ and $2*28{\bmod {3}}\equiv 2$ as well, although $2*(89*29-1)-3{\bmod {3}}\equiv 0$

All modular cube roots could be expressed again as the sum of powers of 2(p-1) and 2(q-1). Thus the cube root, or the base, can be expressed as more than one power, not just one.

With A Public Key of 23

Using $e=23$ , $m=37$ modulus of $89*29$ , $c=37^{23}{\bmod {89*29}}\equiv 1145$ (which is known) and noting that $23^{-1}{\bmod {89*29}}\equiv 1010$ then, after some steps of algebra I am not showing:

1145^{1010}{\bmod {89*29}}\equiv 37*(37^{9*89}+37^{9*29}-37^{9})\equiv 2458

where

(23*1010-1)/(89*29)=9

Thus, it looks like the general equation where any nth root, given $root^{power}{\bmod {p*q}}$ can be rewritten in terms of the powers of p and q is:

c^{e^{-1}{\bmod {p*q}}}{\bmod {p*q}}\equiv m*(m^{x*p}+m^{x*q}-m^{x})

where

(e*(e^{-1}{\bmod {p*q}})-1)/(p*q)=x

and x and c are known.

This accords with the section directly below this post which says that all modular powers are the sum or subtraction of 3 other modular powers!

A definition of One mod p*q

By the Product To Sum theorum given above, it follows that one is:

g^{P-1}+g^{Q-1}-g^{P+Q-2}{\bmod {p*q}}\equiv 1

It thus follows that all bases of powers, ie., $g^{1}{\bmod {p*q}}$ , can be defined as:

g^{P}+g^{Q}-g^{P+Q-1}{\bmod {p*q}}\equiv g

and that all powers of $g^{n}{\bmod {p*q}}$ can be defined as:

g^{P-1+n}+g^{Q-1+n}-g^{P+Q-2+n}{\bmod {p*q}}\equiv g^{n}

Since $g^{e}{\bmod {p*q}}$ is an RSA operation, this has implications for RSA.

All Modular Powers are the sum or subtraction of three powers (of moduli RSA Semiprimes)

As in the preceding section:

2^{p-q}{\bmod {p}}*q\equiv \pm 2^{p-1}\pm 2^{-(q-1)}\pm 1

2^{72}+2^{-10}-1{\bmod {7}}3*11\equiv 2^{73-11}

it follows that any power can be expressed via $2^{p-q}2^{x}$ . Thus,

2^{p-q}2^{x}{\bmod {p}}*q\equiv \pm 2^{p-1+x}\pm 2^{-(q-1)+x}\pm 2^{0+x}

2^{72+20}+2^{-10+20}-2^{20}{\bmod {7}}3*11\equiv 2^{62+20}

As such, since $2^{90}{\bmod {8}}03\equiv 1$ and $2^{41}\equiv 2^{31}+2^{5}-2^{-5}{\bmod {8}}03$ then:

1{\bmod {8}}03\equiv 2^{80}+2^{54}-2^{44}{\bmod {8}}03

{\sqrt {1}}{\bmod {8}}03\equiv 2^{35}+2^{9}-2^{-1}{\bmod {8}}03

This result seems to be like, for modular numbers, Legendre's_three-square_theorem.

With the Use of a Small Third Prime, X, you can find candidates of the equivalency of (p-1 mod (x-1)) and (q-1 mod (x-1)) when only p*q is known

Iterate all the possibilities of $x_{1}$ and $x_{2}$ through the equivalency:

x_{1}x_{2}+x_{1}+x_{2}{\bmod {(}}x-1)\equiv pq-1{\bmod {(}}x-1)

The mathematica code for this follows:

SetPairTest := 
 Module[{a1, a2, EnumerateSet},
  EnumerateSet = { };
  Print;
  Print, " q-1=", 
    Mod}];
  For[a1 = 0, a1 < x - 1, a1 += 2,
   For[a2 = 0, a2 < x - 1, a2 += 2,
     If && 
        FreeQ && 
        Mod == Mod,
       EnumerateSet = Append;
       ];
     ];
   ];
  Print;
]

Some code executions follow:

SetPairTest69, NextPrime, 11] {p=,5011, q=,823, x=,11} {The correct answer is: p-1=,0, q-1=,2} Candidates are:{{0,2},{6,8}}

SetPairTest69, NextPrime, 37] {p=,5011, q=,823, x=,37} {The correct answer is: p-1=,6, q-1=,30} Candidates are: {{0,0},{4,28},{6,30},{10,22},{12,24},{16,16},{18,18},{34,34}}

SetPairTest69, NextPrime, 37] {p=,5077, q=,857, x=,37} {The correct answer is: p-1=,0, q-1=,28} Candidates are: {{0,28},{4,12},{6,34},{10,18},{16,24},{22,30}} In this case of six answers to x=37, as in this P*Q pair, p-1+q-1 mod 12 = 4 and p-q mod 36 = 8 or q-p mod 36 = 28

Some Notes: Approximately, half the square root of all the possibilities for the pairs of $p-1{\bmod {x}}-1$ and $q-1{\bmod {(}}x-1)$ are shown of $p*q$ where $p$ and $q$ are not known. Among this list of candidates for $p-1$ and $q-1$ , $1/4$ of these number of possibilities will be the candidates for $p-q{\bmod {x}}-1$ .

Thus for $x=37$ there will be:

6 possibilities for

p-1{\bmod {x}}-1

and

q-1{\bmod {x}}-1

when

p-1{\bmod {6}}=4

and

q-1{\bmod {6}}=0

or vice versa. Of these 6 possibilities there will be agreement on

p+q{\bmod {1}}2

and either $p-q{\bmod {3}}6$ or $q-p{\bmod {3}}6$ will be definitely known.

8 possibilities for

p-1{\bmod {x}}-1

and

q-1{\bmod {x}}-1

when

p-1{\bmod {6}}=4

and

q-1{\bmod {6}}=4

or when

p-1{\bmod {6}}=0

and

q-1{\bmod {6}}=0

My question is: in the case of the 6 possibilities for the $x=37$ is definite knowledge of $p$ and $q$ known since $p+q{\bmod {1}}2$ is known and either $p-q{\bmod {3}}6$ or $q-p{\bmod {3}}6$ is known.

As it turns out, $5077+857{\bmod {1}}2$ can be derived from $p*q$ via:

5077*857{\bmod {4}}=1

1*1

3*3

5077*857{\bmod {3}}=2

1*2

by taking the Chinese Remainder of mods 4 and 3 (to get 12 as the result mod) you will get 6 for both possibilities.

So while this algorithm knows $p+q{\bmod {1}}2$ this is not new knowledge. That means that the claim that either $p-q{\bmod {3}}6$ or $q-p{\bmod {3}}6$ remains possible new knowledge.

By decomposing $p-q{\bmod {3}}6$ , using the Chinese Remainder Theorum, into $p-q{\bmod {4}}$ and $p-q{\bmod {9}}$ it can be shown that $p-q{\bmod {3}}$ or $q-p{\bmod {3}}$ is derivable from examination of $p*q\mod 3$ . As such, it appears any new knowledge from the algorithm above would be in the form of $p-q{\bmod {9}}$ or $q-p{\bmod {9}}$ . Since $p-q{\bmod {3}}$ is known therefore the new knowledge would either be $(p-q{\bmod {3}})+0$ , $(p-q{\bmod {3}})+3$ or $(p-q{\bmod {3}})+6$ . If there is a way to derive $p-q{\bmod {9}}$ and/or $q-p{\bmod {9}}$ then the algorithm I show above would not have new knowledge in the case of $x=37$ . But if this sum were not derivable from examination of $p*q$ , then this algorithm would show new knowledge.

By solving the following problem in Mathematica:

Since

5077*857{\bmod {9}}=2

and:

Solve

you get the following answers:

{{a -> 1, b -> 2}, {a -> 2, b -> 1}, {a -> 4, b -> 5}, {a -> 5,
  b -> 4}, {a -> 7, b -> 8}, {a -> 8, b -> 7}}

As can be seen all the $a-b$ and $b-a$ resolve to $1$ or $-1$ . This is what we get from $8{\bmod {3}}6$ or $-8{\bmod {3}}6$ , so, amazingly, there is NO new knowledge in the case of $x=37$ that is not derivable from $p*q$ .

There is still the reduced set of $p$ 's and $q$ 's.

A Third Modulus Transforms the Hard PQ division problem into a BE modular residue problem

A Third Modulus Transforms the Hard P*Q division problem into a B*E modular residue problem that is solvable when

(p-q)/4<{\sqrt {q}}

2) the resulting

B*E{\bmod {p}}-b*4

residue is a square (as a product, not necessarily as a residue).

3) Combined Divisor Methods

Considering that all RSA semiprimes are $3{\bmod {4}}$ you can pick a modulus between $P$ and $Q$ (try the $3{\bmod {4}}$ number closest to ${\sqrt {p*q}}$ ). The resulting new modulus, $x$ , is $x=p-b*4=q+e*4$ . Given this new modulus, the following equation holds:

-P*Q*16^{-1}{\bmod {X}}\equiv B*E{\bmod {X}}

where

X=P-B*4

and

X=Q+E*4

and

(P*Q)^{2}*64^{-1}{\bmod {X}}^{2}\equiv B*E(-2*b*q-12*b*e+2*e*p){\bmod {X}}^{2}

where

X=P-B*4

and

X=Q+E*4

and where

(p*q-x^{2})/4==-b*q+e*p-4*b*e

When P And Q Are Close Enough Together

When P and Q are close together, $(p-q)/4<{\sqrt {q}}$ , then $B*E{\bmod {X}}$ is a product, not a residue. As such it can be factored and two of the divisors of this factorisation will either be $B$ and the other $E$ . With $B$ known and $P-B*4$ known, it is easily possible to discover $P$ .

Example:

Take

P=5003

and

Q=4831

(5003-4831)=172<{\sqrt {4831}}

(around

220

Next take the first number that is 3 mod 4 before the square root of 5003*4831 (that's the modulus we are studying)

4903

is close enough.

Then we do the following simple equation (expressed in mathematica)

Mod, 4903]=450

450

, in this case, is the product:

18*25=450

As such the following equation is true:

4903=4831+4*18=5003-25*4

Q+4*e=P-B*4=4903

E=18

and

B=25

As such we can take

4903-18*4=4831

4903+25*4=5003

When B*E Is A Square

When $B*E{\bmod {X}}$ is a square (the product which the residue represents is a square, the residue doesn't need to be a square), $P$ and $Q$ are often discoverable as well.

Example:

Q=4003

P=221603

X=Q+120*120*4=P-200*200*4=61603

E=120*120

B=200*200

The Mathematica for this is:

Mod, 61603] = 11950 (in mathematica)

(notice the residue, 11950, is not a square but it represents a product that is a square)

Now take the modular square root (which we can do because 61603 is a prime):

{\sqrt {11950}}{\bmod {6}}1603\equiv 24000

Now, simply, square this above number to get our B*E as a product, not a residue

24000*24000=57600000=120*120*200*200=b*e

(as a product, not a residue).

Pretty simple isn't it. So the mighty P*Q (of large prime numbers) does have some holes in it. Some P*Q combinations (no matter how big) are easily factorable. So start out with a modulus near the square root of P*Q, take the modular square root and see if the answer was a square. If it isn't, increment the modulus by 4 and try again. After approximately ${\sqrt {P-Q}}$ attempts you will have a product, $B*E$ , that is a square and you will have your answer (if $B*E{\bmod {X}}$ does have a modular square root!).

I roughly estimate that when $P$ is approximately 2 times $Q$ that the numbers of modulus you need to try is $(P*Q)^{1/4}$ . However, a word of caution: the modular square root operation is a relatively slow operation, and the factoring and seiving of the divisors is also relatively slow.

Combined Divisor Methods

According to once either $p{\bmod {Y}}_{1}$ and $q{\bmod {Y}}_{2}$ is known, one can pick a modulus, $X$ , which is both $X{\bmod {Y}}_{1}\equiv p{\bmod {Y}}_{1}$ and $X{\bmod {Y}}_{2}\equiv q{\bmod {Y}}_{2}$ . When this happens then $p-X$ will be a multiple of $Y_{1}$ , and $X-q$ will also be a multiple of $Y_{2}$ . As such it will be possible to divide by $Y_{1}*Y_{2}$ and reduce, or implode, the product. If $Y_{1}*Y_{2}$ is big enough, then the remainder of $b_{1}*e_{1}$ stops being a remainder and starts being a product. At this point you can factor $b_{1}*e_{1}$ and reconstitute

p=X+b_{1}*Y_{1}

q=X-e_{1}*Y_{2}

Note: This method of deriving $p$ or $q$ is equivalent to the traditional Chinese Remainder Methods where $p{\bmod {Y}}_{1}$ and $p{\bmod {Y}}_{2}$ are known and used to derive $p{\bmod {Y}}_{1}*Y_{2}$ . This is because, knowing $q{\bmod {Y}}_{2}$ one can always derive $p{\bmod {Y}}_{2}$ via the equation:

(p_{x1}-1)(q_{x2}-1)+(p_{x1}-1)+(q_{x2}-1){\bmod {Y}}\equiv P*Q-1

However, there are two cases where this method of imploding the product is superior to traditional Chinese Remainder methods.

Factors of X can't divide B*E, except P and Q

Besides $p$ and $q$ no factor of the modulus, $X$ , can evenly divide $b*e$ in the following equation:

-p*q{\bmod {X}}\equiv b*e

As a factor of the modulus, $X$ , is by definition $0{\bmod {X}}$ and only $p$ and $q$ are $0{\bmod {p}}*q$ where $p$ and $q$ are both primes.

People may legitimately ask whether it is possible for a factor of modulus $X$ to divide a sum under that modulus. This is true, but the theorum is still relevant because the factor of $X$ can't be a factor, not just that it can be a factor that can't be divided by.

Factors Of Pq-1 Are Candidates To Divide BE

Since common factors of (p-1) and (q-1) are also present in the factorisation of p*q-1, factors of p*q-1 are candidates for divisors of B*E when $X\equiv 1{\bmod {Y}}$ where $Y$ is a common factor of (p-1) and (q-1), and thus also a factor of p*q-1.

How To Find Common Factors Of P-Q or P+Q At Twice The Random Rate

As it works out

(p-m)(q-n)+(p+m)(q+n)==2*p*q+2*m*n

and

(p-m)(q+n)+(p+m)(q-n)==2*p*q-2*m*n

Most times, though you are interested in the case where $m*n$ is a square as in $n*n$ . In this case

(p-n)(q-n)+(p+n)(q+n)==2*p*q+2*n^{2}

and

(p-n)(q+n)+(p+n)(q-n)==2*p*q-2*n^{2}

In the first equation when there is a common factor between $(p-n)$ and $(q+n)$ this common factor will appear in the whole sum: $2*p*q+2*n^{2}$ . This common factor will also be a factor of $p+q$ since $p-n+q+n==p+q$ .

Likewise when there is a common factor between $(p+n)$ and $(q-n)$ this common factor will also appear in $2*p*q+2*n^{2}$ .

Since there are two possible common factors at play, then it is twice as common as random that a factor of $(p+q)$ will appear in an iteration of, say, $2*p*q+2*n^{2}$ where $n=1$ to $30$ . In this way it is quite easy to come up with a small factor of $(p+q)$ , although a big factor is still hard to obtain.

Likewise, taking the equation:

(p-n)(q+n)+(p+n)(q-n)==2*p*q-2*n^{2}

it is twice as likely that a factor of $(p-q)$ will appear in an iteration of the above equation (where n goes from 1 to 30, say). In this case common factors may appear in $(p-n)$ and $(q-n)$ . The subtraction of these: $(p-n)-(q-n)==(p-q)$ .

Both factors of $(p+q)$ and $(p-q)$ can be evenly divided from the sum $-p*q{\bmod {X}}$ . Factors of $(p+q)$ can be divided once and factors of $(p-q)$ can be divided twice (by the square).

A Factor Of (p-q) and A Factor of (p+q) combined together is the following

If you take a factor of $(p-q)$ , a factor of $(p+q)$ , and divide them, you get the following:

when

(89-29)=60=12*5

and

(89+29)=118=2*59

then

59*5^{-1}{\bmod {89*29}}\equiv -2493*(12)*2^{-1}{\bmod {89*29}}\equiv 528

Since:

((89-60)/12)^{-1}*(89+29)/2){\bmod {89*29}}\equiv 5^{-1}*59

and

(89-60)^{-1}*(89+29){\bmod {89*29}}\equiv 2493\equiv {\sqrt {1}}

and

2^{-1}*(12^{-1})^{-1}==2^{-1}*12

thus the switch between the denominator and the numerator of the other factors.

If you square this then you get:

12^{2}*2^{-2}{\bmod {89*29}}\equiv 36

which are the other factors of (p-q) and (p+q) besides 5 and 12.

As well:

${\sqrt {1}}{\bmod {89*29}}\equiv \pm (p-q)(p+q)^{-1}\equiv \pm (p+q)(p-q)^{-1}$

Since the section above shows how to get a few possible small candidates of factors of (p-q) and factors of (p+q), we can get the fraction of the large factors of (p-q) and (p+q).

If we take , the largest RSA number factored so far, the factorization of (p-q) is:

{{3, 1}, {13, 1}, {2663267, 1}, {1220501291, 1}, {1841645951176282753,
   1}, {13997633621862976969633164898062916727, 1}}

and the factorisation of (p+q) is:

{{863, 1}, {39685579, 1}, {57151500641, 
  1}, {35876917512866434717253057870281548347589681335861687, 1}}

If we can iterate the factors of (p+q) and the factors of (p-q) at twice the random rate then we can find 13 and 863, the least of the factors involved in the two sums, in around (1 million)/4 possibilities (and 500 factorizations of p*q+n^2 and 500 factorisations of p*q-n^2), which is possibly achievable using Mathematica or any other number of math packages.

Equivalent Square Considerations

Take a mathematica equation showing the iteration of $p*q+n^{2}$ below. Note that the factorisation of this sum is important.

Table, GCD, 
   FactorInteger}, {x, 0, 30}] // Grid
0	1	1	{{331,1},{1013,1}}
1	4	6	{{2,3},{3,2},{4657,1}}
2	3	7	{{3,1},{7,2},{2281,1}}
3	2	8	{{2,4},{19,1},{1103,1}}
4	1	3	{{3,1},{111773,1}}
5	336	2	{{2,5},{3,1},{7,1},{499,1}}
6	1	1	{{41,1},{8179,1}}
7	2	12	{{2,3},{3,1},{89,1},{157,1}}
8	3	1	{{3,3},{12421,1}}
9	4	14	{{2,3},{7,1},{53,1},{113,1}}
10	1	3	{{3,2},{83,1},{449,1}}
11	6	64	{{2,6},{3,1},{1747,1}}
12	7	1	{{7,1},{173,1},{277,1}}
13	8	6	{{2,4},{3,1},{29,1},{241,1}}
14	3	1	{{3,1},{111833,1}}
15	2	4	{{2,3},{41941,1}}
16	1	21	{{3,1},{7,1},{19,1},{29,2}}
17	12	2	{{2,3},{3,2},{59,1},{79,1}}
18	1	1	{{37,1},{47,1},{193,1}}
19	14	24	{{2,4},{3,4},{7,1},{37,1}}
20	3	1	{{3,1},{317,1},{353,1}}
21	32	2	{{2,7},{43,1},{61,1}}
22	1	3	{{3,1},{19,1},{43,1},{137,1}}
23	6	28	{{2,3},{3,1},{7,1},{1999,1}}
24	1	1	{{335879,1}}
25	4	6	{{2,3},{3,1},{13997,1}}
26	21	1	{{3,2},{7,1},{5333,1}}
27	2	16	{{2,5},{10501,1}}
28	1	3	{{3,2},{107,1},{349,1}}
29	24	2	{{2,4},{3,1},{47,1},{149,1}}
30	1	7	{{7,1},{48029,1}}

Note in the fifth iteration that there is a factor of seven. Seven also appears as a factor in the 12th iteration, or the (5+7) iteration.

If we were to multiply the 5th iteration with the 12th, we would have a case where the 7 factor was now a square. If we were then to take the (5+3) iteration (since there is a 3 factor in the fifth iteration) and multiply it with the 5th were would have a case where the resulting equation had a 3 as a square. Don't forget that $n^{2}$ is always a square. If we were to take some time and using this method construct a equation that was totally a square then we would have equivalent squares. Equivalent squares is usually enough to factor $p$ and $q$ .

Example 1

Given:

p=50021

q=45007

50021{\bmod {5}}3\equiv 42

45007{\bmod {5}}9\equiv 49

Now make the modulus, $X$ , via

46364{\bmod {5}}3\equiv 42

and

46364{\bmod {5}}9\equiv 49

Taking the naiive equation:

-50021*45007{\bmod {4}}6364\equiv 3657*1357\equiv 1601

Now take the augmented equation:

-50021*45007*(53*59)^{-1}{\bmod {4}}6364\equiv 69*23\equiv 1587

Note that $69*53=3657$ and that $23*59=1357$

Thus, the product (not the remainder) has been successfully divided, or imploded, to a smaller product and that:

p=46364+69*53

q=46364-23*59

Example 2: When Y Is A Factor Of P-Q

This method of imploding the product is superior to Traditional Chinese Remainder Methods when the divisor, $Y$ , is a divisor of $p-q$ . In this situation then $p{\bmod {Y}}\equiv q{\bmod {Y}}$ and $Y^{2}$ can be used as the divisors. Thus, if $Y\approx {\sqrt {p-q}}$ then $p$ and $q$ can be determined from $p*q$

Given:

p=50021

q=45007

46

is a divisor of

50021-45007

50021{\bmod {4}}6\equiv 19

45007{\bmod {4}}6\equiv 19

Now make the modulus, $X$ where $X{\bmod {4}}6\equiv 19$ then $47445$ will do.

Now note that the naiive equation is:

-50021*45007{\bmod {4}}7445\equiv 2576*2438\equiv 17548

and the augmented equation is:

-50021*45007*46^{-2}{\bmod {4}}7445\equiv 56*53\equiv 2968

and that:

p=47445+56*46

q=47445-53*46

Note that you cannot determine $p$ and $q$ solely from knowledge of $50021-45007{\bmod {4}}6\equiv 0$ and $50021{\bmod {4}}6\equiv 19$ solely using the Chinese Remainder Theorum!

When X Is A Factor Of P-Q

Note that when the third modulus, X, is a factor of P-Q, then both B and E can be determined by a modula square root of $-B*E{\bmod {X}}$ .

5003-2003=3000=2^{3}*3*5^{3}

As such let's take $125=5^{3}$ to be the modulus, which is a factor of P-Q:

-5003*2003{\bmod {125}}\equiv 116

Note that

(5003-125)=4878=b

(125-2003)=-1878=e

4878*(-1878){\bmod {125}}\equiv 116

Since $b+e=p-q$ and $5003-2003{\bmod {125}}\equiv 0$ then $4878+(-1878){\bmod {125}}\equiv 0$ then,

-4878{\bmod {125}}\equiv -1878

and so:

-116{\bmod {125}}\equiv 4878^{2}\equiv (-1878)^{2}

As such we can take the modular square root of the modulus, since it's prime factorisation is known, and:

{\sqrt {-116}}{\bmod {125}}\equiv 3

Thus, $b\equiv 3$ and $e\equiv (-3){\bmod {125}}\equiv 122$ .

Thus, if a factor of $P-Q$ is known then $B$ and $E$ can be worked out. Note that it is possible to find at twice the random rate the factors of $P-Q$ . This is worked out in the section Common Factors of P-Q at twice the random rate

When X Is A (Factor Of P-Q)^2

Let's take, from the above example, the case where $125*125$ is the modulus, $X$ for $P=5003$ and $Q=2003$ .

Since $125*125-5003*2003=(-4878+(-1878))*125+4878*(-1878)=-10005384$ , then $b=4878$ and $e=-1878$ .

Since $4878{\bmod {125}}\equiv 3$ and $-1878{\bmod {125}}\equiv -3$ then the equation above can be rewritten for the modulus: $125*125$ as: $(-3-3)*125+4878*(-1878){\bmod {125*125}}\equiv 10241$ . So adding $6*125+10241{\bmod {125*125}}\equiv 4878*(-1878)\equiv 10991\equiv b*e$ .

From $b*e{\bmod {125*125}}\equiv 10991$ we can construct $b-e{\bmod {125*125}}$ by the following manner:

b{\bmod {125*125}}\equiv 39*125+3

e{\bmod {125*125}}\equiv -15*125-3

Thus:

10991{\bmod {125*125}}\equiv (39*125+3)(-15*125-3)

So:

10991-(-3)(3){\bmod {125*125}}\equiv (-3)*(39*125)+3*(-15*125)\equiv 11000

If we divide by the common term, 3, and minus by 6 (the addition of 3 and 3) then we get:

$-(39*125)-3+(-15*125)-3{\bmod {125*125}}\equiv 8869\equiv -4878+(-1878)\equiv -b+e$

As such we can minus $-10005384-8869*125{\bmod {125^{3}}}\equiv 604741\equiv 4878*(-1878){\bmod {125^{3}}}\equiv b*e{\bmod {125^{3}}}$

The Bad Stuff That Happens When There Are Common Factors Between (P-1) and (Q-1)

If there is a common factor between $p-1$ and $q-1$ , then this will also be a factor of $p*q-1$ , since

p*q-1==(p-1)*(q-1)+(p-1)+(q-1)

Accordingly, any common factor of $p-1$ and $q-1$ will appear also in $p*q-1$ . Many factors of $p*q-1$ will not be factors of $p-1$ and $q-1$ but all common factors will be.

As well any common factor of $p-1$ and $q-1$ will also be a factor of $p-q$ ! As such, the square of any such factor can be divided as per the example just above this section.

Furthermore, the square of a common factor, shown just above, is a factor of the totient of $p*q$ , and it is possible to find out the decryption key of an RSA triple (Encypt key, Decrypt key, Modulus) mod the square of the common factor:

Example 1

Given:

P=39343

P-1=2*3*79*83

Q=8467

Q-1=2*3*17*83

P*Q=39343*8467

P*Q-1=2^{2}*3^{2}*5*11*83*2027

As you can see above, $83$ is the common factor. Common factors will always appear in the factorisation of $p*q-1$ but not every factor of this sum will be a common factor. McKee and Pinch also note that the common factor of p-1 and q-1 can be found in the factorisation of p*q-1

The Implications For RSA

This common factor will have implications for RSA.

Given:

e=23

n=8467*39343

8466=102*83

39342=474*83

d{\bmod {(}}83*83)\equiv 23^{-1}{\bmod {(}}83*83)\equiv 6290

totient=8466*39342=48348*(83*83)

d=318588095{\bmod {3}}9342*8466

318588095{\bmod {(}}83*83)\equiv 6290

46245*83*83+6290==318588095

8467*39343+1{\bmod {(}}83*83)\equiv 8467+39343{\bmod {(}}83*83)\equiv 6476

So some information about the private key is leaked, specifically $d{\bmod {C}}ommonFactor^{2}$ . As well, a factor of $p-q$ is revealed so my product implosion scheme is invoked.

So it is never a good idea to have a common factor between $p-1$ and $q-1$ except perhaps 2 or 3. I have looked at current RSA key generation methods and none of them explicitly mention that common factors between $p-1$ and $q-1$ should be avoided. I think that the RSA key generation protocols should include this prohibition! KoblitZ also enjoins against large GCD(p-1,q-1) in his public key cryptography book The original RSA paper also made note of this

Looking At The Openssl RSA Key Generation Code For Common Factors

I have checked through the key generation code of the openssl ssl code. I hacked it to report the greatest common divisor of p-1 and q-1. I then ran 100 key generations. It only had greatest common divisors of 2, 4 , 8, and 16. There were no other primes reported besides small powers of 2.

Viktor Dukhovni, from the newsgroup, reports, after looking at the rsa key generation code of openssl, that p-1 and q-1 are both checked for the first 2048 factors (up to 17863). As such they are not possible as factors of either p-1 or q-1. However, common factors higher than 17863 are possible as factors of both p-1 and q-1, however it takes 20,000 key generations (not in safe mode) before such an event happens. He managed to get a common factor of gcd(p-1,q-1) = 2 * 28559 from the following 1024 bit rsa generated key (factorisation of p*q-1 is shown):

n-1 = 2 * 3^3 * 7 * 13 * 67 * 2399 * 28559 *

5485062554686449262177590194597345407327047899375366044215091312099734701911004226037445837630559113651708968440813791318544450398897628 67234233761906471233193768567784328338581360170038166729050302672416075037390699071355182394190448204086007354388034161296410061846686501 4941425056336718955019

Any rsa key generation in SAFE mode will always have a gcd(p-1,q-1)=2, so SAFE mode always avoids common factors. The conclusion is that openssl code can have common factors (must be above 17863) in its rsa keys every 20,000 key generations or so when not generated in SAFE mode, and that at this time approximately 30 bits of the totient will be revealed out of the 1024 bits of the full totient. There is, of course, no way of knowing which of the 20,000 key generations will have the common factors, but since OpenSource SSL generates at least 20,000 rsa keys each week, it can be surmised, from the test above, that 30 bits of the rsa totient are leaked every week somewhere around the world.

Splitting the message into two products of the cipher

Let's say that the message is $37$ and that the cipher is $37^{23}{\bmod {8467*39343}}\equiv 148815052$ , because $6290{\bmod {83*83}}\equiv d$ and that $d\equiv 46245*(83*83)+6290$ then the message, $37$ can be split into two powers based on the cipher such as:

148815052^{6290}*148815052^{46245*83*83}{\bmod {8467*39343}}\equiv 37

Therefore:

148815052*148815052^{-6290}{\bmod {8467*39343}}\equiv 37^{22}*148815052^{46245*83*83}\equiv 146993011

148815052*148815052^{-13*6290}{\bmod {8467*39343}}\equiv 37^{10}*148815052^{13*46245*83*83}\equiv 285574110

148815052*148815052^{-23*6290}{\bmod {8467*39343}}\equiv 148815052^{23*46245*83*83}\equiv 253503289

Now:

148815052*148815052^{-22*6290}{\bmod {8467*39343}}\equiv 37*148815052^{22*46245*83*83}\equiv 82921582

and $22*46245*83*83*23+1{\bmod {23}}\equiv 1$ note- not a power multiple of 23!.

Isolating the Message itself, with another term

253503289===148815052^(23(totient-6290)) see above
Solve
{{x -> 201204739}}
See Australian Innovation Patent 2018100919 for explanation
of this following equation
Mod, 
 8467 39343]=166558589
see equations above 
Mod= 67952848
Notice the message with the 23rd root of another number 
has  been found
Mod, 8467 39343]= 67952848

Since $2^{2}$ is always a multiple of the totient, we can apply 4 to the equations always instead of 83 as we have in the above example:

23^{-1}{\bmod {4}}\equiv 3

148815052*148815052^{-(22*3)}{\bmod {8467*39343}}\equiv 331864148

37*148815052^{22*4*79647023}{\bmod {8467*39343}}\equiv 331864148

Thus, it is always possible to get the secret message to a power that is not a multiple of the public key!

Including the math in User:Endo999#A_Close_Call_ON_RSA, we can see that we have the $c^{e*x}{\bmod {p*q}}$ and the $m*c^{(e-1)*x}{\bmod {p*q}}$ which allow us to apply in part the math from "A Close Call On RSA":

get cipher1
Mod= 148815052
Mod[
 148815052 PowerMod, 8467 39343]= 331864148
Mod, 
 8467 39343]= 331864148
get cipher2
Mod= 330768180
Mod, 
 8467 39343]= 98398282
Mod, 
 8467 39343]= 98398282
solve x power1^e + y power2^e===0
Solve[ 
 x PowerMod + 
   y PowerMod == 0, {x, y}, 
 Modulus -> 8467 39343]= {{x -> C, y -> 136895256 C}}
Mod PowerMod[
   41, -23 23 4 79647023, 8467 39343], 8467 39343]=136895256
apply x power1^(e-1) (y power2^(e-1))^(-1) to get (x/y)^(1/e)
Mod[
 2^23 331864148 PowerMod, 
 8467 39343]= 186681852
get m1/(m2 136895256^(1/e))
Mod[
 37 PowerMod, -1, 
   8467 39343], 8467 39343]= 186681852
this number is also
Mod PowerMod,
  8467 39343]=186681852

This is a transformative equation since it makes knowing the division of two secret messages to be the taking the eth root of another number, whose cipher is calculable

The RSA cipher can now be attacked by a Discrete Logarithm Algorithm

Now that we have

148815052^{23*46245*83*83}\equiv 253503289

and we know the cipher, or $148815052$ we can use Pollard's Kangaroo Discrete Logarithm Algorithm to solve the log (which is a factor of $23*83*83$ ). As such we can take the base for the discrete logarithm algorithm to be $148815052^{23*83*83}{\bmod {39343*8467}}\equiv 134420949$ and that $134420949^{46245}\equiv 253503289$ (with us knowing $134420949$ and $253503289$ ) , we can solve for $46245$ in ${\sqrt {46245}}$ . If the common factor is high enough we can actually do this, however, most of the time the term will still be too high. However, the RSA cipher is transformed since $46245*83*83+6290==d$ , so the decryption key can be determined using this method.

2 is always a Common Factor of (p-1) and (q-1) so Pollard's Algorithm Can Always Be Applied to Any RSA Cipher

Since $e*d{\bmod {2}}\equiv 1$ and e is odd, then d must be odd and the same equations can be applied to any RSA cipher as in the section above. Seeing that $e=23$ and $d{\bmod {2}}\equiv 1$ , then

148815052*148815052^{-23*1}{\bmod {39343*8467}}\equiv 152505560

and

148815052^{(318588095-1)*23}{\bmod {39343*8467}}\equiv 152505560

where

318588095==d

Therefore, since $148815052^{23}\equiv 158806108$ ,

158806108^{(318588095-1)}{\bmod {39343*8467}}\equiv 152505560

where

318588095==d

(Note that $158806108$ and $152505560$ are known).

Thus, you can apply Pollard's Kangaroo Algorithm to any RSA Cipher to get $d$ .

General Equation Applied

Take $c*c^{-e}{\bmod {p*q}}\equiv f$ then $(c^{e})^{(d-1)}{\bmod {p*q}}\equiv f$ is true. Since $c^{e}$ and $f$ are known then $d-1$ can be found using Pollard's Kangaroo Discrete Logarithm Algorithm.

Since $c^{e}{\bmod {p*q}}\equiv m^{e*e}$ then $c^{e}$ is in the same power ring as $m$ and the power ring length for both sums will be the same. In fact the power ring length for 37 ( $m$ ), 148815052 ( $m^{23}$ ) and 158806108 ( $m^{23*23}$ ) is the same: 668814. Since $318588094{\bmod {668814}}\equiv 232630$ , then the actual logarithm to be found by the Kangaroo algorithm will be $232630$ . However, $(37^{23})^{232630+1}{\bmod {39343*8467}}\equiv 37$ , so finding $(d-1)$ for $m^{e*e}$ is also finding the $(d-1)$ for $m^{e}$ .

Seeing that the power ring length of the message, in this example, is $668,814$ and the modulus is $333,117,181$ , one can see that often in practice the power ring length is 2/3 in bit length of the modulus, and that the Kangaroo algorithm will only take 1/3 the bit length of the modulus to find an appropriate power (in our example, $232630$ ). Thus, properly calibrated, the Kangaroo algorithm will often be a $\Omega (1/3)$ algorithm, and not $\Omega (1/2)$ as you would naively think.

Every Base Can Be Used In This Equation

It's always possible to get an equation like that above with any base. Take $2$ for instance.

2^{e}*2^{-e*e}{\bmod {p*q}}\equiv (2^{e*e})^{(d-1)}

The math in this section is totally theroretical since you can always use Pollard's RHO method to factor P*Q in $N^{1/4}$ time.

The Dedekind Psi Function of (p-2)(q-2) is sometimes the Totient of p*q

If p-2 is a prime, and q-2 is a prime and both p and q are primes (twin prime) then the Dedekind_psi_function( $\psi$ ) is the totient of p*q. For instance, the Dedekind PSI function of the primes 107*137 would be (107+1)(137+1)=(109-1)(139-1) so this number would be the totient function of 109*139, a semiprime.

Since common factors of p-1 and q-1 will be factors of p*q-1, then these common factors will be factors of (p-2+1) and (q-2+1) in the case of common factors of the RSA semiprime totient(p-1)*(q-1) a factor of the Dedekind PSI function of (p-2)*(q-2) can become known.

Interestingly, Dickson in his vol 3 of "History Of The Theory Of Numbers" doesn't seem to remark on Dedekind's PSI function, which deals with modular forms. The Third volume of Dickson's work is devoted to Modular forms.

Dickson does refer to the Dedekind PSI function at Vol 1, p123 where he states:

R. Dedekindproved that , if n is decomposed in every way into a product ab and if e is the g.c.d. of a,b then

$\sum _{a}(a/e)\Phi {e}=n\prod _{p|n}\left(1+{\frac {1}{p}}\right)$

where a ranges over all divisors of n and p over the prime divisors of n.

note that $\Phi$ is the totient function.

For the purposes of semiprimes then the addition of the factors, 1, n, p, q will equal the multiplicative PSI function (p+1)(q+1). Thus, this equation of Dedekind's unwinds the multiplication of the right side (with the prime factors) and equates this with the addition of the divisors on the left side of the equation. A change in operation from multiplication to addition is thus seen.

For RSA Semiprimes, Common Factors of p+1 and q+1 can be found by factoring p*q+1

For RSA semiprimes, a square factor of the Dedekind PSI function of P*Q can be found by factoring p*q+1.

This will reveal common factors of p+1 and q+1, if there are any besides two.

The square of these common factors is then a factor of the Dedekind PSI value of P*Q

When Primes Are Twin, Common Factors of Related Primes Can Be Found

The common factors of p-3 and q-3 can be found by factoring p*q-9.

See User:Endo999#The_Bad_Stuff_That_Happens_When_There_Are_Common_Factors_Between_(P-1)_and_(Q-1) here for a more complete explanation of common factors in p-1 and q-1 in rsa.

With knowledge of a common factor for both p-3 and q-3 then 0 mod (commonfactorofp-3)*(commonfactorofq-1) can be found.

which will be a factor of p*q-p-3q+3. Running -p*q mod n|(p*q-p-3q+3) will establish p+3q-3 mod n|(p*q-p-3q+3). By knowledge that p (and also q)mod commonfactorofp-3 === 3 and p(and also q) mod commonfactorofq-1 === 1 then it will be possible to establish p+q mod n|(p*q-p-3q+3). Indeed, if we ever knew when a p-x and q-x had common factors, then this could be used, via the Chinese Remainder Theorum to establish p+q mod alargenumber. However, we don't know when the common factor arises, we just know candidates for it, if it is there.

This could work for cousin prime as well (when p, q, p-4, and q-4 are all primes). In fact the math shown just above could work for any combination of primes (p, q, p-x,q-x) when p-1 and q-1 have common factors and p-x and q-x have common factors.

A Close Call ON RSA

According to if:

1010*2^{23}+1652*3^{23}{\bmod {89*29}}\equiv 0

then

1010*2^{22}(1652*3^{22})^{-1}{\bmod {89*29}}\equiv 1289

which is both

1010^{1/23}*1652^{-1/23}{\bmod {89*29}}\equiv 1289

as well as being

-3*2^{-1}{\bmod {89*29}}\equiv 1289

It is remarkable that such a humdrum equivalence as $-3*2^{-1}{\bmod {89*29}}$ could also have such a remarkable equivalence as $1010^{1/23}*1652^{-1/23}{\bmod {89*29}}$ .

Thus if I could take token $1010$ from Joe, and convince Joe that I am signing the 1010 divided by 1652 (which I have obtained from the equation above), then I could convince Joe that I have RSA signed with Jack's secret key, even though I am Brad, and I only know Jack's modulus.

1010^{1/e}*1652^{-1/e}{\bmod {p*q}}\equiv 1010^{d}*1652^{-d}

even though $1289{\bmod {89*29}}\equiv -3*2^{-1}$

Again according to if

2441*2^{23}+3^{23}{\bmod {89*29}}\equiv 0

then RSA is broken for the token 2441, since:

2441*2^{22}*3^{-22}{\bmod {89*29}}\equiv 1289

and

1289^{23}{\bmod {89*29}}\equiv 2441

It is hard to set this equation though.

Thus it is very important that when the RSA user presents a number for his opponent to sign that that opponent DOES NOT add a divisor of his own to this number. This can fool the unwary.

Now you could achieve the same spoof by 1) select a residue randomly:A, 2) increase this residue to the 23rd power:B, 3) take the number given by the other party (C) (the number to be signed) and find the other number that transforms this to B: D, 4) then say you are signing C divided by D by providing A.

Although this is quite similar to the process I have described above, in my process, I derive both B and C before I derive A, that is the root is determined AFTER the powers, not BEFORE.

Example 3: When A Multiplier Makes P Look Like Q To The Modulus X

This method of imploding the product is superior to Traditional Chinese Remainder Methods when a multiplier, $m$ , is used to make $p$ look like $q$ to the modulus $X$ .

According to , the multiplier is defined as:

(p{\bmod {Y}})^{-1}*(q{\bmod {Y}}){\bmod {Y}}

When this is multiplied to $p*q$ then the remainder can safely be divided by $Y^{2}$ .

Given:

p=5003

q=2003

Y=151

5003{\bmod {1}}51\equiv 20

2003{\bmod {1}}51\equiv 40

Now make the Multiplier:

20^{-1}*40{\bmod {1}}51\equiv 2

(This is the lowest possible multiplier).

Now make the modulus, $X$ where $X{\bmod {1}}51\equiv 40$ then $3966$ will do.

Now note that the naiive equation is:

-5003*2003{\bmod {3}}966\equiv 1037*1963\equiv 1073

and the augmented equation is:

-50021*45007*2*151^{-2}{\bmod {3}}966\equiv 40*13\equiv 520

and that:

b_{1}=(5003*2-3966)/151=40

e_{1}=(3966-2003)/151=13

and that $40*13=520$

and that

(40*151+3966)/2==5003==p

(3966-13*151)==2003==q

Note that when the multiplier is very low then this method is superior to traditional Chinese Remainder Theorums.

When P Is Approximately 5 Times Q

When $p$ is approximately $5$ times (or any power of 5) greater than $q$ , then it is possible to factor a number (by guessing one number within the square root of q from q). Example:

p=10559

q=2063

thirdmodulus=2103

note that

10559-5*2103=4*11

note that

2103-2063=4*10

-10559*2063*16^{-1}{\bmod {2}}103\equiv 110\equiv 10*11

10559==2103*5+11*4

2063==2103-10*4

This works because in RSA semiprimes (Internet HTTPS RSA keys) are always $3{\bmod {4}}$ and $3*5{\bmod {4}}\equiv 3$ .

When P Is Less Than 3 Times P-4*B

In the above discussion a multiple of 5 was used for the modulus, and this affected the $B$ coefficient. If the modulus is redefined from $p-4*b==q+4*e$ to $p-2*b==q+2*e$ , then a multiple of 3 can be used for the modulus. Example:

-5003*2003*16^{-1}{\bmod {3}}167\equiv 555\equiv 459*291

5003*2003*4^{-1}{\bmod {3}}167\equiv 947\equiv 2249*(2*291)

Thus, we can divide by 2 again to get another multiple of the $e$ term, which is $291$ in the above equation.

5003*2003*8^{-1}{\bmod {3}}167\equiv 2057\equiv 2249*291

In the above case, $2249==(3*3167-5003)/2$ since $3*3167>5003$ or $3*Modulus>p$ .

So it is possible to come up with different multiples of $e$ , and then perform arithmetic operations on them. In this case above,

5*459*291-2249*291{\bmod {3}}167\equiv 46*291

Note that the actual product has declined to a tenth by this operation. For small numbers it is possible to actually change the $B*E{\bmod {X}}$ to an actual product, which can be factored, leading to $b$ and $e$ discovery.

An Analysis Of XY-PQ

If we take a slight deviation from our normal equation of $X^{2}-P*Q$ and say the following:

p=5003\equiv 5{\bmod {17}}

q=2003\equiv 14{\bmod {17}}

Y=17

X=3400\equiv 0{\bmod {17}}

X_{1}\equiv 3405\equiv 5{\bmod {17}}

X_{2}\equiv 3414\equiv 14{\bmod {17}}

X_{3}=3405+3414

and create an equation like this:

X_{1}*X_{2}-P*Q

3405*3414-5003*2003=1603661

5003-3405=1598=94*17

3414-2003=1411=83*17

then the following equations hold:

1603661{\bmod {3405+3414}}\equiv 3405*(1598+1411)+1411*1598=12500423=1598(3405+3414)+1603661

1603661{\bmod {3405+3414}}\equiv -3414*(1598+1411)+1411*1598=-8017948=-1411(3405+3414)+1603661

2*1603661{\bmod {3405+3414}}\equiv -9(1598+1411)+2*1411*1598=(1598-1411)*(3405+3414)+2*1603661

where

14-5=9

Most of the other equations feature $3405(-1598+1411)$ not $3405(1598+1411)$ as we have above. Plus if we minus 9*3405, where we know 9, we get:

1603661-9*3405{\bmod {3405+3414}}\equiv 3405*(5003-2003)+1411*1598

1603661+9*3414{\bmod {3405+3414}}\equiv -3414*(5003-2003)+1411*1598

2*1603661+9*9{\bmod {3405+3414}}\equiv -9(5003-2003)+2*1411*1598

where

14-5=9

This new behavior, where we get $P-Q$ in one of the terms of the equation, is a totally new feature of the equations we have been establishing. Mostly, we get $P+Q$ when we have equations of the term: $X^{2}-P*Q$

We get $p+q$ in the following equations:

1603661{\bmod {3405+3414}}\equiv -(5003+2003)*3414+1411*1589

1603661{\bmod {3405+3414}}\equiv -(5003+2003)*3405+1402*1598

These above residues can actually be shown as full sums. For instance:

(3405^{2}-5003*2003)+9*3405-3405*(3405+3414)=-(5003+2003)*3405+1402*1598=-21615034

3405*3414-5003*2003=1603661

can produce equations featuring both $p+q$ and $p-q$

Extending The Modulus

Extending the modulus to $3405*(3405+3414)+3414$ gives us an unusual property that is explained below:

3405*(3414^{2}-5003*2003+3405^{2}-5003*2003){\bmod {3405*(3405+3414)+3414}}\equiv 6815985

-(1598-1411)*3405(3405+3414)+3405*(1402*1598+1411*1589+81){\bmod {3405*(3405+3414)+3414}}

which can be turned into (by reversing the sign).

(1598-1411)*3414+3405*(1402*1598+1411*1589+81){\bmod {3405*(3405+3414)+3414}}

Thus, the multiplier in the sum for one of the terms is sharply reduced, from $3405(3405+3414)$ to $3414$ .

The best I have been able to do with this sum above is to turn it into

3405*1402*1598+3406*1411*1589+3405*81{\bmod {3405*(3405+3414)+3414}}

If we could indeed create both terms to the exact same coeficient then we could reduce the term to

1402*1598+1411*1589{\bmod {3405*(3405+3414)+3414}}

which is not a residue but an actual sum. Alas, I have not been able to do this.

Pollard's Kangaroo Algorithm can solve for B*E in square root of (4B-4E) time

You can get $b-e$ and thus solve $(e-b)x+4*b*e==(x^{2}-p*q)/4$ to retreive $b*e$ by

solving for

g^{4*e-4*b}{\bmod {p}}*q\equiv g^{2*x-p*q-1}{\bmod {p}}*q

, which can be done in

{\sqrt {4*e-4*b}}

time according to Pollard's_kangaroo_algorithm where

x=p-b*4=q+e*4

Once you know $b-e$ you don't actually have to factor $b*e$ , which saves much time. You can create two numbers, $a$ and $b$ , separate them by $b-e$ and then increment them until they either match or exceed $b*e$ .

Generalising to g^(Ze-Zb)

In the case where $\alpha$ is a factor of $p-q$ (see earlier section for this algorithm), then

g^{\alpha *e-\alpha *b}{\bmod {p}}*q\equiv g^{2*x-p*q-1}{\bmod {p}}*q

Pollard's excellent Kangaroo algorithm can be adapted to leap in $\alpha$ bounds instead of $1$ bounds, as it normally does.

The time to compute will be $\Omega ({\sqrt {e-b}})$ dividing the total time to do by $\alpha$ instead of $\Omega (\alpha *{\sqrt {e-b}})$ as when the bound for the Kangaroo algorithm is 1. When the earlier $p-q$ product implosion algorithm still doesn't create a product out of the remainder, then this algorithm can still be used as it can process the quotient part of the product in ${\sqrt {quotient}}$ .

For instance, for a 1000 bit modulus, $\alpha *(e-b)$ will be a 500 bit number. If $\alpha$ is a 125 bit number then the answer can be found in ${\sqrt {375}}$ bit operations. This is approximately $2^{190}$ operations. To find a $p{\bmod {Y}}$ that is 125 bits in length will entail approximately $2^{125}$ operations. To iterate this to $P$ , using Traditional Chinese Remainder methods, will take around $2^{375}$ operations for a combined total of $2^{500}$ operations.

However, to take the $p{\bmod {Y}}$ that is 125 bits and then apply the extended Pollard algorithm to the equation above will entail $2^{125+190}$ operations, that is approximately $2^{315}$ .

It looks like the earlier naiive version of the algorithm (when $\alpha =4$ ) is the best since it will take $2^{250}$ operations. But anytime you have a $p{\bmod {Y}}$ on hand the new method will be faster.

When the Third Modulus is higher than P: ie., when x = p+b*4

When the third modulus is $x=p+b*4$ no $e$ is required. The equation is:

-P*Q*16^{-1}{\bmod {(}}P+B*4)\equiv B*(P-Q)/4+B^{2}

where

x>p

This also works when the modulus is $X<Q$ . The equation is:

P*Q*16^{-1}{\bmod {(}}Q-E*4)\equiv E*(P-Q)/4+E^{2}

where

P>Q

A Definition of Residues 1 off each other

One way to define numbers one off each other is via:

36*14^{-1}{\bmod {7}}3*11\equiv 404

(36-14)*14^{-1}{\bmod {7}}3*11\equiv 403

(36-2*14)*14^{-1}{\bmod {7}}3*11\equiv 402

Thus, the general equation is:

\alpha \beta ^{-1}{\bmod {p}}*q\equiv \gamma

(\alpha -\delta *\beta )*\beta ^{-1}{\bmod {p}}*q\equiv \gamma -\delta

The Curious Case Of The Square Root of -1 mod p*q

Sometimes, there is, indeed, a ${\sqrt {-1}}{\bmod {p}}*q$ , a type of modular imaginary number. It only seems to appear for semiprimes that are both $1{\bmod {4}}$ . The following treatment of this number is similar to Euler's factorisation method: ].

If there are two of these modular imaginary numbers, as there often are, then both have an intimate relationship with ${\sqrt {1}}{\bmod {p}}*q$ . The following group of equations summarises this:

{\sqrt {-1}}_{1}*{\sqrt {-1}}_{2}{\bmod {p}}*q\equiv {\sqrt {1}}{\bmod {p}}*q

{\sqrt {-1}}_{1}*{\sqrt {1}}{\bmod {p}}*q\equiv {\sqrt {-1}}_{2}

{\sqrt {-1}}_{1}+{\sqrt {-1}}_{2}

is a multiple of one of the factors

p

q

{\sqrt {-1}}_{1}-{\sqrt {-1}}_{2}

is a multiple of the other factor, either

p

q

The inverse of the I number is its negative number

{\sqrt {-1}}^{-1}{\bmod {p}}*q\equiv -{\sqrt {-1}}

For $P*Q=13*73=949$ and ${\sqrt {-1}}_{1}{\bmod {9}}49\equiv 538$ and ${\sqrt {-1}}_{2}{\bmod {9}}49\equiv 684$ and ${\sqrt {1}}{\bmod {9}}49\equiv 220$ , then:

538*220{\bmod {9}}49\equiv 684

684*220{\bmod {9}}49\equiv 538

684*538{\bmod {9}}49\equiv 220

538+684=94*13

684-538=2*73

As well, there is a intimate relationship between $1^{1/4}{\bmod {p}}*q$ , and ${\sqrt {1}}{\bmod {p}}*q{\bmod {p}}$ and ${\sqrt {-1}}{\bmod {p}}*q{\bmod {q}}$ . The Chinese Remainder of these last two residues will either be $1^{1/4}{\bmod {p}}*q$ or $1^{3/4}{\bmod {p}}*q$ . Thus

ChineseRemainder\equiv 1^{1/4}|1^{3/4}{\bmod {p}}*q

The other combination will reveal another quad root of 1. Thus if the equation above revealed $1^{1/4}{\bmod {p}}*q$ , then

ChineseRemainder\equiv 1^{3/4}{\bmod {p}}*q

This is, in effect, a definition of two of the square roots of ${\sqrt {1}}{\bmod {p}}*q$ , and tends to indicate that there are no quad roots of 1 for 3 mod 4 semiprimes. This conjecture is shown to be probably true in Mathematica test code. (There are quad roots when 1 semiprime is 1 mod 4 and the other is 3 mod 4).

The Complex Square Root Function Does Have An Analogue In Modular Arithmetic

I was able to get the complex square root function to work, in modular arithmetic. This work is only done on 1 mod 4 semiprimes. Please consult this link Complex_number#Square_root, for the formula. My work is as follows:

Take ${\sqrt {227}}{\bmod {101*73}}\equiv 2126$ . Construct a simple complex form: $227{\bmod {101*73}}\equiv 4580+1*3020$ where $3020{\bmod {101*73}}\equiv {\sqrt {-1}}_{1}$ and $192{\bmod {101*73}}\equiv {\sqrt {-1}}_{2}$ .

Construct (according to the complex square root formula):

{\sqrt {4580^{2}+1^{2}}}{\bmod {101*73}}\equiv 1988

{\sqrt {(4580+1988)*2^{-1}}}{\bmod {101*73}}\equiv 2090

{\sqrt {(-4580+1988)*2^{-1}}}{\bmod {101*73}}\equiv 461

Now we have the intermediate terms of the complex moduluar number. Instead of ${\sqrt {-1}}{\bmod {101*73}}\equiv 3020$ use the other ${\sqrt {-1}}{\bmod {101*73}}\equiv 192$ :

2090+461*192{\bmod {101*73}}\equiv 2126

Thus, the complex square root equation does have an analogue in modular arithmetic, but we need to know one of the square roots of -1 mod p*q and we need to take three modular square roots in order to derive the sum.

In an example that will show that sometimes you can use the same ${\sqrt {-1}}_{i}{\bmod {p*q}}$ , we will show the case where the root is of the type: $X+X*{\sqrt {-1}}{\bmod {p*q}}$

Take the form of $227=0+149*3020$ . This simplifies the three square roots that are to be taken considerably. As we only need to take one square root:

{\sqrt {0^{2}+149^{2}}}{\bmod {101*73}}\equiv 149

{\sqrt {(0+149)*2^{-1}}}{\bmod {101*73}}\equiv 1942

{\sqrt {(-0+149)*2^{-1}}}{\bmod {101*73}}\equiv 1942

Now that we have the intermediate term of $1942$ then the root can be made as:

-(1942+1942*3020){\bmod {101*73}}\equiv 2126

We don't even need to take a modular square root if we construct the square as:

2*NATURALSQUARE*{\sqrt {-1}}_{1}{\bmod {p*q}}

In this case the square root is:

ROOTOFNATURALSQUARE+ROOTOFNATURALSQUARE*{\sqrt {-1}}

or the square is:

2*81*3020{\bmod {101*73}}\equiv 2622

and the root is:

9+9*3020{\bmod {101*73}}\equiv 5070

where

5070^{2}{\bmod {101*73}}\equiv 2622

This all works because $(1+{\sqrt {-1}}_{1})^{2}{\bmod {p*q}}\equiv 2*{\sqrt {-1}}_{1}$

Pythagorean Triples Can Provide The Parameters To Populate The Complex Square Root formula

According to , Pythagorean Triples can populate the Complex Square Root formula in modular arithmetic without taking a modular square root for the intermediate values. The intermediate values all derive to natural squares.

Quoting from :

More specifically, the Pythagorean Triples should be primitive Pythagorean Triples or primitive Pythagorean Triples multiplied by squares.
The equation for the square root, of the square $(a+b*{\sqrt {-1}}){\bmod {p*q}}$ , will resolve to $(a_{1}+b_{1}*{\sqrt {-1}}_{1})*{\sqrt {2}}^{-1}{\bmod {p*q}}$ . Therefore the square $2*(a+b*{\sqrt {-1}}){\bmod {p*q}}$ , will resolve to $(a_{1}+b_{1}*{\sqrt {-1}}_{1}){\bmod {p*q}}$ .

$3^{2}+4^{2}=5^{2}$ is the most famous Pythagorean Triple. If we pass these parameters into the Complex Square Root formula we get the following calculations:
${\sqrt {3^{2}+4^{2}}}{\bmod {113*257}}\equiv 5$
${\sqrt {(4+5)*2^{-1}}}{\bmod {113*257}}\equiv 3*2^{-1/2}$
${\sqrt {(5-4)*2^{-1}}}{\bmod {113*257}}\equiv 1*2^{-1/2}$
As such ${\sqrt {(4+3*{\sqrt {-1}})}}{\bmod {113*257}}\equiv (3+1*{\sqrt {-1}})*{\sqrt {2}}^{-1}$
or $(4+3*13123){\bmod {113*257}}\equiv 10332$ , $(3+1*13123)*13077{\bmod {113*257}}\equiv 16392$ and $16392^{2}{\bmod {113*257}}\equiv 10332$ .
Please note that $13077{\bmod {113*257}}\equiv {\sqrt {2}}^{-1}$ and $13123{\bmod {113*257}}\equiv {\sqrt {-1}}$ .
Therefore ${\sqrt {2*(4+3*{\sqrt {-1}})}}{\bmod {113*257}}\equiv (3+1*{\sqrt {-1}})$
$2*(4+3*{\sqrt {-1}}){\bmod {113*257}}\equiv 20664$ , $(3+1*13123){\bmod {113*257}}\equiv 13126$ , and $13126^{2}{\bmod {113*257}}\equiv 20664$ .

It is possible to work this formula out with the the ComplexExpand command of mathematica, as in:

ComplexExpand  // this is the root formula
4 a b + I (2 a^2 - 2 b^2)                        // this is the formula for the square

However, if you can describe the square (with knowledge of ${\sqrt {-1}}{\bmod {p*q}}$ ) using the parameters of the pythagorean triple, you can instantly derive the square root. Thus knowledge of one of the ${\sqrt {-1}}_{i}{\bmod {p*q}}$ allows large numbers of modular square roots to be instantly taken.

Since $(3+{\sqrt {-1}})^{2}{\bmod {p*q}}\equiv 8+6*{\sqrt {-1}}$ then $(3*{\sqrt {-1}}-1)^{2}{\bmod {p*q}}\equiv -(8+6*{\sqrt {-1}})$ .

A Generalization Of The Pythagorean Triples Method Of Finding A Square Root

As mentioned in , the following equation generalizes the taking of a square root using the Pythagorean Method mentioned above:

(a_{1}+b_{1}*{\sqrt {I}})^{2}{\bmod {p*q}}\equiv 2*a+(I+1)*b_{1}^{2}+2*b*{\sqrt {I}}

where

I

is any number that has a known

{\sqrt {I}}{\bmod {p*q}}

. In other words find the root first and then square it to get the square.

For instance, for Pythagorean Triple $8^{2}+15^{2}==17^{2}$ where $a=8$ and $b=15$ and $a_{1}={\sqrt {8+17}}=5$ and $b_{1}={\sqrt {17-8}}=3$ , then take any root square combination, such as: $1010^{2}{\bmod {89*29}}\equiv 605$ . In this case:

2*8+(605+1)*3^{2}+2*15*(1010){\bmod {89*29}}\equiv 2217

and

(5+3*(1010))^{2}{\bmod {89*29}}\equiv 2217

This works for the negative root as well:

2*8+(605+1)*3^{2}+2*15*(-1010){\bmod {89*29}}\equiv 980

and

(5+3*(-1010))^{2}{\bmod {89*29}}\equiv 980

This equation is close to the regular binomial square formula, except that you can go from the square to the root.

Interestingly, the product of both these answers, $980$ and $2217$ , is the subtraction of two squares, and its square root is also the subtraction of two squares.

((16+606*9)+30*1010)((16+606*9)-30*1010){\bmod {89*29}}\equiv 308^{2}-1909^{2}\equiv 2039

and this sums square root is:

((5+3*1010)(5-3*1010))^{2}{\bmod {89*29}}\equiv (5^{2}-449^{2})^{2}\equiv 2039

Thus this number forms the second part of a Pythagorean Triple:

(-2*449*5)^{2}+(5^{2}-449^{2})^{2}==(5^{2}+449^{2})^{2}

With $1909+308{\bmod {89*29}}\equiv 2217$ and $(449+5)^{2}{\bmod {89*29}}\equiv 2217$

and

1909-308{\bmod {89*29}}\equiv 1601

and

(449-5)^{2}{\bmod {89*29}}\equiv -1601

we have some roots and some squares.

An RSA Cipher Has A Polar Coordinate Root If It Is A Pythagorean Root

If $e=23$ and $c=m^{23}{\bmod {p*q}}$ , and m is a Pythagorean Triple (ie., $a_{1}+b_{1}*{\sqrt {-1}}{\bmod {p*q}}\equiv m$ (a Modular Complex Number), then the cipher, $c$ has a secret message that can be deciphered as such:

ComplexExpand
138606163968 + 284232882176 I
or
(3+I)^23 mod p*q= 138606163968 + 284232882176 I

Just remember to take the pythagorean triple and create the root modular complex number via the method shown above. In this case, above, $3^{2}+4^{2}=5^{2}$ and $3={\sqrt {4+5}}$ and $1={\sqrt {5-4}}$ . Thus if $m^{2}{\bmod {p*q}}\equiv a+b*{\sqrt {-1}}$ where $a^{2}+b^{2}=c^{2}$ .

Not Always Necessary To Factor some P*Q to do Modular Square Roots

The Quadratic residue article on Knowledge (XXG) says that taking modular square roots of p*q modulus is equivalent to factoring the p*q modulus.

If the complete factorization of n is not known, and $\left({\tfrac {a}{n}}\right)=1$ and n is not congruent to 2 modulo 4, or n is congruent to 2 modulo 4 and $\left({\tfrac {a}{n/2}}\right)=1$ , the problem is known to be equivalent to integer factorization of n (i.e. an efficient solution to either problem could be used to solve the other efficiently).

By way of a counter example I will show that some modular imaginary numbers are quite easy to find. For instance,

675*675+1==2*409*557

or in other words

{\sqrt {2*409*557-1}}==675\equiv {\sqrt {-1}}_{1}{\bmod {409*557}}

Now that we know $675$ as one of the two imaginary numbers of modulus $409*557$ , we are still not in any condition to factor $409*557$ , for we need two imaginary numbers to do that. However, using the Pythagorean method of populating the complex square root theorum, and knowing one of the ${\sqrt {-1}}{\bmod {p*q}}$ , we can take almost unlimited numbers of modular square roots almost instantly, via the mathematical reasoning shown just above.

Therefore, for some P*Q 1 mod 4 semiprimes, it is not necessary to factor the modulus to find ${\sqrt {-1}}{\bmod {p*q}}$ and thereafter many modular square roots can quicky be taken. The conjecture quoted above is shown not to be fully correct.

Quoting from the Quadratic residue article on Knowledge (XXG) again:

The above discussion indicates how knowing the factors of n allows us to find the roots efficiently. Say there were an efficient algorithm for finding square roots modulo a composite number. The article congruence of squares discusses how finding two numbers x and y where x ≡ y (mod n) and x ≠ ±y suffices to factorize n efficiently. Generate a random number, square it modulo n, and have the efficient square root algorithm find a root. Repeat until it returns a number not equal to the one we originally squared (or its negative modulo n), then follow the algorithm described in congruence of squares. The efficiency of the factoring algorithm depends on the exact characteristics of the root-finder (e.g. does it return all roots? just the smallest one? a random one?), but it will be efficient.

Please note that I have shown:

1) an efficient way to take modular square roots of numbers that can be described as complex numbers (populated with coefficients from Pythagorean triples).

2) a way to quickly find the

{\sqrt {-1}}_{1}{\bmod {p*q}}

that occurs not usually but does occur sometimes.

3) I do not have any efficient way to factor P*Q but I do have a way to efficiently take the square root of large amount of numbers.

I cannot

1) take a number and square it, and then take the modular square root, hoping it will be a different number than the root I first came up with. I cannot do this because I cannot quickly equate the square I produced with a pythagorean triple pair (in a complex modular number).

Therefore, I cannot use my ability to take a modular square root to find the other square root. Therefore, although I can take a square root I cannot factor the semiprime.

Another Formula For Generating Pythagorean Triples Besides The Famous Euclidean One

Euclid's famous formula for generating Pythagorean Triples is the following:

(2*x*y)^{2}+(x^{2}-y^{2})^{2}==(x^{2}+y^{2})^{2}

I've come up with another formula for generating Pythagorean Triples. The math has to do with multiplying in the SQUARELESS number I have spoken of in other parts of this blog.

There are two such squareless numbers in a p*q modulus. They have several properties that make them interesting to applying to the Pythagorean Triples method of using the Complex Square Root formula in modular arithmetic.

SquareLessNumber_{1}*SquareLessNumber_{2}{\bmod {p*q}}\equiv 0

SquareLessNumber^{n}{\bmod {p*q}}\equiv SquareLessNumber

SquareLessNumber_{1}-SquareLessNumber_{2}{\bmod {p*q}}\equiv \pm {\sqrt {1}}

SquareLessNumber_{1}+SquareLessNumber_{2}{\bmod {p*q}}\equiv 1

Replacing the equations above with equations involving the squareless numbers, we can see that the coefficients for the square are:

a=2*(X*SquareLessNumber_{1}+Y)*(X*SquareLessNumber_{2}+Y)

b=(X*SquareLessNumber_{1}+Y)^{2}-(X*SquareLessNumber_{2}+Y)^{2}

c=(X*SquareLessNumber_{1}+Y)^{2}+(X*SquareLessNumber_{2}+Y)^{2}

and the coefficients (and equation) for the root are:

((X*SquareLessNumber_{1}+Y)+(X*SquareLessNumber_{2}+Y))+((X*SquareLessNumber_{1}+Y)(X*SquareLessNumber_{2}+Y))*{\sqrt {-1}})*{\sqrt {2}}^{-1}

We can reduce these equations for $2mn$ , and $m^{2}-n^{2}$ to:

2*(X*SquareLessNumber_{1}+Y)*(X*SquareLessNumber_{2}+Y){\bmod {p*q}}\equiv 2(x*y+y^{2})

(X*SquareLessNumber_{1}+Y)^{2}-(X*SquareLessNumber_{2}+Y)^{2}{\bmod {p*q}}\equiv (x^{2}+2x*y)*{\sqrt {1}}

((X*SquareLessNumber_{1}+Y)^{2}+(X*SquareLessNumber_{2}+Y)^{2}){\bmod {p*q}}\equiv x^{2}+2*x*y+2*y^{2}

The equations for the coefficients of the roots also simplify

((X*SquareLessNumber_{1}+Y)+(X*SquareLessNumber_{2}+Y)){\bmod {p*q}}\equiv x+2*y

((X*SquareLessNumber_{1}+Y)-(X*SquareLessNumber_{2}+Y)){\bmod {p*q}}\equiv x*{\sqrt {1}}

You will notice that the imaginary coefficients for both the square and the root involve ${\sqrt {1}}{\bmod {p*q}}$ , which is unknown. There is an intimate relationship between the square root of 1 and the two square roots of -1. It is ${\sqrt {1}}*{\sqrt {-1}}_{1}{\bmod {p*q}}\equiv {\sqrt {-1}}_{2}$ .

Thus the ${\sqrt {1}}$ term cancels out when we apply the known ${\sqrt {-1}}$ to it. Thus the working equations for the imaginary coefficient for the square modular square is:

(x^{2}+2x*y)

and the working equation for the imaginary coefficient of the root is:

x

This SQUARELESS number cancels out eventually leaving the following formula:

(2*x*y+2*y^{2})^{2}+(x^{2}+2*x*y)^{2}==(x^{2}+2*x*y+2*y^{2})^{2}

(-2*x*y+2*y^{2})^{2}+(x^{2}-2*x*y)^{2}==(x^{2}-2*x*y+2*y^{2})^{2}

The coefficients for the root, considering that the square matches the coefficients given above is:

ROOT=(x\pm 2*y)+x*{\sqrt {-1}}{\bmod {p*q}}

Bottari, in 1908, as reported by Dickson's History Of Numbers vol 2 p169, does show a more general form of my equations shown here for the Pythagorean Triple, but, most probably, he did not use the SQUARELESS number to derive the equations. Thus, although the equations have been worked out before, the way they are derived is probably unique. See here for the relevant quote from Dickson of Bottari's work.

Modular Imaginary Numbers Are Close To Quaternions

Looking at the definition of Quaternion#Definition which has its definition of the three imaginary numbers of the system:

i = j = k = ijk = −1,

It does seem that the ${\sqrt {-1}}_{1}{\bmod {p*q}}$ , ${\sqrt {-1}}_{2}{\bmod {p*q}}$ , and $-{\sqrt {1}}{\bmod {p*q}}$ come close to this definition, but they do not quite make the definition.

{\sqrt {-1}}_{1}*{\sqrt {-1}}_{2}(-{\sqrt {1}}){\bmod {p*q}}\equiv -1\equiv {\sqrt {-1}}_{1}^{2}\equiv {\sqrt {-1}}_{2}^{2}\equiv -{\sqrt {1}}^{2}

This is close to the Quaternion imaginary definition. However, I was not able to make the Quaternion inverse work with modular arithmetic, nor was I able to make the Hamilton Product work with modular arithmetic. The definitions for the imaginary numbers are close to Hamilton's so I suspect an analogue operation may eventually be found.

Looking at my definition of the quad root of 1, it seems that this definiton is close to a quaternion (with all the coefficients being the same):

2^{-1}*(1+{\sqrt {-1}}_{1})(1+{\sqrt {-1}}_{2})\equiv 2^{-1}(1+{\sqrt {-1}}_{1}+{\sqrt {-1}}_{2}+{\sqrt {1}})

This above number is a type of Hurwitz quaternion, which is defined as:

a Hurwitz quaternion (or Hurwitz integer) is a quaternion whose components are either all integers or all half-integers (halves of an odd integer; a mixture of integers and half-integers is excluded).

Cockle's Tessarines very close to Modular Quaternions

After some research in the Knowledge (XXG), it does seem that the imaginary units I have put forth have been written of already as Bicomplex number or tessarines by James Cockle (lawyer) in 1848.

Quoting from Bicomplex number:

In 1848 James Cockle introduced the tessarines in a series of articles in Philosophical Magazine.
A tessarine is a hypercomplex number of the form

$t=w+xi+yj+zk,\quad w,x,y,z\in \mathbb {R}$

where $ij=ji=k,\quad i^{2}=-1,\quad j^{2}=+1.$ Cockle used tessarines to isolate the hyperbolic cosine series and the hyperbolic sine series in the exponential series. He also showed how zero divisors arise in tessarines, inspiring him to use the term "impossibles." The tessarines are now best known for their subalgebra of real tessarines $t=w+yj\$ , also called split-complex numbers, which express the parametrization of the unit hyperbola.

In the case of modular tessarines, then $i={\sqrt {-1}}_{1}{\bmod {p*q}}$ , $j={\sqrt {1}}{\bmod {p*q}}$ and $k={\sqrt {-1}}_{2}{\bmod {p*q}}$ .

Quoting the imaginary multiplication table from Bicomplex number:

Tessarine multiplication
×	1	i	j	k
1	1	i	j	k
i	i	−1	k	−j
j	j	k	1	i
k	k	−j	i	−1

Modular Tessarine multiplication
×	1	i	j	k
1	1	i	j	k
i	i	−1	-k	j
j	j	-k	1	-i
k	k	j	-i	−1

There are some minor differences, but mostly the same for the two systems.

The Modular Quaternion Worked Out And Demonstrated

I was able to come up with an analogue, for this Quaternion-like system, for both the conjugate, the form, and the multiplicative inverse. Given ${\sqrt {-1}}_{1}{\bmod {p*q}}\equiv i$ , ${\sqrt {-1}}_{2}{\bmod {p*q}}\equiv j$ and ${\sqrt {1}}{\bmod {p*q}}\equiv k$ , then the conjugate of $(a+b*i+c*j+d*k)$ would be:

(a-b*i-c*j+d*k)

There is a norm to this (which isn't great) of:

(a^{2}+b^{2}+c^{2}+d^{2}-2*{\sqrt {1}}*(b*c-a*d))

and so the multiplicative inverse is:

(a-b*i-c*j+d*k)*(a^{2}+b^{2}+c^{2}+d^{2}-2*{\sqrt {1}}*(b*c-a*d))^{-1}{\bmod {p*q}}

(It can be seen from the above definition that the norm of modular quarternions where $a=b=c=d$ , or $b*c==a*d$ , is indeed the norm of quaternions: $a^{2}+b^{2}+c^{2}+d^{2}$ and thus, looking at the definition of the quad root of 1 mod p*q, as a modular quaternion (see above), the norm is $(1/2)^{2}+(1/2)^{2}+(1/2)^{2}+(1/2)^{2}=1$ . This makes the quad root of 1 a unit quaternion. I suspect that all roots of 1 have norms of 1, since the cube root of 1 also has a norm of 1)

Since we know the norm of the quad root of 1 to be 1, we can take a stab at the inverse of the quad root of 1:

In:= Mod (1 + 568 + 945 + 2493), 89 29]
Out= 713
In:= PowerMod
Out= 1781
and the inverse of the quad root of 1 is:
In:= Mod, 
 89 29]
Out= 1781

Thus the inverse of the quad root of 1, after considering it as a modular quaternion, is:

2*(1-{\sqrt {-1}}_{1}-{\sqrt {-1}}_{2}+{\sqrt {1}})*4^{-1}{\bmod {p*q}}\equiv (1-{\sqrt {-1}}_{1})*(1-{\sqrt {-1}}_{2})*2^{-1}

See User:Endo999#The_Cube_Root_Of_1_Defined_In_Polar_Coordinates for the cube root of -1 shown as a quaternion, and it's inverse successfully computed.

An example, showing a conjugate, norm, and multiplicative inverse, follows:

A modular quaternion for $89*29$ is:

(29+13*568+17*945+23*2493){\bmod {89*29}}\equiv 806

The conjugate is:

(29-13*568-17*945+23*2493){\bmod {89*29}}\equiv 366

The norm(it's odd) is:

(29^{2}+13^{2}+17^{2}+23^{2}-2*2493*(13*17-29*23)){\bmod {89*29}}\equiv 762

and the multiplicative inverse of quaternion $806$ , given above, is:

(29+13*568+17*945+23*2493)^{-1}{\bmod {89*29}}\equiv 806^{-1}\equiv 366*762^{-1}\equiv 285

Multiplication follows the following rule:

Mod[(29 + 13 568 + 17 945 + 23 2493) (39 + 23 568 + 27 945 + 
    33 2493), 89 29]==2172
In:= 
Mod[k (a w + b x + c y + d z) + j ( -b w + a x - d y + c z) + 
   i (-c w - d x + a y + b z) + d w - c x - b y + a z, 
  89 29] /. {k -> 2493, i -> 568, j -> 945, a -> 29, b -> 13, c -> 17,
   d -> 23, z -> 39, y -> 23, x -> 27, w -> 33}
Out= 2172

It is somewhat similar to the Hamilton Product but is different regarding the non i,j,k items.

The Log And The Exp Functions Of Modular Quaternions

Quoting from Quaternion#Exponential,_logarithm,_and_power:

Exponential, logarithm, and power Given a quaternion,

$q=a+bi+cj+dk=a+\mathbf {v}$

the exponential is computed as

$\exp(q)=\sum _{n=0}^{\infty }{\frac {q^{n}}{n!}}=e^{a}\left(\cos \|\mathbf {v} \|+{\frac {\mathbf {v} }{\|\mathbf {v} \|}}\sin \|\mathbf {v} \|\right)$

$\ln(q)=\ln \|q\|+{\frac {\mathbf {v} }{\|\mathbf {v} \|}}\arccos {\frac {a}{\|q\|}}$ .

It follows that the polar decomposition of a quaternion may be written

$q=\|q\|e^{{\hat {n}}\theta }=\|q\|\left(\cos(\theta )+{\hat {n}}\sin(\theta )\right),$

where the angle $\theta$ and the unit vector ${\hat {n}}$ are defined by:

$a=\|q\|\cos(\theta )$

and

$\mathbf {v} ={\hat {n}}\|\mathbf {v} \|={\hat {n}}\|q\|\sin(\theta ).$

Any unit quaternion may be expressed in polar form as $e^{{\hat {n}}\theta }$ .
The power of a quaternion raised to an arbitrary (real) exponent $\alpha$ is given by:

$q^{\alpha }=\|q\|^{\alpha }e^{{\hat {n}}\alpha \theta }=\|q\|^{\alpha }\left(\cos(\alpha \theta )+{\hat {n}}\sin(\alpha \theta )\right).$

Dealing with the Logarithm, it would be particularly attractive if a LOG2 could be taken of a Quaternion, in that the Diffie Hellman Key Exchange Protocol deals with discrete logs, and the prime modulus of the key exchange would help in taking the square roots in this regard. However, my initial researches into this matter show that the ARCCOS function that is part of the LOG function, seen above, always returns a nonrational number. In general, all numbers that are part of a modular equation need to be rational.

However, we can create modular Quaternions that have natural squares for both the Norm of the Quaternion and the norm of the vector part of the Quaternion. We simple zero out A and C, for instance, and set B and D to be parameters of a Pythagorean Triple, such as Quaternion where the $N={\sqrt {3^{2}+4^{2}}}==5$ and the norm of the vector for this Quaternion equals 5 as well. So we are almost at the point where the LOG2] could be taken, alas, the ARCCOS returns $PI/2$ which is not rational. However, the log2] returns:

-\infty +*\pi /(2*5)

In modular arthmetic, the $Log2==0$ but the PI value cannot be instantiated in a MOD P*Q scheme.

So it looks like there is no LOG2 analogue for a modular quaternion.

Dealing with the de moivre square like formula of Quaternions, things look a bit better. Getting the $\theta$ of the Quaternion is okay:

a=\|q\|\cos(\theta )

ArcCos==\pi /2

where the formula for the square is:

q^{\alpha }=\|q\|^{\alpha }e^{{\hat {n}}\alpha \theta }=\|q\|^{\alpha }\left(\cos(\alpha \theta )+{\hat {n}}\sin(\alpha \theta )\right).

Setting $\alpha =1/2$ then $\cos(\alpha \theta )=\cos(\pi /4)=1/{\sqrt {2}}$ . This happens for the $\sin(\alpha \theta )=\sin(\pi /4)=1/{\sqrt {2}}$ as well.

However, my inital enquiries show that there is no analogue for the demoivre theorum. Using $4801*1201$ as the modulus I get the equation:

Mod[372155 (1574679 + (3 1574679 246254 + 4 1574679 1925202) PowerMod[
      5, -1, 1201 4801]), 1201 4801]
=1342976
where 372155 is the square root of 5
1574679 is the inverse square root of 2
246254 is the square root of -1
1925202 is the square root of 1
However,
PowerMod, 1/2, 
 4801 1201]
2118921

(2)^(1/2)+3^(1/2) In Modular Arithmetic

According to YouTube Mathologer video ], the number PI can be expressed as ${\sqrt {2}}+{\sqrt {3}}\approx \pi$ .

Working with this I was able to get a rough relationship with SIN and SIN and the sum given above.

Mod + PowerMod, 97 47] = 2110

I'm still working out the properties of this modular number but there is one I can point out right now.

There is often a direct relationship between the SIN and SIN and sqrt{2}+sqrt{3}.

$4*SIN{\bmod {p*q}}\equiv ({\sqrt {2}}+{\sqrt {3}})-({\sqrt {2}}+{\sqrt {3}})^{-1}$

and

$8*SIN-4{\bmod {p*q}}\equiv ({\sqrt {2}}+{\sqrt {3}})-({\sqrt {2}}+{\sqrt {3}})^{-1}$

This relationship happens around half the time that there is a modular square root for 2 and for 3 in the P*Q modulus.

I have constructed a Mathematica function here that will demonstrate this relationship:

try222a := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a21, 
   a22, a23, a24, a25, a26, a27, a28, a29, a210, pq},
  a1 = NextPrime;
  a7 = 0; a8 = 0;
  a11 = 0; a12 = 0;
  For[a2 = 1, a2 < 100, a2++,
   a1 = NextPrime;
   a3 = NextPrime;
   For[a4 = 1, a4 < 100, a4++,
    a7++;
    If[1 == 1,
     If] && 
        IntegerQ],
       a8++;
       Print;
       pq = a1 a3;
       a21 = Mod + PowerMod, pq];
       a22 = PowerMod;
       a23 = Mod;
       a24 = Mod, pq];
       a29 = Mod, pq];
       a25 = 
        Mod, -1, pq] PowerMod[
           2, -1, pq], pq];
       a210 = 
        Mod, -1, pq] PowerMod[
           2, -1, pq], pq];
       a26 = Mod;
       a210 = Mod;
       a27 = 
        Mod - 1) PowerMod[
           2 PowerMod, -1, pq], pq];
       a28 = Mod;
       Print[{a21, a22, a23, a24, a25, a26, a28, a29, 
         Mod}];
       a13 = 0;
       If[a23 == a24 && a23 + 4 == a26,
        a11++; a12++;,
        If[a23 + 4 == a26,
          a12++;
          ];];
       ];
     ];
     a3 = NextPrime;
    ];
   ];
  Print;
  ]

If you run this function, and iterate through 10,000 P*Q semiprimes, of all descriptions, you get

try222a
{9801,506,269,269}

This output is one of totals. There are 9801 semiprimes tested, 506 have both modular square roots for both 2 and 3, and 269 of them have both relationships shown above. That's about half of the possible candidates. I have no explanation yet while this is so, but the prevalence of the relationships between the SIN and ~PI-~PI^{-1} is very strong. Possibly, the roots for the other half of the nonmatching candidates are not in alignment (square root of 1 in the way). This would nicely account for the other half of the candidates that don't match.

Modular Square Root Of Two Definition

Working with a modified mathematica procedure, I was able to come up with this definition of the modular square root of 2 mod p*q.

{\sqrt {2}}{\bmod {p*q}}\equiv {\sqrt {3}}-({\sqrt {2}}+{\sqrt {3}})^{-1}

I give the following Mathematica procedure to show this as examples:

try222b := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a21, 
   a22, a23, a24, a25, a26, a27, a28, a29, a210, pq},
  a1 = NextPrime;
  a7 = 0; a8 = 0;
  a11 = 0; a12 = 0;
  For[a2 = 1, a2 < 100, a2++,
   a1 = NextPrime;
   a3 = NextPrime;
   For[a4 = 1, a4 < 100, a4++,
    a7++;
    If[1 == 1,
     If] && 
        IntegerQ],
       a8++;
       Print;
       pq = a1 a3;
       a21 = Mod, pq];
       a22 = 
        Mod - 
          PowerMod + PowerMod, -1, 
           pq], pq];
       If[(a21 == a22),
        a11++;,
        ];  
       ];
     ];
     a3 = NextPrime;
    ];
   ];
  Print;
  ]
  try222b
  {9801,506,506}

Some of the output shown above of this procedure shows that among 9801 semiprimes, 506 had both modular square roots of both 2 and 3 and that all 506 of these had the definition of the modular square root of 2 given above.

A Definition Of All Modular Square Roots Mod P*Q

Working on the definition of the modular square root of 2 mod p*q found in the previous section, it seems that this type of definition of the square root of r in terms of the square root of r+1 applies to all modular square roots mod p*q.

{\sqrt {r}}{\bmod {p*q}}\equiv {\sqrt {r+1}}-({\sqrt {r}}+{\sqrt {r+1}})^{-1}

I give the following Mathematica procedure to show this as examples:

try222c := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a21, 
   a22, a23, a24, a25, a26, a27, a28, a29, a210, pq},
  a1 = NextPrime;
  a7 = 0; a8 = 0;
  a11 = 0; a12 = 0;
  For[a2 = 1, a2 < 100, a2++,
   a1 = NextPrime;
   a3 = NextPrime;
   For[a4 = 1, a4 < 100, a4++,
    a7++;
    If[1 == 1,
     If] && 
        IntegerQ],
       a8++;
       (*Print;*)
       pq = a1 a3;
       a21 = Mod, pq];
       a22 = 
        Mod - 
          PowerMod[
           PowerMod + PowerMod, -1, pq], 
         pq];
       If[(a21 == a22),
        a11++;,
        ];  
       ];
     ];
     a3 = NextPrime;
    ];
   ];
  Print;
  ]
try222c
{9801,2304,2304}
try222c
{9801,2256,2256}
try222c
{9801,395,395}

A very interesting definition of the modular square root mod p*q if I don't say so myself.

It is not remarkable that:

-{\sqrt {r}}{\bmod {p*q}}\equiv {\sqrt {r+1}}-{\sqrt {r}}-{\sqrt {r+1}}

In fact, it is algebra. However, the inverse operation is supposed to scramble the terms, but instead it seems to function, $-({\sqrt {r}}+{\sqrt {r+1}})^{-1}$ as the difference between the two squares or r and (r+1).

By taking advantage of natural squares sometimes we can simplify this equation. Take for example the case when $r^{2}=4$ :

{\sqrt {5}}-(2+{\sqrt {5}})^{-1}{\bmod {89*29}}\equiv 2

Taking the other root as a natural we get:

9-({\sqrt {80}}+9)^{-1}{\bmod {89*29}}\equiv 102\equiv {\sqrt {80}}

Since the definition of the inverse of a complex number is described here, as

{\frac {1}{z}}={\frac {\bar {z}}{z{\bar {z}}}}={\frac {\bar {z}}{\|z\|^{2}}}={\frac {a-bi}{a^{2}+b^{2}}}={\frac {a}{a^{2}+b^{2}}}-{\frac {b}{a^{2}+b^{2}}}i.

Now the modular definition of the complex number means that, for instance, ${\sqrt {5}}^{2}\equiv -5$ then the inverse of the two adjacent square roots is:

({\sqrt {r}}+{\sqrt {r+1}})^{-1}{\bmod {p*q}}\equiv ({\sqrt {r}}-{\sqrt {r+1}})*(-1)^{-1}

As such the difference of the squares becomes apparent.

For the difference when the roots are n integers apart then:

(-{\sqrt {r}}+{\sqrt {r+n}}){\bmod {p*q}}\equiv (-r+(r+n))*({\sqrt {r}}+{\sqrt {(r+n)}})^{-1}

Roots Of Adjacent Squares Found From Any Residue

Thus, knowing the sum of squares that are 1 apart, allows the knowing of the difference of the squares, and thus of the two individual squares themselves. Since this is because of the complex definition of the inverse then it will also work for knowing the difference of the two squares.

({\sqrt {r}}-{\sqrt {r+1}})^{-1}{\bmod {p*q}}\equiv ({\sqrt {r}}+{\sqrt {r+1}})*(-1)^{-1}

337 is the modular square root of 5 mod 89*29
get the sum of the two roots whose squares are adjacent to each other
Mod[(2 + 337)*(-1)= 2242
invert the difference of two roots
PowerMod= 2242

As such you should be able to take any residue mod p*q and invert it and then find the two adjacent squares whose roots equal the residue involved.

If we take the example shown just above, where $-335^{-1}{\bmod {89*29}}\equiv -339$

So $-335\equiv {\sqrt {x}}-{\sqrt {x+1}}$ and $-339\equiv {\sqrt {x}}+{\sqrt {x+1}}$

therefore $339-335\equiv {\sqrt {x}}*2$ and halving 4 gets 2, so 2 is one of the roots and 337 is the other root. Sure enough $2^{2}\equiv 4$ and $337^{2}{\bmod {89*29}}\equiv 5$ . This process can basically happen for any residue of p*q.

We'll take another example of this:

PowerMod= 1399
Mod= 1570
Mod= 1182
find the two roots
(1570 - 1182)/2= 194
1182 + 194= 1376
confirm the squares are adjacent to each other
Mod= 1502
Mod= 1503

Roots From Squares N Apart

Extending the formula given above for the inverse of square roots 1 apart to N apart we get:

({\sqrt {r}}-{\sqrt {r+n}})^{-1}{\bmod {p*q}}\equiv ({\sqrt {r}}+{\sqrt {r+n}})*(-n)^{-1}

({\sqrt {r}}+{\sqrt {r+n}})^{-1}{\bmod {p*q}}\equiv (-{\sqrt {r}}+{\sqrt {r+n}})*(-n)^{-1}

From this the following Mathematica routine will find squares N apart from any residue

a is the difference of the roots
o is the difference of the squares
try222a := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, pq}, pq = pq1;
  a1 = Mod PowerMod, pq];
  a2 = Mod, pq];
  a3 = Mod;
  Print, Mod}}];
  root1 = a2;
  root2 = a3;
  square1 = Mod;
  square2 = Mod;]
aa is sum of the roots
o is difference of the squares
try222b := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, pq},
  pq = p q;
  a1 = PowerMod;
  a2 = Mod;
  a3 = Mod, pq];
  a4 = Mod;
  Print, Mod}}];
       ]
calling this routine we get squares 2 apart
try222b
{{1179,2825},{1289,1287}}
now we get squares 6 apart
try222b
{{2526,1478},{2593,2587}}
Feeding in either -1 or 1 as the residue gives us roots as apart as the squares are:
try222b
{{1493,1499},{2257,2251}}
try222b
{{1500,1494},{2257,2251}}

Knowing the difference between two square roots allows the finding of both square roots

Focusing on work done on the difference between two modular square roots, where it has been decided that

(-r+(r+n))({\sqrt {r}}+{\sqrt {r+n}})^{-1}{\bmod {p*q}}\equiv -{\sqrt {r}}+{\sqrt {r+n}}

it is easily seen that knowing the difference between the two roots will reveal both the roots, if you know the squares.

Take the Mathematica Expand command and the proof is easy to see:

Expand = 2 a b - 2 b d

Knowing 2(a-d) it is easy to find b. An example follows:

PowerMod= 482
PowerMod= 1011
so the difference between the two roots is 529
1011-482 = 529
take 500 as a guess for 34^(1/2), add 529 to it to get 1029 
Mod= 1604
Mod, 89 29]= 2563=-18
so 500-18=482, the answer and 1029-18=1011 the answer

De Moivre's formula seems to have an analogue of sorts in Modular Arithmetic

After experimenting with De Moivre's formula I was able to take a type of square root and even a cube root when $sin(\Theta )$ and $cos(\Theta )$ can be expressed as a rational number (a fraction). This work is probably restricted to 1 mod 4 semiprimes and to 1 mod 4 primes.

My work, showing two examples where division of the $\Theta$ makes for a square or even cube root.

Since $sin(\Pi /4){\bmod {p*q}}\equiv {\sqrt {2}}^{-1}$ and $sin(\Pi /4)=cos(\Pi /4)$ , then the coefficients for the complex number are ${\sqrt {2}}^{-1}{\bmod {113*257}}\equiv 13077$ .

Since the complex coefficients for $\Pi /2$ would equal the ${\sqrt {-1}}{\bmod {p*q}}$ , then the complex equation:

13077+13077*13123{\bmod {113*257}}\equiv 19279

and

19279^{2}{\bmod {113*257}}\equiv 13123

then we have found the quad root of -1.

Back to our original quest for a square root, since this is modular arithmetic let's try $13077*{\sqrt {1}}{\bmod {113*257}}\equiv 13591$ .

{\sqrt {1}}*({\sqrt {2}}^{-1}+{\sqrt {2}}^{-1}*{\sqrt {-1}}){\bmod {p*q}}\equiv 13591+13591*13123\equiv 27503

Since we are dividing $\Theta$ by 2, then the sine and cosine formulas are:

cos(\Pi /8){\bmod {p*q}}\equiv {\sqrt {2+{\sqrt {2}}}}*2^{-1}{\bmod {p*q}}\equiv 15689{\bmod {113*257}}

sin(\Pi /8){\bmod {p*q}}\equiv {\sqrt {2-{\sqrt {2}}}}*2^{-1}{\bmod {p*q}}\equiv 18310{\bmod {113*257}}

After some play with the coefficients I had to switch the sin and cos parameters, giving:

(-18310+15689*241)^{2}{\bmod {113*257}}\equiv 27503

Thus the square root of the coefficients for $\Theta /4$ are the coefficients, sort of, for the $\Theta /8$ . Please note that I had to switch the two square roots of -1 in the root and square.

{\sqrt {-1}}_{1}{\bmod {113*257}}\equiv 13123

{\sqrt {-1}}_{2}{\bmod {113*257}}\equiv 241

I believe the switching of the sin and cos coefficients and the change of the square root of -1 mod p*q have to do with the reflection around the four axis of the polar coordinates.

Taking the Cube Root

For people reading the following examples the wikipedia math article Root_of_unity#Trigonometric_expression is quite applicable. The following two examples show that there are roots of unity in modular arithmetic.

I was able to take the cube root of -1 mod p*q in the following example:

Since $sin(\Pi /2)=1$ and $cos(\Pi /2)=0$ the math is considerably simplified. The sin and cos values for $\Pi /6$ are:

cos(\Pi /6){\bmod {p*q}}\equiv {\sqrt {3}}*2^{-1}{\bmod {p*q}}\equiv 15648{\bmod {337*577}}

sin(\Pi /6){\bmod {p*q}}\equiv 2^{-1}{\bmod {p*q}}\equiv 97225{\bmod {337*577}}

And, interestingly, the following equation is the cube root of -1.

(97225+15648*133263)^{3}{\bmod {337*577}}\equiv -1

where

133263{\bmod {337*577}}\equiv {\sqrt {-1}}

Please note that if the number shown above is $X\equiv (2^{-1}*(1+{\sqrt {-3}}))$ then the cube root of any negative number can be derived if the cube root of its positive number is known: $(X*{\sqrt{Y}}){\bmod {p*q}}\equiv {\sqrt{-Y}}$

Taking the 5th Root Of 1

To take the 5th Root of 1, first take the sin and cos of $\Pi /10$ ,

Sin(\Pi /10){\bmod {401*101}}\equiv (1/4)*({\sqrt {5}}-1)\equiv (1/4)*(2985-1)\equiv 746

Cos(\Pi /10){\bmod {401*101}}\equiv {\sqrt {({\sqrt {5}}+5)/8}}\equiv {\sqrt {(2985+5)/8}}\equiv 11367

With ${\sqrt {-1}}_{1}{\bmod {401*101}}\equiv 4030$ and ${\sqrt {-1}}_{2}{\bmod {401*101}}\equiv 25644$

Then:

(746+4030*11367){\bmod {401*101}}\equiv 3125

and

3125^{5}{\bmod {101*401}}\equiv 1

(746+25644*11367){\bmod {401*101}}\equiv 10397

and

10397^{5}{\bmod {101*401}}\equiv 1

Thus the fifth root of 1 has polar coordinates.

The Square Root Of 5 mod p*q is found with the following addition and subtraction of the fifth roots of unity, as can be seen from the Square root of 5 wiki article:

The field ℚ, like any other quadratic field, is an abelian extension of the rational numbers. The Kronecker–Weber theorem therefore guarantees that the square root of five can be written as a rational linear combination of roots of unity:

${\sqrt {5}}=e^{{\frac {2\pi }{5}}i}-e^{{\frac {4\pi }{5}}i}-e^{{\frac {6\pi }{5}}i}+e^{{\frac {8\pi }{5}}i}.\,$

Thus:

(3125-3125^{2}-3125^{3}+3125^{4}){\bmod {401*101}}\equiv 2985\equiv {\sqrt {5}}

(10397-10397^{2}-10397^{3}+10397^{4}){\bmod {401*101}}\equiv 2985\equiv {\sqrt {5}}

Interestingly, 9045 is the other square root of 5 mod 401*101, but I was unable to come up with any permutation of the root of unity, 3125, to equal 9045. Use the other fifth root of 1, 10498, to get this figure.

$10498-10498^{2}-10498^{3}+10498^{4}{\bmod {401*101}}\equiv 9045$ and $10498^{5}{\bmod {401*101}}\equiv 1$

In this case the other root of 5 is used to calculate the complex coefficients.

Sin(\Pi /10){\bmod {401*101}}\equiv (1/4)*({\sqrt {5}}-1)\equiv (1/4)*(9045-1)\equiv 2261

Cos(\Pi /10){\bmod {401*101}}\equiv {\sqrt {({\sqrt {5}}+5)/8}}\equiv {\sqrt {(9045+5)/8}}\equiv 15710

(2261+4030*15710){\bmod {401*101}}\equiv 10498

and

10498^{5}{\bmod {101*401}}\equiv 1

(2261+25644*15710){\bmod {401*101}}\equiv 6054

and

6054^{5}{\bmod {101*401}}\equiv 1

See here for an example of the modular square root of -3 being equal to the sum of the two roots of unity of 3.

Consult Hilbert's twelfth problem where the article says:

Kronecker's Jugendtraum or Hilbert's twelfth problem, of the 23 mathematical Hilbert problems, is the extension of the Kronecker–Weber theorem on abelian extensions of the rational numbers, to any base number field. That is, it asks for analogues of the roots of unity, as complex numbers that are particular values of the exponential function; the requirement is that such numbers should generate a whole family of further number fields that are analogues of the cyclotomic fields and their subfields.

Now we have successfully showed that the 5th root of unity per modulus p*q can be written in polar coordinates, or as modular complex numbers. Are modular complex numbers a contribution to extending the Kronecker-Weber theorem beyond the abelian extensions of the rational numbers? Clearly, the integer values of the modular numbers shown here are subfields of Q, but now that their polar coordinates have been revealed, has a contribution to Hilbert's twelfth problem been shown? Perhaps, an interesting example of the permutation of roots of unity in regular mod p*q fields has been shown.

The Golden Ratio As A Modular Number

Since, according to Golden ratio, the Golden Ratio is $(1+{\sqrt {5}})/2{\bmod {p*q}}$ , then if the modulus $p*q$ has a square root of 5, then there is a golden ratio for the modulus.

And examination shows that some of the properties of the Golden Ratio do hold, although the ways to approximate the golden ratio do not.

(1+{\sqrt {5}})/2{\bmod {89*29}}\equiv 169

And the quadratic equation $x^{2}-x\equiv 1{\bmod {p*q}}$ holds as well as in the following mathematica solve command:

Solve
{{a -> 169}, {a -> 633}, {a -> 1949}, {a -> 2413}}

One of the solutions will always be the golden ratio.

As well the well known identity with the Golden Ratio:

{\frac {n}{m}}={\frac {m}{n-m}}.\qquad (*)

For instance,

Mod=169
PowerMod=2039
Mod, 89 29]=169
Mod, 89 29]=169

According to Golden ratio:

This illustrates the unique property of the golden ratio among positive numbers, that

${1 \over \varphi }=\varphi -1,$

And this is true in modular arithmetic since: $169^{-1}{\bmod {89*29}}\equiv 168$ .

Golden Ratio Times Square Root Of 2

If we take the Golden Ratio, whose inverse is 1 less, and the square root of 2, whose inverse is half, then $(GR*SQRT2)/2-(GR*SQRT2)^{-1}{\bmod {p*q}}\equiv SQRT2^{-1}$ . Dropping into Mathematica we can see this holds for the modulus: $599*601$

PowerMod=67039
PowerMod=16606
Mod[((1 + 67039) PowerMod[2, -1, 
      599 601] 16606) PowerMod - 
  PowerMod 16606), -1, 599 601],
  599 601]=8303
Mod, 599 601]=8303

Complex Conjugate Of Root Of Unity Is Modular Inverse

Quoting from the Knowledge (XXG) article Complex conjugate:

"In polar form, the conjugate of $\rho e^{i\phi }$ is $\rho e^{-i\phi }$ . This can be shown using Euler's formula."

As such, since polar coordinates have an analogue in modular arithmetic, we can see that

(97225+15648*133263)^{-1}{\bmod {337*577}}\equiv (97225-15648*133263)\equiv 68877

This happens to be the case for this sum above.

I was able to get another modulus to work with this sum:

(194281+36879*87768)^{3}{\bmod {337*1153}}\equiv -1\equiv (2^{-1}+{\sqrt {3}}*2^{-1}*{\sqrt {-1}}_{i})^{3}{\bmod {p*q}}

Now that we have a formula for taking the cube root of -1, we can apply this to prime modula instead of semiprime modula. In this case it is easy to find the square root of 3 mod p. Thus if $337$ is the modulus in the equation above instead of $337*1153$ then the equation becomes:

(169+191*148)^{3}{\bmod {337}}\equiv -1\equiv (2^{-1}+{\sqrt {3}}*2^{-1}*{\sqrt {-1}})^{3}

Reducing this further, per the mod p, we get:

(169(1+80))^{3}{\bmod {337}}\equiv -1\equiv (2^{-1}*(1+{\sqrt {-3}}))^{3}{\bmod {p}}

This above equation (on the right) is very close to an Eisenstein integer.

Dropping into Mathematica and trying the prime modulus $1153$ we find the formula works as well:

Mod (1 + PowerMod))^3, 1153]== -1

The Third Root Of -1 And RSA With E Equals 3

If we have knowledge of ${\sqrt {-3}}{\bmod {p*q}}$ as in $8505\equiv {\sqrt {-3}}{\bmod {577*337}}$ , and the RSA plaintext can be expressed as $X+X*(2^{-1}(1+{\sqrt {-3}})$ , then my example below shows that you can derive $X^{3}{\bmod {p*q}}$ .

Take $(27+27*4253)^{3}{\bmod {577*337}}\equiv 144427$ where $2^{-1}(1+{\sqrt {-3}}){\bmod {577*337}}\equiv 4253$

Now the cipher text expands out, and certain terms cancel out:

(27+27*4253)^{3}{\bmod {577*337}}\equiv (27^{3}-27^{3}+3*27*27^{2}*4253+3*27^{2}*27*4252)

since

4253^{2}{\bmod {577*377}}\equiv 4252

And so, dividing by 3:

(27+27*4253)^{3}{\bmod {577*337}}\equiv (27*27^{2}*4253+27^{2}*27*4252)\equiv 177775

This equals also:

(27+27*4253)^{3}{\bmod {577*337}}\equiv (2*4253-1)27^{3}\equiv 177775

Divding by $(2*4253-1)$ which is known, gives:

27^{3}{\bmod {577*337}}\equiv 19683

Thus, if ${\sqrt {-3}}{\bmod {p*q}}$ is known, then the cube root of -1 can be known and the RSA (with E=3) ciphertext can be rewritten as $(X+X*{\sqrt{-1}})^{3}{\bmod {p*q}}$ . From here $X^{3}{\bmod {p*q}}$ can be derived.

Root Of -3 Mod PQ Is Sum Of Two Cube Roots Of -1 Mod PQ

Note that

{\sqrt{-1}}^{2}{\bmod {p*q}}\equiv {\sqrt{-1}}-1

and also

${\sqrt {-3}}{\bmod {p*q}}\equiv {\sqrt{-1}}+{\sqrt{-1}}^{2}$

4253+4252{\bmod {337*577}}\equiv 8505\equiv {\sqrt {-3}}

Square Root Of 2 Mod P*Q Is Twice That Of Its Inverse

According to Square root of 2:

"One-half of √2, also the reciprocal of √2"

and this is true in modular arithmetic:

{\sqrt{2}}{\bmod {337*577}}\equiv 24251

{\sqrt{2}}{\bmod {337*577}}\equiv 48502\equiv 2*24251

Can Often Find The Cube Root of -1 By Taking A Square Root

However, we can note that $(1+{\sqrt{-1}})^{6}{\bmod {p*q}}\equiv -27$ so it is possible to get $X^{6}{\bmod {p*q}}$ as in:

((27+27*4253)^{3})^{2}{\bmod {577*337}}\equiv (-27)*27^{6}\equiv 30752\equiv (-27)*78081

Thus if we take a modular square root of ${\sqrt {X^{6}}}{\bmod {p*q}}\equiv X^{3}$ , we can then divide $X^{3}(1+{\sqrt{-1}})^{3}*X^{-3}{\bmod {p*q}}$ . At this point we have $(1+{\sqrt{-1}})^{3}\equiv (6*{\sqrt{-1}}-3){\bmod {p*q}}$ so it is easy to derive ${\sqrt{-1}}{\bmod {p*q}}$ from this sum.

Since $(1+{\sqrt{-1}})^{6}{\bmod {p*q}}\equiv -27$ and the square root of ${\sqrt {-27}}{\bmod {p*q}}\equiv 3*{\sqrt {-3}}$ , then $(1+{\sqrt{-1}})^{3}{\bmod {p*q}}\equiv 3*{\sqrt {-3}}$ .

So to derive the cube root of -1 from a cube:

1) square the cube:

(X^{3}(1+{\sqrt{-1}}))^{2}{\bmod {p*q}}\equiv (-27)*X^{6}

2) divide by (-27) and then take a modular square root:

{\sqrt {X^{6}}}{\bmod {p*q}}\equiv X^{3}

3) divide the cube by

X^{3}

deriving

(1+{\sqrt{-1}})^{3}{\bmod {p*q}}

4) Since

(1+{\sqrt{-1}})^{3}{\bmod {p*q}}\equiv 6*{\sqrt{-1}}-3

then add 3 and divide by 6 giving

{\sqrt{-1}}

5) Note: You might have to get the right modular square root for this procedure to work.

There is only a cube root of -1 mod pq when there is a square root of -3 mod pq

For modula of 1 mod 4, based upon proofs in the wiki article, Eisenstein integer, there is only a cube root of -1 mod p*q when there is also a square root of -3 mod p*q.

The Formula of 2^(-1)(1+(-3)^(1/2)) mod pq === (-1)^(1/3) Seems To Work For 3 Mod 4 Semiprimes As Well

If we try 3 mod 4 semiprimes with the formula: $2^{-1}*(1+{\sqrt {-3}}){\bmod {p*q}}\equiv {\sqrt{-1}}$ we find that the equation works for these semiprimes as well:

Try this Mathematica function

try888 := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10},
  a1 = NextPrime;
  For[a2 = 1, a2 <= 10, a2++,
   a3 = NextPrime;
   For[a4 = 1, a4 <= 10, a4++,
    If == 3 && Mod == 3,
     If],
       a6 = PowerMod;
       a5 = Mod (1 + a6), a1 a3];
       Print}];
       a3 = NextPrime;
       ];
     ];
    a1 = NextPrime;
    ];
   ];
  ]

and get the following answers:

try888
   P, Q, (-3)^(1/2), (-1)^(1/3}, 1
{{79,67},126,2710,1}
{{127,67},1817,909,1}
{{199,67},611,306,1}
{{271,67},1683,842,1}
{{283,67},477,239,1}
{{367,67},2002,13296,1}
{{439,67},343,172,1}
{{487,67},11666,22148,1}
{{547,67},1013,507,1}
{{607,67},6491,3246,1}

Notes On Polar Coordinates Of Roots Of -1 In 3 Mod 4 Semiprime Modula

Although we have found a case above where the 3 mod 4 semiprime had the third root of -1, according to the DeMoivre's Theorum, this will usually not be the case in 3 mod 4 semiprimes, for two reasons:

3 mod 4 semiprime modula cannot have arithmetic inverses both be quadratic numbers. Thus if

X^{2}{\bmod {p*q}}

exists then

-X^{2}{\bmod {p*q}}

will not have a square root. Thus there can be no quad roots of -1 since the polar coordinates are necessarily 1)

{\sqrt {2}}^{-1}

and

{\sqrt {2}}^{-1}*{\sqrt {-1}}\equiv {\sqrt {-2}}^{-1}

. Since if there is a

{\sqrt {2}}{\bmod {p*q}}

there cannot be a

{\sqrt {-2}}{\bmod {p*q}}

for 3 mod 4 semiprime modula, then there cannot be quad roots of -1 in 3 mod 4 semiprime modula

Since there cannot be

{\sqrt {-1}}{\bmod {p*q}}

for 3 mod 4 semiprime modula, then any appearance of this term, by itself, within the Sin(Theta/n) or Cos(Theta/n) coefficients will necessarily mean that the Nth root of -1 cannot happen in 3 mod 4 semiprime modula.

Quest For The Third Root of -1

If ${\sqrt{-1}}{\bmod {p*q}}=a$ and $(1+{\sqrt{-1}})^{3}{\bmod {p*q}}=(1+a)^{3}\equiv 6*a-3$ due to the fact that $a^{2}{\bmod {p*q}}\equiv a-1$ , then

a(a-1){\bmod {p*q}}\equiv -1

('a' is the cube root of -1 mod p*q).

By empirical observation I also note that:

(1+a)^{-1}{\bmod {p*q}}\equiv (-3*x-1)

and

(1+a)^{-3}{\bmod {p*q}}\equiv (-2*x-1)

Also note that $(1+a)^{2}{\bmod {p*q}}\equiv 3*a$ and that $(3*a)^{-1}{\bmod {p*q}}\equiv (-a+1)^{-1}*3^{-1}\equiv (-3*x-4*3^{-1})$

This means that the following sequence of equations can be made to solve for $a$ and $x$ (See Mathematica below):

PowerMod==129633
Reduce[(a + 1) (-3 x - 1) == 1 && (6 a - 3) (-2 x - 1) == 1 && 
  a - 9 x == 5 && (3 a) (-3 x - 4 129633) == 1, {a, x}, 
 Modulus -> 337 577]
(a == 4253 && x == 472) || (a == 68877 && 
   x == 180496) || (a == 125573 && x == 13952) || (a == 190197 && 
   x == 193976)
Mod==-1 
Also note that
a == 9*x+5 ==9*472+5==4253

This above equation seems to hold for all 1 mod 4 semiprime modula. The general equation to solve for $x$ seems to be:

Solve 
{{x -> 472}, {x -> 13952}, {x -> 180496}, {x -> 193976}}

(with Gauss's modular quadratic work, it is necessary to solve for the square root of (-3/81)).

and the general equation to solve for the cube root of -1 for the modulus $337*577$ (noting that $2^{-1}{\bmod {337*577}}\equiv 97225$ ) seems to be:

Expand 
4375121 - 5250145 a + 875025 a^2 == 0 for modulus 337*577.

Equations With X when 9*x+5 is cube root of -1

Since ${\sqrt{-1}}+{\sqrt{-1}}^{2}{\bmod {p*q}}\equiv {\sqrt {-3}}$ then $9*x+5+9*x+4{\bmod {p*q}}\equiv 18*x+9\equiv {\sqrt {-3}}$

Some more formulas for $x$ where $9*x+5{\bmod {p*q}}\equiv {\sqrt{-1}}$ are

125+675*x+1215*x^{2}+729*x^{3}{\bmod {p*q}}\equiv -1

7*(27x^{2})^{-1}+x^{-1}{\bmod {p*q}}\equiv -1

(540*x^{2}+729*x^{3}){\bmod {p*q}}\equiv 49

(-540*x+729*x^{3}){\bmod {p*q}}\equiv 189

-(-60*{\sqrt{-1}}+729*x^{3}){\bmod {p*q}}\equiv 111

(4*{\sqrt{-1}}+5)({\sqrt{-1}}+13)({\sqrt{-1}}-2){\bmod {p*q}}\equiv -183

1350+6669*x+8829*x^{2}+2916*x^{3}{\bmod {p*q}}\equiv -183

(4*{\sqrt{-1}}-9)({\sqrt{-1}}-14)({\sqrt{-1}}+1){\bmod {p*q}}\equiv 183

-594-2241*x-81*x^{2}+2916*x^{3}{\bmod {p*q}}\equiv 183

5+39*x+99*x^{2}+81*x^{3}{\bmod {p*q}}\equiv 3^{-1}

x*(x+1){\bmod {p*q}}\equiv -21*81^{-1}

(3*x+1)(3*x+2){\bmod {p*q}}\equiv 2+9*x+9*x^{2}\equiv -3^{-1}

(9*x+4)(9*x+5){\bmod {p*q}}\equiv -1

(1+5*x+6*x^{2})(9*x+4){\bmod {p*q}}\equiv 4+29*x+69*x^{2}+54*x^{3}\equiv 9^{-1}

(-3*x-4*3^{-1})(9*x+5){\bmod {p*q}}\equiv 3^{-1}

-7*x^{-1}-27*x{\bmod {p*q}}\equiv 27

7*x^{-2}+27*x^{-1}{\bmod {p*q}}\equiv -27

7*x^{-1}+27*(x+1){\bmod {p*q}}\equiv 0

(7*x^{-1}-27*(x))^{-1}{\bmod {p*q}}\equiv 2*x+1\equiv -(1+{\sqrt{-1}})^{-3}

7*x^{-1}+3*({\sqrt{-1}}+4){\bmod {p*q}}\equiv 0

7*x^{-1}+3*{\sqrt{-1}}{\bmod {p*q}}\equiv -12

7*x^{-1}+(-3*x-4*3^{-1})^{-1}{\bmod {p*q}}\equiv -12

(Factoring $(27*(-7^{-1}{\bmod {p*q}})(x+x^{2})\equiv x*x^{-1}$ will reveal both x and x^{-1} but we don't have the full sum of $x+x^{2}$ , only the residue).

((20/(3*x))+(7/(3*x^{2})))*({\sqrt{-1}}+4){\bmod {p*q}}\equiv -21

(20)*(3*x)^{-1}+7*(3*x^{2})^{-1}+5{\bmod {p*q}}\equiv {\sqrt{-1}}

7*x^{-3}+20*x^{-2}{\bmod {p*q}}\equiv 27

13*(x^{2}-x){\bmod {p*q}}\equiv 54*x^{4}+7

(50*x-52*(-21*81^{-1})-7)(-54*x-7)^{-1}{\bmod {p*q}}\equiv -25*27^{-1}

(7(x^{-1})+18)({\sqrt{-1}}+1){\bmod {p*q}}\equiv 9

(7*x^{-1}+15)({\sqrt{-1}}){\bmod {p*q}}\equiv 3

(7*x^{-1}+12){\bmod {p*q}}\equiv -3*{\sqrt{-1}}

7*x^{-1}+20{\bmod {p*q}}\equiv 27*x^{2}

7+20*x{\bmod {p*q}}\equiv 27*x^{3}

81*{\sqrt {-3}}+42*{\sqrt {-3}}*x^{-1}{\bmod {p*q}}\equiv 27

You'll notice with the following three equations for x that x increments by (3*x+1) and the sum is (3*x+1)(3*x+2). That is an unusual pattern, and if the sum were known instead of the residue it would be trivial to figure out x.

x*(x+1){\bmod {p*q}}\equiv -21*81^{-1}

(3*x+1)(3*x+2){\bmod {p*q}}\equiv 2+9*x+9*x^{2}\equiv -3^{-1}

(9*x+4)(9*x+5){\bmod {p*q}}\equiv -1

(27*x+13)(27*x+14){\bmod {p*q}}\equiv -7

The inverse definition is $(1+{\sqrt{-1}})^{-1}{\bmod {p*q}}\equiv -(1+{\sqrt{-1}})*3^{-1}+1$ so the inverse is almost exactly -1/3 of the sum.

The inverse $(1+{\sqrt{-1}})^{-2}{\bmod {p*q}}\equiv -({\sqrt{-1}})^{2}*3^{-1}\equiv -({\sqrt{-1}}-1)*3^{-1}$ so the inverse is almost exactly -1/9 of the sum.

The inverse $(1+{\sqrt{-1}})^{-3}{\bmod {p*q}}\equiv -(1+{\sqrt{-1}})^{3}*27^{-1}\equiv -(2*x+1)$ so the inverse is almost exactly -1/27 of the sum.

These last three equations unwind the exponentiation to become division in the inverses.

These formulas are remarkable in that all 1 mod 4 semiprimes seem to have these equations equal 49 or 189.

Mathematica Procedure To Find Cube Roots of -1 Of Large Prime Modula

The following Mathematica procedure will isolate x from 1/x or x^2. It will find

(7*a/((a+x))-7))(x+1)

where $x+a==500$ (this is the guess for the value of x). It starts with the remarkable facts that $7/x-27x{\bmod {p*q}}\equiv 27$ and $x^{2}+x{\bmod {p*q}}\equiv -21*81^{-1}$ .

This is another way of solving

x^{2}+x{\bmod {p*q}}\equiv -21*81^{-1}

In fact if the guess, $x+a=7$ then the equation reduces to

(a-7)(x+1)

which is easier to work with.

If we use the following Mathematica command:

Factor]

we get the equation $a(x+8)$

try888 := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10},
  a1 = Mod, m];
    (* x^2+x *);
    a2 = a;
    (* x+a *);
    a3 = Mod;
    (* (x+a)(7/x+27 a) *);
    a4 = Mod, m];
    (* 7 a /(x(27 a2)) + a *);
    a5 = Mod;
    (* (7 a/(x (27 a2)) - x *);
    a6 = Mod;
    (* ( 7a /(x( a2))-7/x *);
    a7 = Mod;
    (* ( 7 a /((a2))-7))(x+1) *);
   (* x is isolated from 1/x or x^2 *);
  (* Solve for x *);
  a8 = Solve 27 - 7) (x + 1) == a7 && 
     x + aa1 == a, {x, aa1}, Modulus -> m]; 
  Print;
  (* Verify (9 x +)^3 === -1 *);
  Print /. a8}];
   ]

Some runthrus

try888
{{{x->472,aa1->28},{x->13952,aa1->180997},{x->180496,aa1->14453},{x->193976,aa1->973}}}
{{1,1,1,1}}
p768 = 334780716989568987860441698482126908177047949837137685689124313\
88982883793878002287614711652531743087737814467999489
q768 = 367460436667995904282446337996279526322791581643430876426760322\
83815739666511279233373417143396810270092798736308917
In:= p7 = NextPrime
Out= 33478071698956898786044169848212690817704794983713768568912431\
388982883793878002287614711652531743087737814467999749
In:= q7 = NextPrime
Out= 36746043666799590428244633799627952632279158164343087642676032\
283815739666511279233373417143396810270092798736309087
try888
{{{x->10859022257142929095284059240054363429972063896712078650637124749656480166883451577930018604815010297714820350940868,aa1->25887021409656661332960574559573589202307094267631008992038907534159259499627827655443398538581799972377978385368719},{x->25887021409656661332960574559573589202307094267631008992038907534159259499627827655443398538581799972377978385368218,aa1->10859022257142929095284059240054363429972063896712078650637124749656480166883451577930018604815010297714820350941369}}}
{{1,1}}
try888
{{{x->9908924269737473060489962247148555494388931671897720886095195362894007181408094477524590786903090300437941505529569,aa1->23569147429219425725554207601064135323315863311816047682817236026088876612469907810090120865628652787299872962470680},{x->23569147429219425725554207601064135323315863311816047682817236026088876612469907810090120865628652787299872962470179,aa1->9908924269737473060489962247148555494388931671897720886095195362894007181408094477524590786903090300437941505530070}}}
{{1,1}}

To isolate a where x+a is known try the following procedure

try888 := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, 
   a15, a16, a17, a18, a19, a20}, a1 = Mod, m];
  (*x^2+x*);
  a2 = a;
  (*x+a*);
  a3 = Mod;
  (*(x+a)(7/x+27 a)*);
  a4 = Mod, m];
  (*7 a/(x(27 a2))+a*);
  a5 = Mod;
  (*(7 a/(x (27 a2))-x*);
  a6 = Mod;
  (*(7a/((a2))-7)/x*);
  a7 = Mod;
(* ( 7 a /((a2))-7))(x+1) *);
  a10 = Mod, m];
  a11 = Mod;
  a12 = Mod;
  (* (7/a2)(x^2+a^2)-2 (7/a2) a +14 (x+1)*)
  a14 = Mod;
  a15 = Mod + a2) - 14 a2, m];
  a16 = Mod;
  (* a is isolated *)
  a17 = Solve[a10 (ab + ab^2) - 2 (a10 ab) - 14 ab == a15, {ab}, 
    Modulus -> m];
  (* (7/guess)(a+a^2)-2(7/guess)a-14 a *)
  Print; (* answer for modulus 337*577 found *)
  Print; (* solve for a for large prime modula *)
  Print;
  ]
a runthrough
try888
{159088,159088}
{74287,74287}
{{ab->28},{ab->973},{ab->14453},{ab->180997}}

This procedure will find the guess (a) in the form of

(7/guess)(a+a^{2})-2(7/guess)a-14a

where

guess=x+a

If the guess is 7 then the equation reduces to

a^{2}-15*a

which is easier to work with.

The Following Powers Of X equal 0

A fascinating feature of X is that the sum of various powers of x always equals 0.

The Mathematica below shows this. Note the equations are always $7*x^{n}+27(x^{n+1}+x^{n+2}){\bmod {p*q}}\equiv 0$ :

 
Table[{x, 
   Mod 7 + 
     27 (PowerMod + 
        PowerMod), 337 577]}, {x, 1, 10}] // Grid
(Debug) Out= \!\(
TagBox[GridBox[{
{"1", "0"},
{"2", "0"},
{"3", "0"},
{"4", "0"},
{"5", "0"},
{"6", "0"},
{"7", "0"},
{"8", "0"},
{"9", "0"},
{"10", "0"}
},

and

Table[{x, 
   Mod 7 + 
     27 (PowerMod + 
        PowerMod), 337 577]}, {x, 1, 
   10}] // Grid
{"1", "0"},
{"2", "0"},
{"3", "0"},
{"4", "0"},
{"5", "0"},
{"6", "0"},
{"7", "0"},
{"8", "0"},
{"9", "0"},
{"10", "0"}
},

Various Equations For (7/x+27 x)^2

If we take the realisable equation (the sum, not the residue)

(7 PowerMod + 27 472)^2
37799914084

Since this sum is always the residue of (-27)^2, no matter what the p*q, then this sum is quickly realisable within 34 possible numbers.

This sum is also the following equation

1  4 27 337 577 472 - 
 4 27 27 (472^2 + 472) + (-7 PowerMod + 27 472)^2
37799914084

Notice another low modulus

(7 PowerMod + 27 1720)^2
4057944804
9    4 27 1720 73 97 - 
 4 27 27 (1720^2 + 1720) + (-7 PowerMod + 27 1720)^2
4057944804

Notice how the multiplier in red is always low, my researches indicate it will always be between 1 and 27, no matter how large the number is

Another low modulus

(7 PowerMod + 27 844)^2
859603761
6 4 27 844 73 67 - 
 4  27 27 (844^2 + 844) + (-7 PowerMod + 27 844)^2
859603761

Now let's take a large number. Interestingly the large RSA numbers of around 600 bits to 750 bits don't have cube roots of -1 (no square roots of -3). Perhaps they were designed not to. However, we can try out primes adjacent to these numbers, which will have cube roots of -1 mod p*q.

let's take RSA-768 which was factored a few years ago.
qq = \
3674604366679959042824463379962795263227915816434308764267603228381573\
9666511279233373417143396810270092798736308917
pp = 33478071698956898786044169848212690817704794983713768568912431388\
982883793878002287614711652531743087737814467999489
now get x number
Solve]
{{x -> 
   1085902225714292909528405924005436342997206389671207865063712474965\
6480166883451577930018604815010297714820350940868}, 
}
Solve]
{{x -> 
   9908924269737473060489962247148555494388931671897720886095195362894\
007181408094477524590786903090300437941505529569}, {x -> 
}
SS is the X number associated with the cube root of -1
ss = 
 ChineseRemainder[{\
1085902225714292909528405924005436342997206389671207865063712474965648\
0166883451577930018604815010297714820350940868, 
   9908924269737473060489962247148555494388931671897720886095195362894\
007181408094477524590786903090300437941505529569}, {NextPrime, 
   NextPrime}]
4375045719360799277111179417581904093171804109852946387918123\
7779057042900790184181770653489280098352117595833705399124586219099662\
8280520656291170940173641183140966763633985007962962933885697665175242\
118352407342905904895300576268
create the modulus (it's not an RSA number but close to an 
actual RSA number
mo = NextPrime NextPrime
 1230186684530117755130494958384962720772853569595334792197322\
4521517264005072636575187452021997864693899564749427893090894673831236\
3127456739364769363131942239210345690548131094423078477949267226430938\
3518878918414737015987902419163
create the (7/x+27x)^2 sum (not the residue)
n1 = (7 PowerMod + 27 ss)^2
 1513359278795203462908039994573225983635087960749583410587171\
4438024587283531274752137527463757233272031971826952289102948803903822\
3917106024833705284808208639947404748563975464966277329159186123596368\
0716549697555137108153732037194637287966619458314178093014467221966369\
8081590541083770294744287928011199456090725133365037403696451491888971\
4120305912820533025681483173054808399518010039376732015590690386893522\
370474704678084235130730749195439444679177307655709609
get the number in the above sum that is a multiple of 4 27 p q x
n2 = 
 n1 + 4 27 27 (ss^2 + ss) - (-7 PowerMod + 27 ss)^2
 5812692827221597331851013445025210565593955729649624284393586\
4660278304216343007746509463826095556032893247149222779236409443300877\
3604164579791094387152090749860509534324980834525552731784172358572341\
9685295413208802853376799827036569030424254321102258334756199509532351\
8681734085031736277755372871097557994214597499542946255781936520491782\
7849944397315644355891105464327580185274955215111850497926629058719544\
474956898565206613925783812076356419828800001121578720
confirm that the multiplier of this above term is between
1 and 27, even though the number is a 750 bit number
n3 = n2/(mo 4 27 ss)
10

Estimates of X can be had from (7/x+27 x)^2

Given

(7 PowerMod + 27 472)^2
37799914084
37799914084/4
9449978521
(4 27 337 577 - 4 27 27 ) 450
9448909200

You can see that in the above sum the estimate of 450 is close to the answer of 472, around 5 percent.

My examinations of the four examples for (7/x+27 x)^2 yield a multiplier of (1/4, 1/3, and 3) in order to achieve an estimate of X around 95 percent correct. In other words around 16 possiblities (1/4, by 1/4 up to 3) fits all four of my examples.

The next example will have a multiplier of 3

6 4 27 844 73 67 - 
 4 27 27 (844^2 + 844) + (-7 PowerMod + 27 844)^2
859603761
3 859603761
2578811283
(6 4 27 67 73 - 4 27 27) 844
2672485488
(6 4 27 67 73 - 4 27 27) 815
2580658380

Again an estimate of around 95 percent. If you split 337*577 into 20 equally distant numbers and your answer was 472, then the closest estimate would have been 9000, a lot further away from the answer than 450 we arrived at with our calculation. So the rough estimate is better than random.

Another small example

9 4 27 1720 73 97 - 
 4 27 27 (1720^2 + 1720) + (-7 PowerMod + 27 1720)^2
4057944804
(3 4 27  73 97 - 4 27 27) (1750)
4009824000

So the estimate again with 5 percent of the number The multiplier was 1/3 in this case

A big example follows. The multiplier is 3 in this case

xx = 15133592787952034629080399945732259836350879607495834105871714438\
0245872835312747521375274637572332720319718269522891029488039038223917\
1060248337052848082086399474047485639754649662773291591861235963680716\
5496975551371081537320371946372879666194583141780930144672219663698081\
5905410837702947442879280111994560907251333650374036964514918889714120\
3059128205330256814831730548083995180100393767320155906903868935223704\
74704678084235130730749195439444679177307655709609
mo = \
1230186684530117755130494958384962720772853569595334792197322452151726\
4005072636575187452021997864693899564749427893090894673831236312745673\
9364769363131942239210345690548131094423078477949267226430938351887891\
8414737015987902419163
 1230186684530117755130494958384962720772853569595334792197322\
4521517264005072636575187452021997864693899564749427893090894673831236\
3127456739364769363131942239210345690548131094423078477949267226430938\
3518878918414737015987902419163
Multiply the hidden sum by three
3 10 4 27 mo ss
Out= 1743807848166479199555304033507563169678186718894887285318075\
9398083491264902902323952839147828666809867974144766833770922832990263\
2081249373937328316145627224958152860297494250357665819535251707571702\
5905588623962640856013039948110970709127276296330677500426859852859705\
5604520225509520883326611861329267398264379249862883876734580956147534\
8354983319194693306767331639298274055582486564533555149377988717615863\
3424870695695619841777351436229069259486400003364736160
Now print the (7/x+27 x)^2 number
In:= xx = \
1513359278795203462908039994573225983635087960749583410587171443802458\
7283531274752137527463757233272031971826952289102948803903822391710602\
4833705284808208639947404748563975464966277329159186123596368071654969\
7555137108153732037194637287966619458314178093014467221966369808159054\
1083770294744287928011199456090725133365037403696451491888971412030591\
2820533025681483173054808399518010039376732015590690386893522370474704\
678084235130730749195439444679177307655709609

It may be hard to see from the printout of the mathematica but the order of the two numbers is the same and the first three digits of both are 151 and 174, which is around 15 percent off. If the multiplier was 2.75 then the calculation would have been less than 1/15 off.

Thus (7/x+27 x)^2 can be used to give a rough estimation of the X number.

If Mathematica Can Factor The Modulus X Can Be Determined With The Following Command

In:= Reduce[
 7/x^3 + 27/x^2 + 34/x + 27 x == 7/x^2 + 27/x == -27, {x},
 Modulus -> 337 577]
Out= x == 472 || x == 13952 || x == 180496 || x == 193976

13x+27x^4 obtained

Understanding that $(7/x)+27*x{\bmod {p*q}}\equiv -27$ then $(-27)^{2}-2*7*27{\bmod {p*q}}\equiv (49/x^{2})+27^{2}*x^{2}$ . Multiplying (-27)^2-2*7*27 by $x^{2}+x{\bmod {p*q}}\equiv -21/81$ get

49+(49/x)+27^{2}*x^{4}+27^{2}*x^{3}

. Subtracting 49 and

7*((7/x)+27*x)

and dividing by 27 we get

-7x+27*x^{4}+27*x^{3}

. Knowing that

(x^{2}+x)^{2}{\bmod {p*q}}\equiv x^{4}+2*x^{3}+x^{2}

we suddenly

construct:

2*(-7*x+27*x^{4}+27*x^{3})-27*(x^{2}+2*x^{3}+x^{4}){\bmod {p*q}}\equiv 27*x^{4}-27*x^{2}-14*x

Thus:

27*x^{4}-27*x^{2}-14*x+27*(x^{2}+x){\bmod {p*q}}\equiv 27*x^{4}+13*x

oh yea,

13*(x^{2}-x){\bmod {p*q}}\equiv 54*x^{4}+7

Formulas for x, x^2, and x^3 where 9*x+5 is the cube root of -1

An example of how formulas for x, x^2 and x^3 can be found where 9*x+5 is the cube root of -1 mod p*q follows:

I have first of all determined that:

35*9^{-1}+8*x-12*x^{2}-27*x^{3}{\bmod {p*q}}\equiv 0==6*1000000009*2400000061

and that

x^{2}+x{\bmod {p*q}}\equiv -21*81^{-1}

Please also note that the integer value of both sums above is low. For the first sum it varies by the modulus but will always be from -50 to +50. It is 6 for the 1000000009*2400000061.

The second sum can also be treated as an integer. Simply take the

-21*81^{-1}

First, determine x for our testing purposes:

Solve
{{x -> 495617883584492178}, {x -> 980012060696177200}, {x -> 
   1419988021903823348}, {x -> 1904382199015508370}}
Now note, if we treat x^2 as y as x^3 as z we can get an Integer equation instead of a modular equation.
Therefore, we don't have to factor the modulus.
Solve + 8 x1 - 12 y - 
    27 z == 6 1000000009  2400000061 && 
  x1 + y == -18044445065474078202
 , {x1, y, z}, Integers]
{{x1 -> ConditionalExpression, C \ Integers], 
  y -> ConditionalExpression, 
    C \ Integers], 
  z -> ConditionalExpression, 
    C \ Integers]}}

Note that just above we have created a fourth variable, C, which describes

x
y=Mod
z=Mod

So an answer for x, x^2, and x^3 is

Mod,
  1000000009  2400000061]=551689569599425758
Mod =659937711741434012
Mod[-18044445065474078208 - 27 551689569599425758, 
 1000000009  2400000061]=659937711741434012
Mod =11568790418142273
Mod[8177778059229631505 + 20 551689569599425758, 
 1000000009  2400000061] = 11568790418142273

It's hard to go further than this except to say that $9*x+5{\bmod {p*q}}\equiv {\sqrt{-1}}$ .

The equations for C, for 551689569599425758 in our example, can be manipulated a bit.

If we set C to be 'a', then we note that $(x-6)=27*a$ and that $-21*81^{-1}-6*7{\bmod {1000000009*2400000061}}\equiv ((x-6)+13)(x-6)\equiv (27*a)+13)(27*a)\equiv 27*(27*a^{2}+13*a)$

Thus we can arrive at $27*a^{2}+13*a$ where $a=(x-6)/27$ . Some of the details of this equation may change with different modulus, in particular the $(x-6)/27==a$

We can take this a bit further with the equation

Mod[(27 27 ( 551689569599425758)^2 + 
    13 27 ( 551689569599425758) + 36) - 27 551689569599425758, 
 1000000009 2400000061]= 659937711741434012
where
Mod=659937711741434012

So $27(27*a^{2}+13*a)-27a==x^{2}$

If we take $(6+27*x_{1})^{2}-(-18044445065474078208-27*x_{1}){\bmod {1000000009*2400000061}}\equiv 0$ and expand out the square we can get an absolute sum that is enumerable. It will be between 0 and 1000 lets say, even for large numbers.

As such the following sum equals $477*p*q$

(36 + 2 27 6 551689569599425758 + 
   27 27 1279989787935977699 - (-18044445065474078208 - 
     27  551689569599425758))/(1000000009  2400000061)=477
Solve[(36 + 2 27 6 x + 27 27 y - (-18044445065474078208 - 27  x)) == 
  477 (1000000009  2400000061), {x, y}, Integers]
{{x -> ConditionalExpression, C \ Integers], 
  y -> ConditionalExpression, 
    C \ Integers]}}
note that this C for this equation is 1/27 of the first equation for the 9*x+5==cube root of -1 mod p*q

The important thing to note is that these sums are enumerable. Even though I would have to guess what multiple of the modulus these sums equal, the multiple is quite achievable as it will be below 1000 for most of the time.

However, the new number C seems to have no quick way of being determined.

-21*81^{-1}+1 defined

If we take the inverse definition of $-21*81^{-1}{\bmod {p*q}}\equiv x^{2}+x$ we come up with

(x^{4}-x^{2})*(x^{2}-x)^{-1}{\bmod {p*q}}\equiv (x^{3}-x)*(x-1)^{-1}

As such

-21*81^{-1}+1{\bmod {p*q}}\equiv (x^{3}-1)*(x-1)^{-1}

I haven't been able to go further with this equation, however.

x^2, x^3 and x^4 defined in terms of x where 9*x+5 is a cube root of -1

Taking the Integer equations of the previous section it does seem we can solve as a modular (without factoring the modulus) by adding

(-21*81^{-1})^{2}\equiv x^{2}+2x^{3}+x^{4}\equiv y+2z+x4

Solve + 8 x1 - 12 y - 
    27 z == 6 1000000009 2400000061 && 
  x1 + y == -18044445065474078202 &&
  (y + 2 z + x4) == (-18044445065474078202 )^2, {x1, y, z, x4}, 
 Modulus -> 1000000009 2400000061]
{{x1 -> C, y -> 1155555595325926190 + 2400000082600000548 C, 
  z -> 1244444487274074359 + 1155555595325926191 C, 
  x4 -> 2367078270767353079 + 88888891948148168 C}}

We can now see that x1 is the x value, and y,z, and x4 are powers of x

Mod[(495617883584492178^2 - 
    1155555595325926190) PowerMod[
   2400000082600000548, -1, (1000000009 2400000061)], (1000000009 \
2400000061)]= 495617883584492178
Mod[(495617883584492178^3 - 
    1244444487274074359) PowerMod[
   1155555595325926191, -1, (1000000009 2400000061)], (1000000009 \
2400000061)]= 495617883584492178
Mod[(495617883584492178^4 - 
    2367078270767353079) PowerMod[
   88888891948148168, -1, (1000000009 2400000061)], (1000000009 \
2400000061)]= 495617883584492178

This Solve command works for large modula as well. Take RSA768, the largest factored number to date, and you get.

RSA768 = 1230186684530117755130494958384962720772853569595334792197322\
4521517264005072636575187452021997864693899564749427740638459251925573\
2630345373154826850791702612214291346167042921431160222124047927473779\
4080665351419597459856902143413
(Debug) In:= Solve[
 35 PowerMod + 8 x1 - 12 y - 27 z == 0 && 
  x1 + y == -21 PowerMod &&
  (y + 2 z + x4) == (-21 PowerMod)^2, {x1, y, z, x4}, 
 Modulus -> RSA768]
(Debug) Out= {{x1 -> C, 
  y -> 113906174493529421771342125776385437108597552740308777055307634\
4584931852321540423628467779814617101286996736058124133190671474590116\
9476423440261745443676167797619569089541011243625946492967400692016611\
85801251314442092460094577234 + 
    123018668453011775513049495838496272077285356959533479219732245215\
1726400507263657518745202199786469389956474942774063845925192557326303\
4537315482685079170261221429134616704292143116022212404792747377940806\
65351419597459856902143412 C, 
  z -> 911249395948235374170737006211083496868780421922470216442461075\
6679454818572323389027742238516936810295973888464993065525371796720935\
5811387522093963549409342380956552716328089949007571943739205536132894\
864100105155367396807566179 + 
    113906174493529421771342125776385437108597552740308777055307634458\
4931852321540423628467779814617101286996736058124133190671474590116947\
6423440261745443676167797619569089541011243625946492967400692016611858\
01251314442092460094577235 C, 
  x4 -> 10259993198824576064737187032895162335115157343127072066611413\
5927057565364666159639423468167005510752962076373828070071100482451969\
0524691178026539441445201484585584889843101457203640810033211795666088\
890321719702490062541833337716 + 
    182249879189647074834147401242216699373756084384494043288492215133\
5890963714464677805548447703387362059194777692998613105074359344187116\
2277504418792709881868476191310543265617989801514388747841107226578972\
8200210310734793615132357 C}}

I was able to get a further series of equations for a Mathematica Integer Solve command. These Integer values are achievable although they may take a million repetitions or so.

Solve[49 x4 + 140 x3 + 189 x2 + (540) x1 == 
   140 PowerMod + 
    49 PowerMod + 
    189 PowerMod + 
    540 PowerMod &&
  7 x1 + 27 x == 
   7 PowerMod + 
    27 495617883584492178 &&
    7 x2 + 27 x1 == 
   7 PowerMod + 
    27 PowerMod &&
  x22 + x == 
   495617883584492178 + 
    PowerMod &&
  7 x3 + 20 x2 == 
   7 PowerMod + 
    20 PowerMod
 , {x, x22, x4, x3, x2, x1}, Integers]
{{x -> ConditionalExpression, 
    C \ Integers], 
  x22 -> ConditionalExpression, 
    C \ Integers], 
  x4 -> ConditionalExpression, 
    C \ Integers], 
  x3 -> ConditionalExpression, 
    C \ Integers], 
  x2 -> ConditionalExpression, 
    C \ Integers], 
  x1 -> ConditionalExpression, 
    C \ Integers]}}

Notice that 2401 is a bigger value than 189 in the other equations and 255879 is getting bigger for $x^{-4}$

A Residue for (7/x+27 x)^2 with a strange modulus

Out sum (7/x+27 x)^2 can be rewritten as

(4 27 337 577 - 4 27 27 - 
    2 27 (7 PowerMod + 27 472)) 472 - 
 27 27 472^2 + 49 PowerMod^2
Out= 37799914084

Then using the modulus, (4 27 337 577 - 4 27 27 -

   2 27 (7 PowerMod + 27 472)) (as (7 PowerMod + 27 472) can be quessed) we have the following interesting residue

Mod[37799914084, (4 27 337 577 - 4 27 27 - 
   2 27 (7 PowerMod + 27 472))]
4277284

which as the difference of two squares can be rewritten as

Mod[-(27 472 - 
     7 PowerMod) PowerMod[(27 472 + 
     7 PowerMod), 
   1, ((4 27 337 577 - 4 27 27 - 
      2 27 (7 PowerMod + 
         27 472)))], ((4 27 337 577 - 4 27 27 - 
    2 27 (7 PowerMod + 27 472)))]
4277284

However, (7 PowerMod+27 472) is always a large factor of the resulting modulus we are using.

x^(-1)-x mod 17 is found

The following equations can find $-x^{-1}+x{\bmod {17}}\equiv 2(7*x^{-1}+27*x){\bmod {17}}$

You actually have to make a correct number for $7*x^{-1}+27*x$ (not a residue) for this to work.

Mod + 27 472), 27 + 7]= 20
Mod + 472), 27  +  7]= 20
thus -472^{-1}+472 mod 17 == 1
Mod + 472), 17]= 1

Similarly, for the modulus of 47 and the sum $20*Mod+27*Mod$ , the following Mathematica is shown

Mod + 27 Mod), 47]= 39
Mod + 
    7 Mod)]= 39
Mod + 
    7 Mod) PowerMod, 47]= 19
Mod + Mod), 47]= 19

Taking Higher Roots Of 1 Mod P

Dropping into Mathematica and getting the complex coefficients of mod p. In this case for $cos(\Pi /24)$ and $sin(\Pi /24)$ we get:

Cos(PI/24)=Mod, 1/2, 1153 ], 1/2, 1153 ] PowerMod, 1153 ]=198
Sin(PI/24)=Mod, 1/2, 1153 ], 1/2, 1153 ] PowerMod, 1153 ]=140
(-1)^{1/2} mod 1153=== 140
Mod== -1
Mod== 1

Please note that ${\sqrt {-1}}{\bmod {1153}}\equiv 140$ . It is just a coincidence here the both the $Cos(\Pi /24)={\sqrt {-1}}{\bmod {1153}}$

Take the following example for the modulus $337$

Cos(PI/24)=Mod, 1/2, 337 ], 1/2, 337 ] PowerMod, 337 ]=185
Sin(PI/24)=Mod, 1/2, 337 ], 1/2, 337 ] PowerMod, 337 ]=216
(-1)^{1/2} mod 337=== 189
Mod === 189
Mod==189  // 12th root of modular imaginary number found here.
Mod== -1
Mod== 1

The Quad Root Of 1 Defined In Polar Coordinates

If we take the traditional image of polar coordinates with the imaginary number as the delta for the vertical component, we can imagine the two imaginary numbers of the modulus p*q to allow two vectors which one can multiply together. Since the two roots of -1 multiplied together equal the square root of 1, then we can establish a root of 1 instead of a root of -1.

Take the two square roots of -1 mod 113*257 to be 241 and 13123. Take 13077 to be the Cos and Sin then multiplying the two polar vectors for the quad roots of -1 should give us the quad root of 1. As in:

(13077+13077*241)(13077+13077*13123){\bmod {113*257}}\equiv 19790\equiv {\sqrt{-1}}_{1}*{\sqrt{-1}}_{2}\equiv {\sqrt{1}}

Now see that $19790^{2}{\bmod {113*257}}\equiv {\sqrt {1}}\equiv 26215$ . We have found the quad root of 1.

Therefore, the Nth root of 1 can be found by multiplying the two different Nth roots for -1, which use different square roots of -1.

Simplifying the quad root of 1 to be:

14521*(1+241+13123+(241*13123)){\bmod {113*257}}\equiv 2^{-1}(1+{\sqrt {-1}}_{1}+{\sqrt {-1}}_{2}+{\sqrt {1}})\equiv 19790

This further simplifies to:

14521(1+241)(13123+1){\bmod {113*257}}\equiv 2^{-1}*(1+{\sqrt {-1}}_{1})(1+{\sqrt {-1}}_{2})

The Cube Root Of 1 Defined In Polar Coordinates

Taking the argument above to the cube root of 1 mod p*q we get the equation:

(1+3*118286+31296*(133263+55416))*4^{-1}{\bmod {337*577}}\equiv 105015\equiv {\sqrt{1}}

(1+3*{\sqrt {1}}+{\sqrt {3}}*({\sqrt {-1}}_{1}+{\sqrt {-1}}_{2}))*4^{-1}{\bmod {p*q}}\equiv {\sqrt{1}}

This above equation should work for 3 mod 4 semiprime modula if there is a ${\sqrt {-3}}{\bmod {p*q}}$ . In this case the equation will be:

(1+3*{\sqrt {1}}+({\sqrt {-3}}_{1}+{\sqrt {-3}}_{2}))*4^{-1}{\bmod {p*q}}\equiv {\sqrt{1}}

So if you know ${\sqrt {1}}{\bmod {p*q}}$ and one of the ${\sqrt {-3}}{\bmod {p*q}}$ then you can derive the cube root of 1 mod p*q.

Please note that this equation doesn't seem to exist, or have an analogue, in continuous arithmetic.

Since the Jacobi Symbol is authoritative if it is 0 (nonquadratic number) then if the Jacobi Symbol for -3 is 0 for the p*q modulus, then this means there is no cube root of 1 for mod p*q.

The Cube Root Of 1 As A Quaternion

Check out User:Endo999#The_Modular_Quaternion_Worked_Out_And_Demonstrated for the definition of a modular quaternion.

With the definition above and our definition of the inverse of a quaternion, we should be able to create $(-1)^{2/3}{\bmod {p*q}}$ . The math follows:

Mod[(1 + 3 118286 - 31296 (133263 + 55416)) PowerMod[
   4 , -1, 337 577], 337 577]=169639
PowerMod=1
the norm of the cube root of 1 is 1 as in:
(1/16) + (3/16) + (3/16) + (9/16)=1
the extra sum of the norm equation, ie <math>(1*3-\sqrt{3}^{2}==0)</math> cancels out.
PowerMod=169639

Thus, the cube root of 1 mod p*q is a unit quaternion as well, since its norm = 1.

Conclusion

So the $\Theta$ division method is a good way of taking the higher roots of -1 or 1 mod p.

Taking roots by the De Moivre's formula of -1 is a sensible thing to do in modular arithmetic when:

1) the sin(theta) and cos(theta) are rational numbers (a fraction).

2) when the p*q modulus has the square roots and cube roots necessary to do the equations.

3) you know the right

{\sqrt {-1}}_{i}{\bmod {p*q}}

4) these equations actually become quickly doable for 1 mod 4 prime modula .

It is also clear that at least for 1 mod 4 prime and semiprime modula that there are universal formulas for the roots, including higher roots, of -1, where a complex modular number is constructed and where the coefficients of the complex number for ${\sqrt{-1}}{\bmod {p*q}}$ are of the form: $Sin(\Pi /n)$ and $Cos(\Pi /n)$ . This is exactly like that of continuous numbers. The Knowledge (XXG) math article, Root_of_unity#Algebraic_expression, has relevant material on just which roots of unity need only modular square roots to be taken:

"Gauss proved that a primitive nth root of unity can be expressed using only square roots, additions, subtractions multiplications and division, if and only if it is possible to construct with compass and straightedge the regular n-gon. This is the case if and only if n is either a power of two or the product of a power of two and Fermat primes that are all different."

My examples, shown in this section and just above, show that this above statement is true for modular arithmetic as well.

I also conclude it should be now possible to take a Discrete Fourier transform, using the nth roots of unity found by now. This modular discrete Fourier Transform should be capable of convolution and many of the other properties of the continuous Discrete Fourier Transform.

Chebyshev Polynomials Work With Modular Trigonmetic Numbers

Initial tests with Chebyshev Polynomials indicate that they successfully change modular trigonmetric values in p*q modula. For instance:

Cos{\bmod {337*577}}\equiv (1+{\sqrt {3}})*(2*{\sqrt {2}})^{-1}\equiv 24550

T_{3}=4*x^{3}-3*x

Thus:

4*(24550)^{3}-3*24550{\bmod {337*577}}\equiv 24251\equiv {\sqrt{2}}\equiv Cos

Since $Cos=Cos$ I'm pretty sure that Chebyshev polynomials work in modular arthmetic.

If we could invert the Chebyshev polynomials we could quickly establish Cos since Cos=-1 but we do not seem to be able to do this.

See here for some work using the Chebyshev polynomials.

ChebyShev's Polynomials Can Also Create Answers To Pell's Equation

Chebyshev Polynomials can also be used to quickly generate answers to Pell's Equation, which work in modular arithmetic:

The Chebyshev polynomials can also be defined as the solutions to the Pell equation

$T_{n}(x)^{2}-\left(x^{2}-1\right)U_{n-1}(x)^{2}=1$

in a ring R. Thus, they can be generated by the standard technique for Pell equations of taking powers of a fundamental solution:

$T_{n}(x)+U_{n-1}(x){\sqrt {x^{2}-1}}=(x+{\sqrt {x^{2}-1}})^{n}.$

See here for an example in mathematica where $x=2$ and so $d=2*2-1$

create first root with x=2 and T_2
Mod= 7
create second root with x=2 and U_1
Mod= 4
show Pell's equation
Mod= 1

Quadratic Residues And The Imaginary Number For 3 Mod 4 Semiprimes(Blum Integers)

Some of the math in this section builds on matter in the Blum integer Knowledge (XXG) article.

If $X{\bmod {p}}*q$ has a modular square root where $p*q$ are both 3 mod 4 primes, then $-X{\bmod {p}}*q$ Will Not have a modular square root.

This happens since $Y^{2}{\bmod {p}}*q\equiv X{\bmod {p}}*q$ and for $-X$ the equation must be $({\sqrt {-1}}*Y)^{2}{\bmod {p}}*q\equiv -X$ . But it is well known that modula of 3 mod 4 semiprimes (where both p and q are 3 mod 4 primes) cannot have ${\sqrt {-1}}{\bmod {p}}*q$ . Therefore, the arithmetic inverse of a quadratic number in a 3 mod 4 semiprime modulus must be a nonquadratic number.

Quadratic Residues and the Jacobi Symbol

Therefore, the negative of an actual square in a 3 mod 4 semiprime modulus has to be a nonquadratic. So it is possible to find some nonquadratics with such a modulus. This corrects, sometimes, the Jacoby Symbol, since it will usually report that $Jacobi=quadraticnumber$ when it cannot be.

A quick look at the Jacobi Symbol of arithmetic inverses in modula of 3 mod 4 semiprimes shows that arithmetic inverses always share the same Jacobi Symbol, and it looks as if when both Jacobi Symbols for $x{\bmod {p}}*q$ and $-x{\bmod {p*q}}$ always equal 1 that one of the numbers is a quadratic while its arithmetic inverse is a nonquadratic. Note the following Mathematica equations of the modulus, $19*79$ , for the numbers 1 to 30 and of their arithmetic inverses:

Table, 
  JacobiSymbol, IntegerQ], 
  IntegerQ]}, {x, 1, 30}]//Grid
x       -x      J   SR
1	1500	1	1	True	False
2	1499	-1	-1	False	False
3	1498	1	1	False	True
4	1497	1	1	True	False
5	1496	1	1	True	False
6	1495	-1	-1	False	False
7	1494	-1	-1	False	False
8	1493	-1	-1	False	False
9	1492	1	1	True	False
10	1491	-1	-1	False	False
11	1490	1	1	True	False
12	1489	1	1	False	True
13	1488	-1	-1	False	False
14	1487	1	1	False	True
15	1486	1	1	False	True
16	1485	1	1	True	False
17	1484	-1	-1	False	False
18	1483	-1	-1	False	False
19	1482	0	0	True	False
20	1481	1	1	True	False
21	1480	-1	-1	False	False
22	1479	-1	-1	False	False
23	1478	1	1	True	False
24	1477	-1	-1	False	False
25	1476	1	1	True	False
26	1475	1	1	True	False
27	1474	1	1	False	True
28	1473	-1	-1	False	False
29	1472	1	1	False	True
30	1471	-1	-1	False	False

Since 1 is always a quadratic number, then this means that -1 must be a nonquadratic number. Since $-x=(-1)*x$ and the Jacobi symbol is multiplicative, this means that if -1 has 1 as a Jacobi Symbol (that the Jacobi symbol says it is quadratic), then $J(-x)=J(-1)*J(x)=True*True$ . Thus, $J(x)==J(-x)$ even though $x$ is quadratic and $-x$ is nonquadratic. There is no way of telling which arithmetic inverse is $x$ and which is $-x$ . Basically, for 3 mod 4 semiprimes the Jacobi Symbol can only say that either $x$ or $-x$ is quadratic, it cannot say which one is quadratic.

Considering that 3 mod 4 semiprimes are known as Blum Integers, then Blum integer says the following on this matter:

"For every Blum integer n, -1 has a Jacobi symbol mod n of +1, although -1 is not a quadratic residue of n"

Now if you have a Jacoby=1 arithmetic inverse pair and you square one of the numbers, then the resulting square will have to be a quadratic, and then that squares arithmetic inverse has to be a nonquadratic.

Only four roots for RSA semiprimes for power of 2 roots

Seeing that a quadratic number, a square, always has four square roots, $({\sqrt {X^{2}}}{\bmod {p}}*q)$ , $(-{\sqrt {X^{2}}}{\bmod {p}}*q)$ , $({\sqrt {1}}*{\sqrt {X^{2}}}{\bmod {p}}*q)$ , $(-{\sqrt {1}}*{\sqrt {X^{2}}}{\bmod {p}}*q)$ it follows therefore that there can, at most, only be four quad roots for a square of a RSA semiprime. Since the square root of ${\sqrt {1}}$ is ${\sqrt{1}}$ and there cannot be quad roots of 1 for 3 mod 4 semiprimes (see below), and since arithmetic inverses of quadratic numbers cannot both have square roots in 3 mod 4 semiprimes, then, if $X=16$ the only square root that can have a square root is $4$ . This number will have four square roots which will be: $({\sqrt {1}}*2)$ , $(-{\sqrt {1}}*2)$ , $(2)$ , and $(-2)$

This is so for octal roots and for all roots that are powers of 2. There will only be four ultimate roots.

There can be no quad roots of 1 per an RSA semiprime. In an earlier section, I have argued that there are NO quad roots of one for 3 mod 4 semiprimes, since the definition of a quad root of one for modulus $p*q$ is $ChineseRemainder$ . Please note once again that there are no ${\sqrt {-1}}$ for 3 mod 4 semiprimes.

How To Find Quad Roots for a 1 mod 4 semiprime

Since there can be at least four square roots of $X^{2}{\bmod {p}}*q$ , $(X)$ , $(-X)$ , $({\sqrt {1}}*X)$ , $(-{\sqrt {1}}*X)$ .

And since there are two ${\sqrt {-1}}$ for a 1 mod 4 semiprime, and there are ${\sqrt{1}}$ and $({\sqrt{1}})^{3}$ to consider, A simple Mathematica function shows that there can be at least 16 quad roots of a 1 mod 4 semiprime. The quad roots of 16 mod p*q can be defined as:

$2$	$-2$	${\sqrt {1}}*2$	$-{\sqrt {1}}*2$
${\sqrt{1}}*2$	$-{\sqrt{1}}*2$	$({\sqrt{1}})^{3}*2$	$-({\sqrt{1}})^{3}*2$
${\sqrt {-1}}_{1}*2$	${\sqrt {-1}}_{2}*2$	$-{\sqrt {-1}}_{1}*2$	$-{\sqrt {-1}}_{2}*2$
${\sqrt{1}}{\sqrt {-1}}_{1}2$	$-{\sqrt{1}}{\sqrt {-1}}_{1}2$	${\sqrt{1}}{\sqrt {-1}}_{2}2$	$-{\sqrt{1}}{\sqrt {-1}}_{2}2$

${\sqrt {1}}$ is important for square roots, and ${\sqrt {-1}}$ is important for quad roots.

Definition Of The Quad Root Of 1 For A 1 Mod 4 Semiprime

Given: $p=73$ , $q=13$ , ${\sqrt {1}}{\bmod {73*13}}\equiv 220$ , ${\sqrt {-1}}_{1}{\bmod {73*13}}\equiv 538$ and ${\sqrt {-1}}_{2}{\bmod {73*13}}\equiv 684$ then:

{\frac {(220+538)^{2}}{(220+684)^{2}}}{\bmod {73*13}}\equiv 220\equiv {\sqrt {1}}{\bmod {73*13}}

Since this is so the quad root of 1 mod p*q (for 1 mod 4 semiprime) is:

{\frac {(220+538)}{(220+684)}}{\bmod {73*13}}\equiv 658\equiv {\sqrt{1}}{\bmod {73*13}}

and

{\frac {(220-538)}{(220-684)}}{\bmod {73*13}}\equiv 658^{-1}\equiv 512\equiv ({\sqrt{1}})^{3}{\bmod {73*13}}

Thus:

{\frac {({\sqrt {1}}+{\sqrt {-1}}_{1})^{2}}{({\sqrt {1}}+{\sqrt {-1}}_{2})^{2}}}{\bmod {p*q}}\equiv {\sqrt {1}}

{\frac {({\sqrt {1}}+{\sqrt {-1}}_{1})}{({\sqrt {1}}+{\sqrt {-1}}_{2})}}{\bmod {p*q}}\equiv {\sqrt{1}}

{\frac {({\sqrt {1}}-{\sqrt {-1}}_{1})}{({\sqrt {1}}-{\sqrt {-1}}_{2})}}{\bmod {p*q}}\equiv ({\sqrt{1}})^{3}

In the examples above all the quad roots of 1 are 1 mod 73 or p. In the example below it is shown how to get a quad root of 1 that is 1 mod 13 or q.

{\frac {({\sqrt {1}}+{\sqrt {-1}}_{1})}{({\sqrt {1}}-{\sqrt {-1}}_{2})}}{\bmod {p*q}}\equiv {\sqrt{1}}

{\frac {(220+538)}{(220-684)}}{\bmod {73*13}}\equiv 27

As well a definitions of a square root of -1 mod p*q in terms of two different quad roots of 1 follows:

{\sqrt{1}}_{1}+{\sqrt{1}}_{2}{\bmod {p*q}}\equiv \pm ({\sqrt {-1}}\pm 1)

Note that the first quad root will be 1 mod p and the second quad root will be 1 mod q. An example:

703+658{\bmod {73*13}}\equiv -(538-1)

and

27+512{\bmod {73*13}}\equiv (538+1)

The other square root of -1 mod 73*13, 684, can be defined in terms of quad roots of 1 by:

703+512{\bmod {73*13}}\equiv -(684-1)

and

27+658{\bmod {73*13}}\equiv (684+1)

Some Notes On The Square Root Of -1

If we take ${\sqrt {-1}}{\bmod {89*29}}\equiv 568$ then $569^{-1}{\bmod {89*29}}\equiv 1007$ , which has some interesting properties in that $1007*1006{\bmod {89*20}}\equiv 1290\equiv 2^{-1}-1$ .

Also, $1007+1006{\bmod {89*29}}\equiv -568$ and $1007^{2}+1006^{2}{\bmod {89*29}}\equiv 0$

The same approach works for the other ${\sqrt {-1}}{\bmod {89*29}}\equiv 945$ where $946^{-1}{\bmod {89*29}}\equiv 2109$ . Again, $2109*2108{\bmod {89*29}}\equiv 1290\equiv 2^{-1}-1$ . And $2109+2108{\bmod {89*29}}\equiv -945$ and $2109^{2}+2108^{2}{\bmod {89*29}}\equiv 0$

There do seem to be some special properties of the two ${\sqrt {-1}}{\bmod {p*q}}$

Table of Sums Of Quad Powers Of 1

If we take the modulus, $89*29$ , with ${\sqrt {1}}{\bmod {89*29}}\equiv 2493$ , ${\sqrt {-1}}_{1}{\bmod {89*29}}\equiv 568$ ,and ${\sqrt {-1}}_{2}{\bmod {89*29}}\equiv 945$ (and the quad roots to be $800$ , $713$ , $144$ and $233$ ), then the sums of quad roots of one that come 1 off these numbers follows:

$2348+144\equiv 2492$	$-2493*(713-144)\equiv 1033\equiv (800+233)$
$713+1781\equiv 2494$	$-2493*(2348-1781)\equiv 857\equiv (713+144)$
$800+(-233)\equiv 567$	$-(713+144)*2493\equiv 567$
$568*713+800\equiv 567$	$-568*800+713\equiv 569$
$713+(-144)\equiv 569$	$-(800+233)*2493\equiv 569$
$800+144\equiv 944$	$-(713-233)*2493\equiv 944$
$233+713\equiv 946$	$-(800-144)*2493\equiv 946$
$945*713+800\equiv 944$	$-945*800+713\equiv 946$
$-233-144\equiv -(945-568)$	$800+713\equiv (945+568){\bmod {89*29}}$

The sums for the ${\sqrt {1}}{\bmod {p*q}}$ will both be $\pm 1{\bmod {p}}$ or $\pm 1{\bmod {q}}$ .

The sums for the ${\sqrt {-1}}_{i}{\bmod {p*q}}$ will have one be $\pm 1{\bmod {p}}$ while the other is $\pm 1{\bmod {q}}$

Since the above equivalents are true, the Product To Sum Theorum, shown in an earlier section, applies, and the product can be 1 off the sum of the two items.

Given that $800$ and $713$ , and $144$ and $233$ , are inverse quad roots of 1 for modulus $89*29$ , and $568\equiv {\sqrt {-1}}$ , and that $1006\equiv 567^{-1}$ and $1007\equiv 569^{-1}$ , then the following applies:

$1007713-1006800{\bmod {89*29}}\equiv 945\equiv {\sqrt {-1}}_{2}$	$1007144-1006233{\bmod {89*29}}\equiv 945\equiv {\sqrt {-1}}_{2}$
$1007800-1006713{\bmod {89*29}}\equiv 568\equiv {\sqrt {-1}}_{1}$	$1007233-1006144{\bmod {89*29}}\equiv -568\equiv -{\sqrt {-1}}_{1}$
$1007713+1006800{\bmod {89*29}}\equiv 1$	$1007144+1006233{\bmod {89*29}}\equiv -1$
$1007800+1006713{\bmod {89*29}}\equiv -2493\equiv -{\sqrt {1}}$	$1007233+1006144{\bmod {89*29}}\equiv -2493\equiv -{\sqrt {1}}$

Another table showing ${\sqrt {-1}}_{1}-1$ and ${\sqrt {-1}}_{1}+1$ as the coefficients

$569800+567713{\bmod {89*29}}\equiv -2$	$569233+567144{\bmod {89*29}}\equiv 2$
$569800-567713{\bmod {8929}}\equiv 2945\equiv 2*{\sqrt {-1}}_{2}$	$569233-567144{\bmod {8929}}\equiv 2945\equiv 2*{\sqrt {-1}}_{2}$
$567800+569713{\bmod {8929}}\equiv 22493\equiv 2*{\sqrt {1}}$	$567233+569144{\bmod {8929}}\equiv 22493\equiv 2*{\sqrt {1}}$
$567800-569713{\bmod {8929}}\equiv -2568\equiv -2*{\sqrt {-1}}_{1}$	$567233-569144{\bmod {8929}}\equiv 2568\equiv 2*{\sqrt {-1}}_{1}$

We can see that $({\sqrt {-1}}_{y}\pm 1)*{\sqrt{1}}{\bmod {p*q}}\equiv ({\sqrt {-1}}_{x}\pm 1)$ as in the following table:

$-567144{\bmod {8929}}\equiv 944$	$569800{\bmod {8929}}\equiv 944$
$569233{\bmod {8929}}\equiv 946$	$-567713{\bmod {8929}}\equiv 946$
$944233{\bmod {8929}}\equiv 567$	$946800{\bmod {8929}}\equiv 567$
$-946144{\bmod {8929}}\equiv 569$	$-944713{\bmod {8929}}\equiv 569$

The sum of all numbers mod p*q is 0. And interestingly the sum of all the numbers for the field $89*29$ up to $567$ is its inverse $1006$

\sum _{x=1}^{x={\sqrt {-1}}-1}{\bmod {p*q}}\equiv ({\sqrt {-1}}-1)^{-1}

\sum _{x={\sqrt {-1}}+1}^{x=p*q-1}{\bmod {p*q}}\equiv ({\sqrt {-1}}+1)^{-1}

These sums can be worked out by the well known equation:

\sum _{x=1}^{{\sqrt {-1}}-1}\equiv ({\sqrt {-1}}-1)({\sqrt {-1}})/2

Looking at 2493(2^88-2^28) Again

With knowledge of the tables above lets look at:

-(2^{89*29-1}-1){\bmod {89*29}}\equiv 2493*(2^{88}-2^{28})\equiv {\sqrt {1}}*(2^{p-1}-2^{q-1})

Knowing that $(713+144)*2493\equiv -567$ we can multiply the above term by $-567$ to get:

(713+144)*(2^{88}-2^{28}){\bmod {89*29}}\equiv 1545

Noting that $713{\bmod {8}}9\equiv 1$ and $144{\bmod {2}}9\equiv -1$ the Product To Sum Rule, described above, can be applied giving:

(713*2^{88}-(2^{28}+713-1)+(144-2^{88}+1)-144*2^{28}){\bmod {89*29}}\equiv 1545

Subtracting out 2, adding 569 and combining terms gives us:

712*2^{88}-145*2^{28}{\bmod {89*29}}\equiv 2112

Adding $2^{88}+2^{28}$ (which is $2^{89*29-1}+1{\bmod {89*29}}$ ) we get the powers of p and q multiplied by the quad powers of 1:

713*2^{88}-144*2^{28}{\bmod {89*29}}\equiv 41

By symmetry and noting that the other quad roots of 1 per 89*29 are 800 and 233, that

800*2^{88}-233*2^{28}{\bmod {89*29}}\equiv 39

These two sums are equivalent to:

713*(2^{88}-945*2^{28}){\bmod {89*29}}\equiv 39

and

(-713)*2493*(2^{88}+945*2^{28}){\bmod {89*29}}\equiv 41

which have been studied extensively in another section of this blog.

Other Equations Dealing With I

The Imaginary unit wiki article has some interesting equations that deal with I. These also apply to the modular ${\sqrt {-1}}{\bmod {p*q}}$ as well:

Using the radical sign for the principal square root gives:

${\sqrt {i}}={\frac {\sqrt {2}}{2}}(1+i).$

The following equation from the same wiki article also applies to the modular imaginary number:

The three cube roots of i are:

$-i,$

${\frac {\sqrt {3}}{2}}+{\frac {i}{2}},$

$-{\frac {\sqrt {3}}{2}}+{\frac {i}{2}}.$

Similar to all of the roots of 1, all of the roots of i are the vertices of regular polygons inscribed within the unit circle in the complex plane.

Also, from my own observation:

$(2+4{\sqrt {-1}})(3+{\sqrt {-1}})^{-1}{\bmod {p*q}}\equiv ({\sqrt {-1}}+1)$

An example:

get i number for 41*401 modulus
PowerMod=5995
show the equation above to work for this modulus
Mod, 41 401]=5996

Other Facts on the Modular Imaginary Number

Interestingly, ${\sqrt {-1}}_{x}+1{\bmod {p}}*q\equiv (-4)^{1/4}{\bmod {p}}*q$ This also works for ${\sqrt {-1}}_{x}-1{\bmod {p}}*q\equiv (-4)^{1/4}{\bmod {p}}*q$

A way to determine the ${\sqrt {-1}}{\bmod {p}}*q$ is to subtract successive squares from $p*q$ . If the resulting sum is also a square then ${\sqrt {-1}}{\bmod {p}}*q\equiv ({\sqrt {square_{1}}})*{\sqrt {square_{2}}}^{-1}{\bmod {p}}*q$ . In numeric terms $538\equiv (7)30^{-1}$ . This works since $949=7*7+30*30$ . You can also create sum of square for any fourth multiple of $p*q$ : $\alpha *4*(p*q)$

Actually, if both $x{\bmod {p*q}}$ and $-x{\bmod {p*q}}$ are quadratic then ${\sqrt {x}}{\sqrt{-x}}{\bmod {p*q}}\equiv -{\sqrt {-1}}_{i}$ .

This is so since given the two numbers, ${\sqrt {x}}$ and ${\sqrt {(-1)*x}}={\sqrt {-1}}*{\sqrt {x}}$ , That the fraction of these two sums will necessarily be: ${\frac {1}{\sqrt {-1}}}=-{\sqrt {-1}}{\bmod {p*q}}$ . Please note that ${\sqrt {-1}}^{-1}{\bmod {p*q}}\equiv -{\sqrt {-1}}$ .

Finally, you can factor the sum of squares by using the square root of -1 to multiply one of the roots.

97^{2}+17^{2}{\bmod {7}}3*13\equiv (97+17*538)(97-17*538){\bmod {7}}3*13

where

538\equiv {\sqrt {-1}}{\bmod {7}}3*13

This means that the a factorisation of 2 mod p*q is:

({\sqrt {1}}+{\sqrt {-1}})({\sqrt {1}}-{\sqrt {-1}}){\bmod {p}}*q\equiv 2

or, in our case of modulus 949:

(220+538)(220-538){\bmod {9}}49\equiv 2

You can also factor the minus of squares by using the square root of 1 like this:

97^{2}-17^{2}{\bmod {7}}3*13\equiv (97+17*220)(97-17*220){\bmod {7}}3*13

where

220\equiv {\sqrt {1}}{\bmod {7}}3*13

I will now show that knowledge of one of the square roots of negative 1 mod p*q is tantamount to factoring p*q, if you can take a modular square root

Since

$g^{p*q-1}-1{\bmod {p}}*q\equiv {\sqrt {1}}(g^{p-1}-g^{q-1})$ and $g^{(p*q-1)/2}{\bmod {p}}*q\equiv g^{(p+q-2)/2}$

and

${\sqrt {{\sqrt {1}}(g^{(p-1)}-g^{(q-1)})-2*g^{(p+q-2)/2}*{\sqrt {-1}}_{1}}}{\bmod {p}}*q\equiv (1)^{1/4}(g^{(p-1)/2}-g^{(q-1)/2}*{\sqrt {-1}}_{2})$

and

${\sqrt {{\sqrt {1}}(g^{(p-1)}-g^{(q-1)})+2*g^{(p+q-2)/2}*{\sqrt {-1}}_{1}}}{\bmod {p}}*q\equiv (1)^{1/4}(g^{(p-1)/2}+g^{(q-1)/2}*{\sqrt {-1}}_{2})$

then the sum of these two equations equals:

$(1)^{1/4}*2*g^{(p-1)/2}{\bmod {p}}*q$

If you raise this above sum to the fourth power you get $16*g^{2p-2}{\bmod {p}}*q$

Use of the Product Of Powers To Sum Of Powers Theorum

Surprisingly, sometimes, you can use the Product Of Powers To Sum Of Powers theorum (described in an earlier section) to simplify:

${\sqrt {{\sqrt {1}}(g^{(p-1)}-g^{(q-1)})-2*g^{(p+q-2)/2}*{\sqrt {-1}}_{1}}}{\bmod {p}}*q\equiv (1)^{1/4}(g^{(p-1)/2}-g^{(q-1)/2}*{\sqrt {-1}}_{2})$

Numerically, as $220={\sqrt {1}}$ and $27^{2}{\bmod {9}}49\equiv 220$ and $538\equiv {\sqrt {-1}}_{1}{\bmod {9}}49$ and $684\equiv {\sqrt {-1}}_{2}$ and $949=13*73$ then:

220(2^{72}-2^{12})-2^{42}*2*538{\bmod {1}}3*73\equiv 114

(27(2^{36}-2^{6}*684))^{2}{\bmod {1}}3*73\equiv 835\equiv -114

Understanding that ${\sqrt {-1}}_{x}{\bmod {p}}*q$ have ${\sqrt {-1}}{\bmod {p}}$ and ${\sqrt {-1}}{\bmod {q}}$ , and that the quad root of 1 ( $27$ ) has ${\sqrt {-1}}{\bmod {p}}$ and $1{\bmod {q}}$ , it is sometimes possible to use a $1^{1/4}{\bmod {p}}*q$ in conjunction with a ${\sqrt {-1}}{\bmod {p}}*q$ to decompose products into sums. In the equation above $27$ and $684$ have the right properties and we can change the equation to be:

((27+2^{36}-1)-(-2^{6}-684*27-1))^{2}{\bmod {1}}3*73\equiv 835\equiv -114

((27+2^{36})+(2^{6}+684*27))^{2}{\bmod {1}}3*73\equiv 835\equiv -114

One of the Square Roots Found

Another simplification is to notice that $27(1+684)\equiv 464$ , or $1^{1/4}(1+{\sqrt {-1}}_{2})$ , is equal to $-220+684\equiv 464\equiv -{\sqrt {1}}+{\sqrt {-1}}_{2}$ . Working on this in the square noted above we have:

(2^{36}+2^{6}+27(1+684))^{2}{\bmod {1}}3*73\equiv 835\equiv -114

This is equivalent to:

(220*(2^{36}+2^{6}+27(1+684)))^{2}{\bmod {1}}3*73\equiv 835\equiv -114

since

220\equiv {\sqrt {1}}

Multiplying $220$ through and substituting $(-220+648)$ for $27(1+684)$ leads to:

(220*(2^{36}+2^{6})+220(-220+684))^{2}{\bmod {1}}3*73\equiv 835

Finally,

(220*(2^{36}+2^{6})-1+538))^{2}{\bmod {1}}3*73\equiv 835

We know the two terms $220*(2^{36}+2^{6})$ and $-1+538$ (remember we know one of the ${\sqrt {-1}}$ for this exercise but not the second).

Therefore, we know one of the square roots of the complicated equation we started with:

{\sqrt {(27(2^{36}-2^{6}*684))^{2}}}{\bmod {1}}3*73\equiv 220*(2^{36}+2^{6})-1+538\equiv 602

${\sqrt {{\sqrt {1}}(g^{(p-1)}-g^{(q-1)})-2*g^{(p+q-2)/2}*{\sqrt {-1}}_{1}}}{\bmod {p}}*q\equiv {\sqrt {1}}(2^{(p-1)/2}+2^{(q-1)/2})-1+{\sqrt {-1}}_{1}$

A very complicated endeavor, but one that, nonetheless, yields one of the square roots of $835$ in this case since $602*602{\bmod {7}}3*13\equiv 835$

Symmetry finds the other root

Symmetry is important in modular math algebraic equations. In this case to find the square root of the other equation: ${\sqrt {{\sqrt {1}}(g^{(p-1)}-g^{(q-1)})+2*g^{(p+q-2)/2}*{\sqrt {-1}}_{1}}}{\bmod {p}}*q\equiv (-2^{(p-1)/2}+2^{(q-1)/2})+1-{\sqrt {-1}}_{1}$

${\sqrt {(27(2^{36}+2^{6}*684))^{2}}}\equiv -2^{36}+2^{6}+1-538{\bmod {7}}3*13\equiv 475$

and $475*475{\bmod {7}}3*13\equiv 712\equiv -237$ and

$220*(2^{72}-2^{12})+2*2^{36+6}*538{\bmod {9}}49\equiv 237$

Remember that $2^{948/2}-1{\bmod {9}}49\equiv -2^{36}+2^{6}$

and $2^{948/2}+1{\bmod {9}}49\equiv 220*(2^{36}+2^{6})$

so the two equations are roughly symmetric to each other. Also, remember that the signs in these above two equations change depending on the primes used.

We have two square roots but not the right ones

Having found two roots $602$ and $475$ mod $949$ , let's see what roots we need to apply the two equations three sections previous:

{\sqrt {{\sqrt {1}}(g^{(p-1)}-g^{(q-1)})-2*g^{(p+q-2)/2}*{\sqrt {-1}}_{1}}}{\bmod {p}}*q\equiv (1)^{1/4}(g^{(p-1)/2}-g^{(q-1)/2}*{\sqrt {-1}}_{2})

{\sqrt {{\sqrt {1}}(g^{(p-1)}-g^{(q-1)})+2*g^{(p+q-2)/2}*{\sqrt {-1}}_{1}}}{\bmod {p}}*q\equiv (1)^{1/4}(g^{(p-1)/2}+g^{(q-1)/2}*{\sqrt {-1}}_{2})

As numbers we want these roots:

27(2^{36}-2^{6}*684){\bmod {9}}49\equiv 529

27(2^{36}+2^{6}*684){\bmod {9}}49\equiv 474

We can see that $-475{\bmod {9}}49\equiv 474$ so we do have one of the square roots we want, however,

220*602{\bmod {9}}49\equiv 529

(remember

220\equiv {\sqrt {1}}{\bmod {9}}49

)

so we don't have the second square root we want, but its reflection. So we are close to factoring $p*q$ but, unfortunately, no ecigarette.

We Can, However, Remove The 2^((p-1)/2) Term From The Equation

Understanding that ${\sqrt {1}}*1^{1/4}$ is the inverse of $1^{1/4}$ , and that inverses are often equivalent when it comes to the Product To Sum theorum, we can therefore unwind:

27*2^{36}{\bmod {9}}49\equiv 27+2^{36}-1

27^{-1}*2^{36}{\bmod {9}}49\equiv 27^{-1}+2^{36}-1

As such, when we substract our two derived roots, $475-602{\bmod {9}}49\equiv 822$

and this $822$ , after the unwinding mentioned above is equivalent to:

(27^{-1}-27)-2^{6}*684*(27^{-1}+27){\bmod {9}}49\equiv 822

(1^{-(1/4)}-1^{1/4})-2^{(q-1)/2}*{\sqrt {-1}}_{2}*(1^{-(1/4)}+1^{1/4}){\bmod {p}}*q

Thus we have removed powers of $p$ from the equations, however, it still does not solve for either $p$ or $q$

We can Remove Both P and Q From the Equation

We can further reduce the equation by applying the Product To Sum rule to $27*684*2^{6}$ and $27^{-1}*684*2^{6}$ . The expansion of this algebra is shown below:

(27^{-1}-27)-(2^{6}-684*27^{-1}+1)-(-2^{6}-684*27-1)\mod 949\equiv 822

This contracts to:

(27^{-1}-27)+684(27^{-1}+27){\bmod {9}}49\equiv 822

(1^{-(1/4)}-1^{1/4})+{\sqrt {-1}}_{2}(1^{-(1/4)}+1^{1/4}){\bmod {p}}*q

Thus, we have removed both $P$ and $Q$ from the equation and only the quad roots of 1 and the square root of -1 remain.

(It should be noted that $-2*538{\bmod {9}}49\equiv 822$ where $538\equiv {\sqrt {-1}}_{1}$ )

Notes on obtaining these numbers

After some work with Mathematica, it seems there are two cases for the roots created in this section. There is one where 1) $1^{1/4}{\bmod {q}}\equiv 1|-1$ and the other 2) is when $1^{1/4}{\bmod {q}}\equiv {\sqrt {-1}}$ . For the second case you need to multiply the formula for both the two roots by ${\sqrt {-1}}_{1}{\bmod {p}}*q$ (this is explained in the section showing the formulas for the numbers $89*29$ )

The P and Q primes need to be

1{\bmod {4}}

2^{(p-1)/2}{\bmod {p}}\equiv -1

2^{(q-1)/2}{\bmod {q}}\equiv 1

When these conditions are observed, then $2/3$ will be case 2 ( $1^{1/4}{\bmod {q}}\equiv {\sqrt {-1}}$ ) and the rest case 1 ( $1^{1/4}{\bmod {q}}\equiv 1|-1$ ).

Due to sign issues between

2^{(p*q-1)/2}\pm 1{\bmod {p}}*q

1^{1/4}{\bmod {p}}*q

and

1^{3/4}{\bmod {p}}*q

{\sqrt {-1}}_{1}{\bmod {p}}*q

there are 8 possible computations you can make to get the root of this section. Of these 8, 2 will be correct, the other 6 incorrect.

Checking With A Second Modulus: 89*29

Checking with a second modulus, $89*29$ with $568$ and $945$ as ${\sqrt {-1}}$ and

2^{154}\equiv {\sqrt {1}}

2^{77}\equiv (1)^{1/4}

2^{(89*29-1)/2}-1{\bmod {8}}9*29\equiv -2^{44}+2^{14}

2^{(89*29-1)/2}+1{\bmod {8}}9*29\equiv 2^{154}(2^{44}+2^{14})

, I had to multiply the equations by one of the square roots of -1: $568$ :

2^{77}(2^{44}-2^{14}*945){\bmod {8}}9*29\equiv 540

2^{77}(2^{44}+2^{14}*945){\bmod {8}}9*29\equiv 1064

The above numbers are the intended numbers. The numbers we get from our equations are:

(568*((-2^{44}+2^{14})+1-568)){\bmod {8}}9*29\equiv 1519\equiv {\sqrt {1}}*540

(568*(2^{154}(2^{44}+2^{14})-1+568)){\bmod {8}}9*29\equiv 1517\equiv -1064

The effect of multiplying by ${\sqrt {-1}}$ helps get the correct square we are after instead of the negative number to the square we want.

This set of equations also works with the modulus $113*73$ , however, the set of equations seems to require a square root of 1 mod p*q, ${\sqrt {1}}{\bmod {p}}*q$ , that is not $-1$ . In other words, besides $-1$ , there needs to be another square root of 1.

Imaginary Modular Numbers are one off the sum of Two Quad Roots Of One

Since Imaginary Modular Numbers are one off the sum of two quad roots of one (see Definition Of Quad Roots), and quad roots are always $\pm 1{\bmod {porq}}$ it follows that we can use the Product To Sum Theorum to further decompose the two equations we have made in the previous section.

Taking $2^{154}*2^{77}(2^{44}-2^{14}*945){\bmod {89*29}}\equiv 1519$ and understanding that $567\equiv -1781-233{\bmod {89*29}}$ , and that both $1781$ and $233$ are both quad roots of 1 for the modulus $89*29$ , then we can decompose the sum of $1519$ in the following steps:

$2^{154}*2^{77}(2^{44}-2^{14}*945){\bmod {89*29}}\equiv 1519$
$2^{77}(2^{154}*2^{44}+2^{14}*568){\bmod {89*29}}\equiv 1519$
$2^{77}(2^{154}*2^{44}+2^{14}*(-1781-232)){\bmod {89*29}}\equiv 1519$
and understanding that $-1781{\bmod {89}}\equiv -1$ , $-232{\bmod {29}}\equiv 0$ , and $2^{14}{\bmod {29}}\equiv -1$ then
$2^{77}(2^{154}-2^{44}+1+2^{14}*(-1781-232)){\bmod {89*29}}\equiv 1519$
$2^{77}(2^{154}-2^{44}+1+1781-2^{14}-1+2^{14}*(-232)){\bmod {89*29}}\equiv 1519$
$2^{77}(2^{154}-2^{44}+1781-233*2^{14}){\bmod {89*29}}\equiv 1519$

Note that we have created an equation that can now be compared with the other equation of the two, which shall be decomposed in the following steps (remembering that $233+713{\bmod {89*29}}\equiv 946$ , $2^{14}{\bmod {89*29}}\equiv -1$ , $713{\bmod {89}}\equiv 1$ , and $232{\bmod {29}}\equiv 0$ ):

$2^{77}(2^{44}+2^{14}*945){\bmod {89*29}}\equiv 1064$
$2^{77}(2^{44}+2^{14}*(713+232)){\bmod {89*29}}\equiv 1064$
$2^{77}(2^{44}-713+2^{14}+1+2^{14}*(232)){\bmod {89*29}}\equiv 1064$
$2^{77}(2^{44}-713+1+233*2^{14}){\bmod {89*29}}\equiv 1064$

At this point we can add both sums:

$1519+1064{\bmod {89*29}}\equiv 2\equiv 2^{77}(2^{154}+1781-713+1)$
Remembering that both $1781$ and $713$ are quad roots of 1 then
$1781+1-2^{154}+713{\bmod {89*29}}\equiv 2\equiv ({\sqrt{1}})^{3}+1-{\sqrt {1}}+{\sqrt{1}}$

I checked this math for the modulus $73*13=949$ , and the result was similar. The two equations in question were:

220*27(2^{36}-2^{6}*684){\bmod {73*13}}\equiv 602

27(2^{36}+2^{6}*684){\bmod {73*13}}\equiv 474

The sum of $602+474{\bmod {73*13}}\equiv 127$ and this equation was equivalent to

27(220+1-2*73){\bmod {73*13}}\equiv 127

246+27-2*73{\bmod {73*13}}\equiv 127

({\sqrt{1}})^{3}+{\sqrt{1}}-2*p{\bmod {p*q}}

A quite similar result

Definition of 2^(p-1) and 2^(q-1)

Using the Product To Sum theorum I was able to come up with the two following definitions where $p=89$ and $q=29$ and $2493{\bmod {89*29}}\equiv {\sqrt {1}}$ :

Mod== 2^88

and

Mod== 2^28

$2^{88+28}{\bmod {89*29}}$ is derviable.

Using the Product To Sum Theorum I was able to do the following math steps:

Mod===Mod==Mod==826

Thus:

Mod===Mod===2073

Thus:

2071===Mod

Trying the modulus 97*37

Trying the modulus $97*37$ for this effect, I found I had to minus the sums in order to cancel out.

(For previous steps (on other modulus) see Original Equations Defined for how to originally define the two equations we add or subtract from each other. And then see Actual Algebraic Proof for the actual resolution of the equations. Consult Product To Sum Method for an algebraic method on P*Q modulus used extensively in the proof)

With:

{\sqrt{1}}\equiv 75

{\sqrt {-1}}_{1}\equiv 216

{\sqrt {-1}}_{2}\equiv 1671

I found that, minusing the two equations from the section above, that I was able to derive:

-75+75^{-1}-1671+216{\bmod {97*37}}\equiv -{\sqrt{1}}+{\sqrt{1}}-{\sqrt {-1}}_{2}+{\sqrt {-1}}_{1}\equiv 432

Since $432\equiv 2*216\equiv 2*{\sqrt {-1}}_{1}$ then it seems we have a new definition whereby:

{\sqrt {-1}}_{1}{\bmod {p*q}}\equiv -{\sqrt{1}}+{\sqrt{1}}-{\sqrt {-1}}_{2}

We can see on examination of the modulus, 73*13=949, that this equation, subject to sign changes holds:

27+27*220-538{\bmod {949}}\equiv 684

{\sqrt{1}}+{\sqrt{1}}-{\sqrt {-1}}_{1}{\bmod {p*q}}\equiv {\sqrt {-1}}_{2}

Thus, it seems that(noting possible sign changes):

\pm {\sqrt{1}}\pm {\sqrt{1}}{\bmod {p*q}}\equiv {\sqrt {-1}}_{2}\pm {\sqrt {-1}}_{1}

This is a definition of the sum of the two square roots of -1 mod p*q per quad roots of 1. Please note that the quad roots need to be inverses of each other.

Trying the modulus $89*29$ we can see that this sums of inverse quad roots of 1 equaling sums of square roots of -1 holds, where 945 and 568 are square roots of -1 for the modulus 89*29, and -233, 144 are inverse quad roots of 1, and 713 and -800 are inverse quad roots of 1 per the modulus given.

-233-144\equiv -(945-568)

800+713\equiv (945+568)

Decomposing 2 to the ((p+q-2)/4) Power Using the Product to Sum Theorum

You can't use the Product To Sum theorum to unwind the multiplication of

2^{29}{\bmod {8}}9*29\equiv 2^{(89*29-1)/4}{\bmod {8}}9*29\equiv 2^{(p+q-2)/4}{\bmod {p}}*q

since

2^{22}{\bmod {8}}9\equiv 1

is okay, but

2^{7}{\bmod {2}}9\equiv 12

(not okay).

However, multiplied by $568\equiv {\sqrt {-1}}{\bmod {8}}9*29$ such that $2^{7}*568{\bmod {2}}9\equiv 1$ , the multiplication can be unwound as in:

2^{29}*568+1{\bmod {8}}9*29\equiv 2^{22}+2^{7}*568\equiv 615

and

2^{29}*568-1{\bmod {8}}9*29\equiv -2493(2^{22}-2^{7}*568)\equiv 613\equiv {\sqrt {1}}(2^{(p-1)/4}-2^{(q-1)/4}*{\sqrt {-1}})

(Remember for this exercise we know $568\equiv {\sqrt {-1}}_{1}$ but not $945\equiv {\sqrt {-1}}_{2}$ )

So for modula of $p*q$ the Product To Sum theorum described here is almost another rule of algebra!

By manipulating these two sums, described just above, and multiplying by $568$ ( ${\sqrt {-1}}_{1}\mod p*q$ ) I was able to establish that, for this modulus of $89*29$ that:

(568-945)*2^{22}+945{\bmod {8}}9*29\equiv 568

({\sqrt {-1}}_{1}-{\sqrt {-1}}_{2})*2^{(p-1)/4}+{\sqrt {-1}}_{2}{\bmod {p}}*q\equiv {\sqrt {-1}}_{1}

({\sqrt {-1}}_{1}-{\sqrt {-1}}_{2})*2^{(p-1)/4}{\bmod {p}}*q\equiv {\sqrt {-1}}_{1}-{\sqrt {-1}}_{2}

({\sqrt {-1}}_{1}-{\sqrt {-1}}_{2})*2^{(p-1)/2}{\bmod {p}}*q\equiv {\sqrt {-1}}_{1}-{\sqrt {-1}}_{2}

({\sqrt {-1}}_{1}-{\sqrt {-1}}_{2})*2^{(p-1)}{\bmod {p}}*q\equiv {\sqrt {-1}}_{1}-{\sqrt {-1}}_{2}

and

({\sqrt {-1}}_{1}+{\sqrt {-1}}_{2})*2^{(q-1)}{\bmod {p}}*q\equiv {\sqrt {-1}}_{1}+{\sqrt {-1}}_{2}

A Multiplier for **g^(p-1)-1 mod p*q to make g^(4(p-1))-1**

If we take the term we shall call $X_{1}$ :

X_{1}=(2^{2*(p*q-1)}+1)(2^{(p*q-1)}+1){\bmod {p}}*q\equiv (2^{2(p+q-1)}+1)(2^{p+q-1}+1)+\alpha *q

we can see that any $\beta *p\equiv 2^{u*(p-1)}-1$ cancels out the $\alpha *q$ .

In the case of $X_{1}$ though:

X_{1}*(2^{p-1}-1){\bmod {p}}*q\equiv 2^{4(p-1)}-1

It's sorta like a multiplier took the power $g^{(p-1)}$ to the fourth power, $g^{4*(p-1)}$ , but this multiplier is not $g^{3*(p-1)}{\bmod {p}}*q$ !

It implodes powers as well. If you take the inverse of $X_{1}$ , then the following equation holds:

X_{1}^{-1}*(2^{4(p-1)}-1){\bmod {p}}*q\equiv 2^{(p-1)}-1

To give an example:

$(2^{2*(10177*577-1)}+1)(2^{(10177*577-1)}+1){\bmod {1}}0177*577\equiv 2370894$

and

$2370894*(2^{10176}-1){\bmod {1}}0177*577\equiv 1984515\equiv 2^{4(10176)}-1$

This works for all $P$ and $Q$ odd prime combinations.

Actually, the above explanation is an insight into a family of equations that are similar multipliers. I have been able to make half the $P$ and $Q$ combinations work to create an $X_{2}$ that works for the equation:

X_{2}*(2^{(p-1)/2}-1){\bmod {p}}*q\equiv 2^{2(p-1)}-1

and I have been able to make around $3/16$ of the $P$ and $Q$ combinations for $X_{3}$ where:

X_{3}*(2^{(p-1)/4}-1){\bmod {p}}*q\equiv 2^{(p-1)}-1

You often have to use the ${\sqrt {-1}}{\bmod {p}}*q$ to construct $X_{3}$ . There are around 8 cases. Consult on how to do this.

As well, it is possible to construct an equation with all the unknowns on the left side being powers of $P$ , and a known number on the right:

X_{3}*2^{(p-1)/4}-2^{p-1}{\bmod {p}}*q\equiv X_{3}-1

An example:

1925*2^{22}-2^{88}{\bmod {8}}9*29\equiv 1925-1

(1925-2^{66})*2^{22}{\bmod {8}}9*29\equiv 1924

Usually, equations always have unknowns of powers of $p$ and $q$ , not just powers of one of the primes.

Definition of 2^{88+66} mod 89*29

If we take the equation just above, with its definition of $1924{\bmod {89*29}}$ then

1924*1925{\bmod {89*29}}\equiv (1925-2^{66})(2^{88}+1924)

If we expand out the polynomial shown on the right side of the equation above, then we can see that

-2^{88+66}-1924*2^{66}+1925*2^{88}{\bmod {89*29}}\equiv 0

This means that

2^{88+66}{\bmod {89*29}}\equiv -1924*2^{66}+1925*2^{88}

This is a type of Product To Sum decomposition from multiplication to subtraction.

To emphasise that this is a family of equations observe the following:

X_{4}=(2^{(p*q-1)}+1)(2^{(p*q-1)/2}+1)(2^{(p*q-1)/4}+1){\bmod {p}}*q\equiv (2^{(p-1)}+1)(2^{(p-1)/2}+1)(2^{(p-1)/4}+1)+\alpha *q

and

X_{4}*(2^{(p-1)/4}-1){\bmod {p}}*q\equiv 2^{2(p-1)}-1

Try the primes $10177$ and $577$ for this exercise. The exact equation is determined by the prime states of the primes. Look at the paper reference below for an explanation of prime states.

X As An Equation Of Only Powers Of P

Take $10177$ and $577$ to produce

X\equiv (2^{(10177*577-1)/2}+1)*(2^{(10177*577-1)/4}+1){\bmod {1}}0177*577\equiv (2^{10176}+(X-1))*2^{-(10176/4)}{\bmod {1}}0177*577\equiv 4817951

This is a definition of the constant, $X$ , only in terms of powers of $p$ and the constant $X$

The equations, for other prime pairs, will be slightly different depending on the prime states now.

As well, take:

4817951-1\equiv -2^{10176}+2^{10176/4}*4817951{\bmod {1}}0177*577

X-1\equiv -2^{p-1}+2^{(p-1)/4}*X{\bmod {p}}*q

and (in the case of $X=2370894$ for $p=10177$ and $q=577$ )

X\equiv 2^{3*(p-1)}+(X-1)*(2^{-(p-1)}){\bmod {p}}*q

which makes:

-2^{3*(p-1)}+X\equiv (X-1)*(2^{-(p-1)}){\bmod {p}}*q

and

2^{7*576}-2^{4*576}{\bmod {10177*577}}\equiv (2370894-1)*(2^{4*576}-2^{3*576})\equiv 4072466

Taking The Square Root Of (-2)^{-2} mod pq Can Factor PQ

With knowledge that there are squareless numbers (numbers whose square mod p*q is itself), and taking the number $(-2)^{-1}{\bmod {p*q}}$ , the following can be asserted:

(SQUARELESSNUMBER+(-2)^{-1})^{2}{\bmod {p*q}}\equiv ((-2)^{-1})^{2}

(6060+3686)^{2}{\bmod {101*73}}\equiv 3686^{2}

where

6060

is a squareless number

(1314+3686)^{2}{\bmod {101*73}}\equiv 3686^{2}

where

1314

is a squareless number

This works because all sum squares are of the form:

\alpha ^{2}+2*\alpha *\beta +\beta ^{2}=(\alpha +\beta )^{2}

If $\beta \equiv (-2)^{-1}{\bmod {p*q}}$ , then $2*\beta \equiv (-1)$ , and if $\alpha =SQUARELESSNUMBER$ , then the equation for the sum squared is:

SQUARELESS+SQUARELESS*(-1)+(-2)^{-2}=(SQUARELESS+(-2)^{-1})^{2}

You can see that $SQUARELESS+SQUARELESS*(-1)=0$ , in other words they cancel out.

This also works, for the same reason for squares of $2^{-1}{\bmod {p*q}}$ , so that

(-SQUARELESSNUMBER+(2)^{-1})^{2}{\bmod {p*q}}\equiv ((2)^{-1})^{2}

(-6060+3687)^{2}{\bmod {101*73}}\equiv 3687^{2}

where

6060

is a squareless number

(-1314+3687)^{2}{\bmod {101*73}}\equiv 3687^{2}

where

1314

is a squareless number

Since both $(-2)^{-2}{\bmod {p*q}}$ and $(2)^{-2}{\bmod {p*q}}$ equal $1*4^{-1}{\bmod {p*q}}$ it follows that, after taking the modular (or natural) square root of $(-2)^{-2}{\bmod {p*q}}$ , we can determine P or Q via

GCD

GCD=101

since

6060{\bmod {101}}\equiv 0

and

3686{\bmod {101*73}}\equiv (-2)^{-1}

Theoretically, this procedure should reveal the factorisation of 1 p*q combination every ${\sqrt {p*q}}$ attempts, however, my trials with Mathematica show that the factorisation is revealed, because the square is a natural square, once every ${\sqrt{p*q}}$ .

The Following mathematica output shows that taking the square root of $4^{-1}{\bmod {p*q}}$ does work.

{{p,q},   TYPEOFSQUARE, SQUARE,ROOT,GCD
{{103,31},ModularSquare,2395,1287,103,1}
{{103,43},ModularSquare,3322,1699,103,1}
{{103,47},ModularSquare,3631,258,47,1}
{{103,59},ModularSquare,4558,2626,103,1}
{{103,67},ModularSquare,5176,2111,103,1}
{{103,71},ModularSquare,5485,1597,71,1}
{{107,31},ModularSquare,2488,481,107,1}
{{107,43},ModularSquare,3451,2086,107,1}
{{107,47},ModularSquare,3772,588,107,1}
{{107,59},ModularSquare,4735,1445,59,1}
{{107,67},ModularSquare,5377,3049,107,1}
{{107,71},ModularSquare,5698,3585,71,1}
{{127,31},ModularSquare,2953,698,127,1}
----
{{127,43},Natural Square,4096,64,43,1}
----
{{127,47},ModularSquare,4477,1715,47,1}
{{127,59},ModularSquare,5620,2095,127,1}
{{127,67},ModularSquare,6382,1842,67,1}
{{127,71},ModularSquare,6763,2095,127,1}
{{131,31},ModularSquare,3046,852,31,1}
----
{{131,43},Natural Square,4225,65,131,1}
----
{{131,47},ModularSquare,4618,1245,47,1}
{{131,59},ModularSquare,5797,2685,131,1}
{{131,67},ModularSquare,6583,1507,67,1}
{{131,71},ModularSquare,6976,2947,131,1}
{24 attempts, 2 natural squares}

This section shows that you only need one modular square root to factor p*q if the base is $(\pm 2)^{-1}{\bmod {p*q}}$ , and not two as with most bases. Thus the factorisation problem is equivalent to the modular square root problem.

The Cubes Of These Numbers

By the same algebra, as shown above, I was able to discern that:

4(3686+6060)^{3}{\bmod {101*73}}\equiv (4*3686^{3}+6060)\equiv 2373

4((-2)^{-1}+SQUARELESS)^{3}{\bmod {p*q}}\equiv (4*(-2)^{-3}+SQUARELESS)

and taking the base of $(-3)^{-1}{\bmod {101*73}}\equiv 4915$ I was able to derive the cube to:

3(4915+6060)^{3}{\bmod {101*73}}\equiv (3*4915^{3}+6060)\equiv 2783

3((-3)^{-1}+SQUARELESS)^{3}{\bmod {p*q}}\equiv (3*(-3)^{-3}+SQUARELESS)

Thus, it is possible to derive:

4(3686+6060)^{3}-3(4915+6060)^{3}{\bmod {101*73}}\equiv 4*3686^{3}-3*4915^{3}

4((-2)^{-1}+SQUARELESS)^{3}-3((-3)^{-1}+SQUARELESS)^{3}{\bmod {p*q}}\equiv 4*(-2)^{-3}-3*(-3)^{-3}

but I wasn't able to get further than this.

Using the well known subtraction of cubes formula:

(a-b)(a^{2}+a*b+b^{2})=(a^{3}-b^{3})

and given

(3686+6060)^{3}-(4915+6060)^{3}

then the SQUARELESS number (or $6060$ ) can be derived but unfortunately we don't have that term.

It is also possible to derive:

(4915+6060)^{3}-(4915+6060)^{2}{\bmod {101*73}}

but this doesn't get any further either.

Subtraction and Addition Of Cubes

Using the unique algebraic properties of the squareless number, you can solve for

Solve

to get squares where

(a+x*SQUARELESS)^{2}{\bmod {p*q}}\equiv a^{2}+SQUARELESS

(4914+3*6060)^{2}{\bmod {101*73}}\equiv 4914^{2}+6060

(5529+2*6060)^{2}{\bmod {101*73}}\equiv 5529^{2}+6060

Thus a subtraction of squares can be done as in:

(4914+3*6060)^{2}-(5529+2*6060)^{2}{\bmod {101*73}}\equiv 4914^{2}-5529^{2}

Likewise for cubes, you can solve for

Solve

(a+x*SQUARELESS)^{3}{\bmod {p*q}}\equiv a^{3}+SQUARELESS

(2+2302*6060)^{3}{\bmod {101*73}}\equiv 2^{3}+6060

(7+5289*6060)^{3}{\bmod {101*73}}\equiv 7^{3}+6060

Thus a subtraction of cubes can be done as in:

(2+2302*6060)^{3}-(7+5289*6060)^{3}{\bmod {101*73}}\equiv 2^{3}-7^{3}

Unfortunately, for all these new equations above, it was not possible to derive p or q from them.

Quotes From Hardy's Commentary On Ramanujan

Quoting the equation from p 89 of "Ramanujan" by Hardy:

Ramanujan went a good deal further. He proved congruences with modulli $5^{2},7^{2}and11^{2}$ being:

$p(25m+24)\equiv 0{\bmod {5}}^{2}$

and put forward a conjecture that if

$\theta =5^{a}7^{b}11^{c}$

$24\beta \equiv 1{\bmod {\theta }}$

then $p(m\theta +\beta )\equiv 0{\bmod {\theta }}$

Apparently, the conjecture has been shown to be incorrect at times, but it usually is good enough to work with.

The P function is the permutation function, or basically, the Factorial function.

An Exploration of Dickson's 1921 "Theory Of Numbers"

This section will be devoted to topics found from a gleeming of Dickson's 1921 History of the Theory of Numbers.

The three volume work seems to have math that has dropped out of the Math corpus.

ax^4+by^4 equals c*z^2

Quite a few of previous mathematicians worked on this above equation. I couldn't get some of their work to work, but for several of them I was able to get them to work, that of(if z is the modulus then the square root of -a/b mod z can be found easily)

Realis Works

S. Realis(Theory of Numbers vol ii p 627)

S. Realis noted that if

\alpha ^{4}-2*\beta ^{4}==\lambda ^{2}

then

x^{4}-2*y^{4}==z^{2}

x=3(339*\alpha ^{3}+392*\beta ^{3})+8*\alpha *\beta (216*\alpha +211*\beta )+7*\lambda (113*\alpha +96*\beta )

y=4(147*\alpha ^{3}-226*\beta ^{3})-27*\alpha *\beta (5*\alpha +64*\beta )+7*\lambda (108*\alpha +113*\beta )

I was able quickly to make the above math work on Mathematica, but I was unable to set the modulus of the modulus which would be $z$

On Theory Of Numbers, vol ii, p632, the following equations will create $x^{4}-3*y^{4}=13*z^{2}$

x=76*a^{3}+96*a^{2}*b+135*a*b^{2}+156*b^{3}+13*lambda(19*a+12*b)

y=52*a^{3}+28*a^{2}*b-96*a*b^{2}-57*b^{3}+13*lambda*(16*a+19*b)

if $a^{4}-3*b^{4}=13*lambda^{2}$

Fermat works

Fermat method (Theory of Numbers, vol ii, p 631) works and I was able to set the modulus to be what I wanted. (The modulus was z so I proceeded with modular equations and cancelled out the z's simplying the equation). I was only able to get one of the square roots. The other one (for p*q modula never appeared)

If (1) has solutions

x,y,z

, then Fermat's method convieniently applied leads to new solutions

X=x(4a^{2}x^{8}-3c^{2}z^{4})

Y=y(4b^{2}y^{8}-3c^{2}z^{4})

Z=z

Desboves works

A. Desboves math at p631 vol ii of "Theory Of Numbers" works.

$(y^{2}+2*y*x-x^{2})^{4}+(2*x+y)*x^{2}*y*(2*y+2*x)^{4}$ == $(x^{4}+y^{4}+10*x^{2}*y^{2}+4*x*y^{3}+12*x^{3}*y)^{2}$

It's quite good in that it doesn't require a working earlier case.

dickson's work on tonelli says the algorithm will work on mod p^k not just on mod p

I'm not a professional mathematician but I just read Dickson's "History of Numbers" where it says on page 215-216 that

A. Tonelli gave an explicit formula for the roots of

x^{2}=c({\bmod {p^{\lambda }}})

After reading the Dickson text a couple of times on p215,216 I came across this formula for the square root of $x^{2}{\bmod {p^{y}}}$ .

when

p=4*7+1

, or

s=2

and

A=7

for

x^{2}{\bmod {p^{\lambda }}}\equiv c

then

x{\bmod {p^{\lambda }}}\equiv \pm (c^{A}+3)^{\beta }*c^{(\beta +1)/2}

where

\beta \equiv a*p^{\lambda -1}

Noting that $23^{2}{\bmod {29^{3}}}\equiv 529$ and noting that $\beta =7*29^{2}$ then

(529^{7}+3)^{7*29^{2}}*529^{(7*29^{2}+1)/2}{\bmod {29^{3}}}\equiv 24366\equiv -23

So Tonelli's math does seem to take modular square roots of prime powers! The Tonelli–Shanks algorithm article explicitly says the algorithm only takes the modular square root of primes:

"The Tonelli–Shanks algorithm (referred to by Shanks as the RESSOL algorithm) is used within modular arithmetic to solve for r a congruence of the form r ≡ n (mod p), where p is a prime.

Tonelli–Shanks cannot be used for composite moduli; finding square roots modulo composite numbers is a computational problem equivalent to integer factorization. "

Here's another equation: $2333^{2}{\bmod {29^{3}}}\equiv 4142$ and

(4142^{7}+3)^{7*29^{2}}*4142^{(7*29^{2}+1)/2}{\bmod {29^{3}}}\equiv 2333

On page 215-216 of the Dickson book, the equation is given of Tonelli's:

X{\bmod {p^{y}}}\equiv x^{p^{y-1}}*c^{(p^{y}-2p^{y-1}+1)/2}

where

X^{2}{\bmod {p^{y}}}\equiv c

and

x^{2}{\bmod {p}}\equiv c

;

Using $p=23$ and using the modulus of $p^{3}$ the math follows (in mathematica):

Mod=2191
Mod=6
PowerMod=11
Mod =1115

Thus Tonelli's work can work for a 3 mod 4 prime power.

This math proves that, under some circumstances, that Tonelli's work is greater than Shanks. Those old text books (in the case Dickson's "History of Numbers" volume 1) are sometimes worth pouring through! Shanks did refer to his algorithm as the RESSOL algorithm and cryptographers are famous for codes. It should be noted that RESSOL is LOSER backwards. Maybe, Shank was aware of Tonelli's powers of prime modular square root method, but did not publically reveal it. We will never know because Mr. Daniel Shanks is dead.

Cipolla's algorithm is able to find square roots of powers of prime modula, just like Tonelli's

According to Dickson's "History Of Numbers" vol 1 p 218 , the following formula of Cipolla, Cipolla's algorithm, will find square roots of powers of prime modula and not just prime modula (as the wiki article states):

2^{-1}*q^{t}((k+{\sqrt {k^{2}-q}})^{s}+(k-{\sqrt {k^{2}-q}})^{s}){\bmod {p^{\lambda }}}

where

t=(p^{\lambda }-2*p^{\lambda -1}+1)/2

s=p^{\lambda -1}*(p+1)/2

and

x^{2}{\bmod {p^{\lambda }}}\equiv q

where

q=10

k=2

as in the wiki example

Taking the example in the wiki article we can see that this formula above does indeed take square roots of prime power modula.

Dropping into Mathematica

PowerMod=1046
Create 2^(-1)*q^(t) via
Mod PowerMod[10, (13 13 13 - 2 13 13 + 1)/2,
    13 13 13], 13 13 13]=1086
Create the (k+ sqrt{k^{2}-q})^{s} and (k- sqrt{k^{2}-q})^{s} via the following Mathematica procedure 
try999 := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10},
  a2 = r;
  a3 = i;
  For[a1 = 2, a1 <= p , a1++,
   a4 = a2;
   a5 = a3;
   a2 = Mod;
   a3 = Mod;
   (*Print;*)
   ];
  Return;
  ]
(k+sqrt{k^{2}-q})^{s}= 1540   and (k-\sqrt{k^{2}-q})^{s}= 1540
via the following function calls
try999=1540
try999=1540
and 
Mod=1046  which is the answer.

Cipolla means onion in Italian by the way.

An Angle On The Modular Quadratic Equation (according to Gauss)

Says p207 of Dickson's "Theory of Numbers" vol 1:

The congruence $a*x^{2}+b*x+c{\bmod {m}}\equiv 0$ is reduced (art. 152 ) to $y^{2}{\bmod {4*a*m}}\equiv b^{2}-4*a*c$ . For each root $y$ , it remains to solve $2*a*x+b=y{\bmod {4*a*m}}$ .

Quoting from

Knowing that ${\sqrt {-1}}_{1}=568{\bmod {89*29}}$ then

$-1{\bmod {89*29}}\equiv b*(b+1)+568$

or

$-569{\bmod {89*29}}\equiv b*(b+1)$

For the purposes of this example we will say that $-569{\bmod {89*29}}\equiv (-390)(-389)$ since $1335-945=390$ and $945\equiv {\sqrt {-1}}_{2}{\bmod {89*29}}$
Since $390=1335-945$ we can multiply by ${\sqrt {-1}}_{1}=568$ which is known giving
$568*1335-2493$ and since $-2*1335+1{\bmod {89*29}}\equiv 2493\equiv {\sqrt {1}}$
then the sum above equals $568*1335+2*1335-1$ , so add 1 and get $(568+2)*1335$ .
Dividing by $570$ , which is known, gives us $1335$ .
$1335$ is a multiple of $89$ , one of the factors. This can quickly be derived via the Greatest Common Divisor function.

The equation, $-1{\bmod {89*29}}\equiv b*(b+1)+568$ , shown above, is easily turned into a quadratic equation:

0{\bmod {89*29}}\equiv 1*(x^{2})+1*x+569

Let's see how it fares with Gauss's quadratic construction (as shown by Dickson):(a=1,b=1,c=569):

1^{2}-4*(1)*569{\bmod {4*1*89*29}}\equiv 8049

and

{\sqrt {8049}}{\bmod {4*1*89*29}}\equiv 779

and

2*389+1{\bmod {4*1*89*29}}\equiv 779

, thus

x=389

We can see here that this matches well with the $390$ answer we have from the blockquote above. Also, from the blockquote above, we can see that $390$ with knowledge of one of the square roots of -1 (568) is enough to factor the modulus.

As well, with knowledge of one of the square roots of -1 and the good fortune of having

1-4*{\sqrt {-1}}_{\bmod {p*q}}{\bmod {4*1*p*q}}\equiv NATURALSQUARE

that we don't have to take the modular square root and thus the equation is quickly solvable!

Theoretically, all quadratic equations could be converted into natural squares

When one considers that:

n*(x^{2}+x+INTEGER)

converts

a=n

b=n

c=INTEGER*n

If this new sum results in a natural square via $n^{2}-4*n*INTEGER*n{\bmod {4*n*p*q}}$

then the resulting $x$ value will be the same as the original equation.

Likewise, when you add or subtract:

x^{2}+x+INTEGER\pm n*(x^{2}+x+INTEGER)

converts

a=1\pm n

b=1\pm n

c=INTEGER\pm INTEGER*n

you may end up with a natural square in the

(1\pm n)^{2}-4*(1\pm n)*INTEGER*(n\pm 1){\bmod {4*(1\pm n)*p*q}}

Using this method, theoretically, all quadratic equations could be turned into natural squares with the X values the same as the original equation.

The Alternative Formula For The Quadratic Equation Seen In Modular Arithmetic

Looking at the Quadratic_equation#Alternative_quadratic_formula for the modular quadratic equation, one can see here that it is:

The general quadratic equation can be written in the standard form

$x^{2}-4ux+4v^{2}=0$

where u and v are complex numbers. Then the solutions can be written in the particularly symmetric form

$x_{1,2}=({\sqrt {u+v}}\pm {\sqrt {u-v}})^{2}$

or equivalently

$x_{1,2}=({\sqrt {u-v}}\pm {\sqrt {u+v}})^{2}.$

Now if:

1) the complex numbers U and V were the same

2) U had the parameters of a pythagorean triple

3) one knew the

{\sqrt {-1}}_{i}{\bmod {p*q}}

then $x_{1,2}$ could be worked out since

U+V are the parameters for a pythagorean modular square

U-V is zero

the root could be taken of 2*U and this would be the answer to the quadratic equation. An example showing this to be true for modular numbers follows:

Using the Pythagorean Triple 3 4 5, construct a modular complex number
where 568 is the square root of -1 mod 89*29
Mod= 1708
Just to be quick use Mathematica to solve this equation
which is the alternative quadratic equation mentioned above
Solve[x^2 - 4 1708 x + 4 1708^2 == 0, {x}, 
 Modulus -> 89 29]
{{x -> 835}}
Now take the square root of 2*1708, (see previous sections 
pertaining to taking modular square roots using the
pythagorean parameters)
Mod= 571
Now square this number, and viola, we have the correct answer
Mod= 835

Pythagorean Triples Can Make A Natural Square For Gauss's Quadratic Equation

In this section, I will quickly show that Pythagorean Triples, fed into Gauss' Quadratic Equation solution, can provide natural squares in the $b^{2}-4*a*c{\bmod {4*a*m}}$ half the time. However, the root of the natural square given is NOT the solution root. The solution root is the $root*{\sqrt {1}}{\bmod {m}}$ .

This method rests upon the observation that

2*(a+b_{1}^{2}+b*{\sqrt {1}})-D*(a_{1}+b_{1}*{\sqrt {1}}){\bmod {m}}\equiv 2(a+b_{1}^{2})-D*a_{1}

where

D=2*b/b_{1}

x^{2}-D*x+(2(a+b_{1}^{2})-D*a_{1})\equiv 0

so that

a=1,b=-D,c=(2(a+b_{1}^{2})-D*a_{1})

As such, $2(a+b_{1}^{2})-D*a_{1}$ is an equation that does not contain ${\sqrt {1}}{\bmod {m}}$ or any unknown. See for a citation on the use of Pythagorean Triples and squares and roots using ${\sqrt {1}}{\bmod {p*q}}$ instead of ${\sqrt {-1}}{\bmod {p*q}}$ as is normally the case in this math blog. See here for an explanation of the Pythagorean Triples method mentioned in this post.

The following Mathematica procedure shows that Pythagorean Triples fed into Gauss' method of solving a modular quadratic equation can provide natural squares for $b^{2}-4*a*c{\bmod {4*a*m}}$ .

(* type: 1 SQUARE ROOT OF 1 sought *)
(* type: 2 SQUARE ROOT OF -1 sought *)
(* type: 3 CUBE ROOT OF -1 sought *)
gaussian := 
 Module[{lp1, lp2, py1, py2, py3, r1, r2, mult, minus, square, root, 
   ans1, ans3, ans2, ans4,
   cnt1, cnt2, sqrt, stoploop},
  cnt1 = 0; cnt2 = 0;
  stoploop = 10;
  sqrt = Mod, p q];
  If == 1, sqrt = 2 sqrt + 1;,
   sqrt = 2 sqrt - 1;
   ];
  For[lp1 = 1, lp1 < lp3, lp1++,
   For[lp2 = 1, lp2 < lp3, lp2++,
     If];
     cnt1++;
     py1 = 2 lp1 lp2;
     py2 = lp1^2 - lp2^2;
     If;];
     py3 = lp1^2 + lp2^2;
     If[py1^2 + py2^2 == py3^2,
      r1 = (py3 + py1)^(1/2);
      r2 = (py3 - py1)^(1/2);
      If && r2 == IntegerPart,
       If[type == 1,
        mult = Mod, p q];
        minus = Mod;
        ];
       If[type == 2,
        mult = Mod, p q];
        minus = Mod;
        ];
       If[type == 3,
        mult = Mod, p q];
        minus = Mod;
        ];
       square = mult^2 - 4 minus;
       root = square^(1/2);
       If,
        Print[{{"Pythagorean Triple ", py1, py2, 
           py3}, {"Root Coefficients ", r1, r2}, {"mult", mult, 
           "minus", minus, "square", square}, {"(b^2-4ac)^(1/2) ", 
           root}, {lp1, lp2}}];
        Print; 
        Print,
          ans1 = Solve
          }];
        ans3 = Mod, p q] /. ans1;
        ans4 = Mod, p q] /. ans2;
        Print;
        cnt2++;
        If;];
        ];
       ];
      ];
     ];
   ];
  Print;
  ]

gaussian The Output for this procedure is:

{{Pythagorean Triple ,4,3,5},{Root Coefficients ,3,1},{mult,6,minus,8,square,4},{(b^2-4ac)^(1/2) ,2}}
following is x in 2*x-b==root
{{{x->4}},{{x->118289}}}
{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}
{{Pythagorean Triple ,6,8,10},{Root Coefficients ,4,2},{mult,8,minus,12,square,16},{(b^2-4ac)^(1/2) ,4}}
following is x in 2*x-b==root
{{{x->6}},{{x->42127}}}
{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}
{{Pythagorean Triple ,12,5,13},{Root Coefficients ,5,1},{mult,10,minus,24,square,4},{(b^2-4ac)^(1/2) ,2}}
following is x in 2*x-b==root
{{{x->6}},{{x->118291}}}
{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}
{{Pythagorean Triple ,8,15,17},{Root Coefficients ,5,3},{mult,10,minus,16,square,36},{(b^2-4ac)^(1/2) ,6}}
following is x in 2*x-b==root
{{{x->8}},{{x->160414}}}
{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}
{{Pythagorean Triple ,16,12,20},{Root Coefficients ,6,2},{mult,12,minus,32,square,16},{(b^2-4ac)^(1/2) ,4}}
following is x in 2*x-b==root
{{{x->8}},{{x->42129}}}
{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}
{{Pythagorean Triple ,24,7,25},{Root Coefficients ,7,1},{mult,14,minus,48,square,4},{(b^2-4ac)^(1/2) ,2}}
following is x in 2*x-b==root
{{{x->8}},{{x->118293}}}
{2 x-b=root,{1},2 x-b=root*(1)^(1/2),{118286}}
{success: ,6,attempts: ,12}

The answer to Gauss equation, the $(x-a_{1})/b_{1}\equiv 118286{\bmod {337*577}}\equiv {\sqrt {1}}$ is given by the root obtained by the Pythagorean Triples method multiplied by the ${\sqrt {1}}{\bmod {m}}$ .

Thus part of the root is obtained by this method, but not the whole root needed.

Two other anchors, besides ${\sqrt {1}}{\bmod {p*q}}$ , for the square and root equations are possible:

2*(a+b_{1}^{2}+b*{\sqrt {1}}){\bmod {p*q}}\equiv (a_{1}+b_{1}*{\sqrt {1}})^{2}

2*(a+b*{\sqrt {-1}}){\bmod {p*q}}\equiv (a_{1}+b_{1}*{\sqrt {-1}})^{2}

(2*a+(2*b+b_{1}^{2})*{\sqrt{-1}}){\bmod {p*q}}\equiv (a_{1}+b_{1}*{\sqrt{-1}})^{2}

Feeding in the following parameters will return natural squares for when the anchor is ${\sqrt {-1}}{\bmod {p*q}}$ . The actual square root of -1 will be found when the square is found. The equation that has to be solved in order to find the first natural square is:

2*(lp1^{2}+lp2^{2})+1{\bmod {p*q}}\equiv 2*(lp1+lp2)

There seems to be no easy way to solve this equation. The output for the procedure for the first 10 natural squares follows:

{{Pythagorean Triple ,57618,78800,97618},{Root Coefficients ,394,200},{mult,788,minus,787,square,617796},{(b^2-4ac)^(1/2) ,786},{297,97}}
following is x in 2*x-b==root
{{{x->787}},{{x->13481}}}
{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}
{{Pythagorean Triple ,58408,79200,98408},{Root Coefficients ,396,200},{mult,792,minus,2367,square,617796},{(b^2-4ac)^(1/2) ,786},{298,98}}
following is x in 2*x-b==root
{{{x->789}},{{x->13483}}}
{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}
{{Pythagorean Triple ,59202,79600,99202},{Root Coefficients ,398,200},{mult,796,minus,3955,square,617796},{(b^2-4ac)^(1/2) ,786},{299,99}}
following is x in 2*x-b==root
{{{x->791}},{{x->13485}}}
{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}
{{Pythagorean Triple ,60000,80000,100000},{Root Coefficients ,400,200},{mult,800,minus,5551,square,617796},{(b^2-4ac)^(1/2) ,786},{300,100}}
following is x in 2*x-b==root
{{{x->793}},{{x->13487}}}
{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}
{{Pythagorean Triple ,60802,80400,100802},{Root Coefficients ,402,200},{mult,804,minus,7155,square,617796},{(b^2-4ac)^(1/2) ,786},{301,101}}
following is x in 2*x-b==root
{{{x->795}},{{x->13489}}}
{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}
{{Pythagorean Triple ,61608,80800,101608},{Root Coefficients ,404,200},{mult,808,minus,8767,square,617796},{(b^2-4ac)^(1/2) ,786},{302,102}}
following is x in 2*x-b==root
{{{x->797}},{{x->13491}}}
{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}
{{Pythagorean Triple ,62418,81200,102418},{Root Coefficients ,406,200},{mult,812,minus,10387,square,617796},{(b^2-4ac)^(1/2) ,786},{303,103}}
following is x in 2*x-b==root
{{{x->799}},{{x->13493}}}
{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}
{{Pythagorean Triple ,43776,87232,97600},{Root Coefficients ,376,232},{mult,752,minus,751,square,562500},{(b^2-4ac)^(1/2) ,750},{304,72}}
following is x in 2*x-b==root
{{{x->751}},{{x->23254}}}
{2 x-b=root,{61186},2 x-b=root*(1)^(1/2),{55416}}
{{Pythagorean Triple ,63232,81600,103232},{Root Coefficients ,408,200},{mult,816,minus,12015,square,617796},{(b^2-4ac)^(1/2) ,786},{304,104}}
following is x in 2*x-b==root
{{{x->801}},{{x->13495}}}
{2 x-b=root,{139033},2 x-b=root*(1)^(1/2),{133263}}

In order to find the cube root of -1 mod p*q, the following call of the procedure will provide the first ten natural squares. In order to find the first natural square the following equation must be solved:

3*lp1^{2}+lp2^{2}-1{\bmod {p*q}}\equiv 3*lp1+lp2

There doesn't seem to be an easy way to solve this equation.

gaussian

{{Pythagorean Triple ,85376,19968,87680},{Root Coefficients ,416,48},{mult,880,minus,879,square,770884},{(b^2-4ac)^(1/2) ,878},{232,184}}
following is x in 2*x-b==root
{{{x->879}},{{x->10111}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,86210,20064,88514},{Root Coefficients ,418,48},{mult,884,minus,2643,square,770884},{(b^2-4ac)^(1/2) ,878},{233,185}}
following is x in 2*x-b==root
{{{x->881}},{{x->10113}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,87048,20160,89352},{Root Coefficients ,420,48},{mult,888,minus,4415,square,770884},{(b^2-4ac)^(1/2) ,878},{234,186}}
following is x in 2*x-b==root
{{{x->883}},{{x->10115}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,87890,20256,90194},{Root Coefficients ,422,48},{mult,892,minus,6195,square,770884},{(b^2-4ac)^(1/2) ,878},{235,187}}
following is x in 2*x-b==root
{{{x->885}},{{x->10117}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,88736,20352,91040},{Root Coefficients ,424,48},{mult,896,minus,7983,square,770884},{(b^2-4ac)^(1/2) ,878},{236,188}}
following is x in 2*x-b==root
{{{x->887}},{{x->10119}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,89586,20448,91890},{Root Coefficients ,426,48},{mult,900,minus,9779,square,770884},{(b^2-4ac)^(1/2) ,878},{237,189}}
following is x in 2*x-b==root
{{{x->889}},{{x->10121}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,90440,20544,92744},{Root Coefficients ,428,48},{mult,904,minus,11583,square,770884},{(b^2-4ac)^(1/2) ,878},{238,190}}
following is x in 2*x-b==root
{{{x->891}},{{x->10123}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,91298,20640,93602},{Root Coefficients ,430,48},{mult,908,minus,13395,square,770884},{(b^2-4ac)^(1/2) ,878},{239,191}}
following is x in 2*x-b==root
{{{x->893}},{{x->10125}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,92160,20736,94464},{Root Coefficients ,432,48},{mult,912,minus,15215,square,770884},{(b^2-4ac)^(1/2) ,878},{240,192}}
following is x in 2*x-b==root
{{{x->895}},{{x->10127}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,93026,20832,95330},{Root Coefficients ,434,48},{mult,916,minus,17043,square,770884},{(b^2-4ac)^(1/2) ,878},{241,193}}
following is x in 2*x-b==root
{{{x->897}},{{x->10129}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}
{{Pythagorean Triple ,93896,20928,96200},{Root Coefficients ,436,48},{mult,920,minus,18879,square,770884},{(b^2-4ac)^(1/2) ,878},{242,194}}
following is x in 2*x-b==root
{{{x->899}},{{x->10131}}}
{2 x-b=root,{68877},2 x-b=root*(1)^(1/2),{4253}}

A 500 bit root and square of a 1000 bit modulus

Going from the formula

square=2*a+(I+1)*b_{1}^{2}+2*b

and

root=a_{1}+b_{1}{\sqrt {I}}

where I and ${\sqrt {I}}$ are natural squares and roots (not the ${\sqrt {-1}}{\bmod {p*q}}$

then a low root and square combination can be made of RSA260(850bits) shown in the following mathematica

In:= RSA260
Out= 22112825529529666435281085255026230927612089502470015394413748\
3191288229414020019865127297265697465990859003300314000511707422045608\
5927635795375718595429883895870922923849100670303412462054578456641366\
4540684214361293017694020846391065875914794251435144458199
Get the root of the smallest square above RSA260
this is a 500 bit number of the 1000 bit modulus
In:= IIR = Mod + 1), RSA260]
Out= 47024276208709120795061378748873252735571493245640595713707096\
29848608672008763225036307999162383887826987432678940935201933498834
show the square
In:= II = Mod + 1)^2, RSA260]
Out= 5481945886733977199005335761622105011576817180922572940050371\
080118837515862925645017501652267319433494304753217083279905934901357
show the Pythagorean square root combination
In:= Mod == Mod
Out= True
show the square (500 bits of 1000 bit modulus)
In:= Mod
Out= 3369651161195944967604216301094605665291971312830693036827462\
8859210489547915504995235349647241622760456229349290728891117535894370
show the root
In:= Mod
Out= 4702427620870912079506137874887325273557149324564059571370709\
629848608672008763225036307999162383887826987432678940935201933498837

A Formula For The Square Root Of Negative Three

Considering that the above math has found another formula for the square root of -1 mod p*q. Normally, solving $x^{2}+y^{2}==p*q$ solves for ${\sqrt {-1}}{\bmod {p*q}}\equiv x*y^{-1}$ , whereas we have now decided that solving for $2(x^{2}+y^{2})+1{\bmod {p*q}}\equiv 2(x+y)$ , and since for the cube root of 1 we have the formula $3*x^{2}+y^{2}+1{\bmod {p*q}}\equiv 2*x+y$ , then the following formula should also hold, by symmetry:

3*x^{2}+y^{2}==p*q

It does as in:

Solve
Out= {{x -> -160, y -> -343}, {x -> -160, 
  y -> 343}, {x -> -24, y -> -439}, {x -> -24, y -> 439}, {x -> 24, 
  y -> -439}, {x -> 24, y -> 439}, {x -> 160, y -> -343}, {x -> 160, 
  y -> 343}}
Mod, 337 577]=8505  this is the square root of -3 mod 337*577

A Formula For The Square Root Of Negative Five

Leonard Eugene Dickson at p219 vol 1 of "History Of Numbers" shows that A. Cunningham anticipates some of the math below by showing that $a^{2}+b^{2}{\bmod {p*q}}\equiv 0$ then $a*b^{-1}{\bmod {p*q}}\equiv {\sqrt {-1}}$ . However you can generalise beyond the roots of -1 to other negative roots, via the math below. "Number Theory" by Shanks at p143 also shows this type of construction in that $N*SQUARE1+SQUARE2{\bmod {p}}\equiv 0$ then $N*{\sqrt {SQUARE1}}*{\sqrt{SQUARE2}}{\bmod {p}}\equiv {\sqrt {-N}}$

Australian Innovation Patents 2018100869 and 2018100919 show this generalisation more explicitly and for higher powers (which Cunningham suggested for the case of -1)

The quote from Dickson's "History Of Numbers" follows:

A. Cunningham indicated how his tables may be used to solve directly $x^{n}\equiv -1{\bmod {p}}$ for $n=2,3,4,6,12$ . From $p=a^{2}+b^{2}$ , we get the roots $x\equiv a/b$ of $x^{2}\equiv -1{\bmod {p}}$ . Also $p=a^{2}+b^{2}=c^{2}+2*d^{2}$ gives the roots $\pm d(a+b)/(c*e)$ and $\pm c(a\pm b)/(2de)$ of $x^{4}\equiv -1{\bmod {p}}$ , when e=a or b. Again, $p=A^{2}+3*B^{2}$ gives the roots $(A-B)/(2B)$ , $(B+A)/(B-A)$ , and their reciprocals of $x^{3}\equiv 1{\bmod {p}}$

The above math seems also to hold for the $p*q$ modulus as well.

Applying the same technique to the square root of -5:

Solve
Out= {{x -> -18, y -> -31}, {x -> -18, y -> 31}, {x -> -6,
   y -> -49}, {x -> -6, y -> 49}, {x -> 6, y -> -49}, {x -> 6, 
  y -> 49}, {x -> 18, y -> -31}, {x -> 18, y -> 31}}
Mod, 89 29]==1002
Mod== -5

A Formula For The Square Root Of Three

I am indebted to the Youtube Mathologer video for this equation.

Put forward as a proof that the square root of 3 is irrational, this equation can often be achieved in modular arithmetic:

3*x^{2}{\bmod {p*q}}\equiv y^{2}

the root for 3, as opposed to -3 is:

3*x*y^{-1}{\bmod {p*q}}\equiv {\sqrt {3}}

Example in mathematica follows:

establish the sum of three squares
Mod= 192
get the modular square root of the sum
PowerMod= 241
find the modular square root of 3 now
Mod, 61 73]= 1700
confirm the root has been found
Mod= 3

It follows then that the modular square root of one number can be found if the modular square root of another number can be found, in this case the square root of 3 can be found from the square root of 192 in the 61*73 modulus.

Modular Square Roots From x^2+y^2 mod p*q equiv z^2

Remembering the sum of three squares work equaling zero, that appears in other sections of this blog, then we can create $x^{2}+y^{2}{\bmod {p*q}}\equiv z^{2}$ and establish the square whose root is to be found as:

{\sqrt {x^{2}*y^{-2}+1}}{\bmod {p*q}}\equiv (x^{2}*y^{-2}+1)*y*z^{-1}{\bmod {p*q}}

A Mathematica example follows:

Use this function to get the x^2+y^2 mod p*q === z^2
getASquareRootN := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, 
  a2 = IntegerPart;
  For[a1 = 1, a1 <= 10000, a1++,
   a4 = a1 n + n1^2;
   If == 1 && PrimeQ, Break;];];
  a5 = PowersRepresentations;
  a6 = Mod]^2 PowerMod]^2, -1, n ] + 1, n];
  a7 = Mod] PowerMod, n];
  a8 = Mod;
  Return]
try some examples out
getASquareRootN={4, 1071, 2620, 2620}
and the root has been found after the square is established
Mod= 2620
getASquareRootN= {7, 295, 1852, 1852}
Mod= 1852

Taking another example that after creating: $3*8^{2}{\bmod {61*73}}\equiv 241^{2}$ and $3*8*241^{-1}{\bmod {61*73}}\equiv 1700$ and also that $241*8^{-1}{\bmod {61*73}}\equiv 1700$ . So our math still reveals the root of two squares, but, as I have said before, all roots mod p*q are the division of two squares.

Note that if we use this equation (which is entirely possible to do):

3*8*192{\bmod {61*73}}\equiv 1670

and this 1670 is:

1700*241^{-1}{\bmod {61*73}}\equiv {\sqrt {3}}*{\sqrt {192}}^{-1}

so we can find the division of two roots.

Modular Square Roots From The Closest Prime To P*Q

If we take $67*73-2=PRIME$ we can easily take ${\sqrt {-1}}{\bmod {67*73-2}}$ if there is a modular square root of this. We can take this modular square root of $67*73-2$ and create a modular square root of the modulus $67*73$ . If we take the quotient of this square root squared against the ${\bmod {67*73-2}}$ then we can find the modular square root of $-2*quotient-1{\bmod {67*73}}$

To generalize: ${\sqrt {-A*quotient-B}}{\bmod {p*q}}\equiv {\sqrt {-B}}{\bmod {p*q-A}}$ where $quotient=\lceil {({\sqrt {-B}}{\bmod {p*q-A}})^{2}/(p*q-A)}\rceil$

The mathematica follows:

PowerMod= 730
PrimeQ= True
so we can easily take square roots of this modulus
get the quotient
N= 109.
create the new square in the p*q modulus
Mod= 4672
confirm the root^2 = square
Mod= 4672

In this way we can sorta go between the modulus $67*73$ and $67*73-2$ .

One may note that the root is decided before the square is found, so this may not actually be a nouvelle way to find a root, however, it does go between modula. This technique also works for cubes. Example to be shown later.

Here's some Mathematica which shows that the way to create the square other than squaring the root holds:

try123 := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10},
  a1 = NextPrime;
  For[a2 = 1, a2 < 100, a2++,
   a3 = NextPrime;
   For[a4 = 1, a4 < 100, a4++,
    If;];
    If,
     a5 = a1 a3 - 2;
     If],
      a6 = PowerMod;
      a7 = Floor];
      If,
       Print[{{a1, a3}, a5, 
          a7, {a6}, {Mod, Mod}}];
       ];
      ];
     ];
    a3 = NextPrime;
    ];
   a1 = NextPrime;
   ];
  ]

try123
  P   Q   -2   Quot Root   Square
{{107,53},5669,192,{1046},{5284,5284}}
{{107,89},9521,480,{2140},{8560,8560}}
{{109,79},8609,388,{1830},{7832,7832}}
{{113,47},5309,612,{1804},{4084,4084}}
{{113,83},9377,864,{2848},{7648,7648}}
{{131,29},3797,144,{742},{3508,3508}}
{{131,89},11657,1992,{4820},{7672,7672}}
{{137,59},8081,1920,{3940},{4240,4240}}
{{137,83},11369,828,{3070},{9712,9712}}
{{137,107},14657,900,{3634},{12856,12856}}
{{139,109},15149,792,{3466},{13564,13564}}
{{149,47},7001,204,{1198},{6592,6592}}
{{151,61},9209,12,{346},{9184,9184}}
{{157,79},12401,2976,{6076},{6448,6448}}
{{157,127},19937,1824,{6032},{16288,16288}}
{{163,97},15809,2688,{6520},{10432,10432}}
{{167,53},8849,1012,{2994},{6824,6824}}
{{179,29},5189,1152,{2446},{2884,2884}}
{{181,163},29501,2376,{8374},{24748,24748}}
{{191,101},19289,108,{1450},{19072,19072}}
{{197,83},16349,964,{3972},{14420,14420}}
{{211,181},38189,184,{2658},{37820,37820}}
{{223,181},40361,444,{4238},{39472,39472}}
{{229,79},18089,408,{2720},{17272,17272}}
{{229,199},45569,292,{3654},{44984,44984}}
{{233,191},44501,3276,{12076},{37948,37948}}
{{239,101},24137,2104,{7128},{19928,19928}}
{{241,151},36389,4524,{12832},{27340,27340}}
{{241,211},50849,10564,{23178},{29720,29720}}
{{251,41},10289,2272,{4836},{5744,5744}}
{{251,233},58481,144,{2912},{58192,58192}}
{{257,59},15161,1324,{4482},{12512,12512}}
{{263,41},10781,520,{2370},{9740,9740}}
{{263,101},26561,996,{5146},{24568,24568}}
{{263,173},45497,4140,{13726},{37216,37216}}
{{263,257},67589,13212,{29884},{41164,41164}}
{{271,109},29537,1200,{5956},{27136,27136}}
{{271,229},62057,1692,{10250},{58672,58672}}
{{277,79},21881,264,{2408},{21352,21352}}
{{277,139},38501,1024,{6282},{36452,36452}}
{{281,131},36809,8988,{18190},{18832,18832}}
{{281,239},67157,60,{2024},{67036,67036}}
{{281,251},70529,2532,{13366},{65464,65464}}
{{283,97},27449,4812,{11494},{17824,17824}}
{{283,193},54617,1144,{7908},{52328,52328}}
{{293,83},24317,5064,{11098},{14188,14188}}
{{293,227},66509,7684,{22608},{51140,51140}}
{{307,73},22409,1564,{5922},{19280,19280}}
{{307,109},33461,5740,{13860},{21980,21980}}
{{311,293},91121,11764,{32742},{67592,67592}}
{{313,43},13457,0,{116},{13456,13456}}
{{313,103},32237,4120,{11526},{23996,23996}}
{{317,59},18701,276,{2276},{18148,18148}}
{{317,167},52937,1564,{9102},{49808,49808}}
{{331,229},75797,240,{4274},{75316,75316}}
{{337,43},14489,12,{434},{14464,14464}}
{{337,127},42797,4260,{13504},{34276,34276}}
{{337,223},75149,17172,{35924},{40804,40804}}
{{337,307},103457,8004,{28778},{87448,87448}}
{{347,29},10061,2104,{4602},{5852,5852}}
{{347,173},60029,14884,{29892},{30260,30260}}
{{347,233},80849,7024,{23832},{66800,66800}}
{{349,211},73637,3372,{15760},{66892,66892}}
{{353,191},67421,9924,{25868},{47572,47572}}
{{367,37},13577,444,{2458},{12688,12688}}
{{367,97},35597,6340,{15024},{22916,22916}}
{{373,67},24989,3972,{9964},{17044,17044}}
{{373,367},136889,12,{1334},{136864,136864}}
{{379,61},23117,2520,{7634},{18076,18076}}
{{379,181},68597,432,{5450},{67732,67732}}
{{383,257},98429,19668,{44000},{59092,59092}}
{{383,281},107621,15456,{40786},{76708,76708}}
{{383,353},135197,15732,{46120},{103732,103732}}
{{389,71},27617,3120,{9284},{21376,21376}}
{{389,131},50957,600,{5534},{49756,49756}}
{{389,227},88301,7716,{26104},{72868,72868}}
{{397,127},50417,2464,{11148},{45488,45488}}
{{397,163},64709,14172,{30284},{36364,36364}}
{{401,251},100649,21532,{46554},{57584,57584}}
{{409,79},32309,3312,{10346},{25684,25684}}
{{409,127},51941,60,{1780},{51820,51820}}
{{409,151},61757,10024,{24882},{41708,41708}}
{{409,211},86297,5160,{21104},{75976,75976}}
{{421,31},13049,72,{976},{12904,12904}}
{{421,199},83777,324,{5218},{83128,83128}}
{{431,173},74561,10704,{28252},{53152,53152}}
{{431,401},172829,3972,{26204},{164884,164884}}
{{433,223},96557,16500,{39916},{63556,63556}}
{{439,61},26777,12,{590},{26752,26752}}
{{439,409},179549,564,{10072},{178420,178420}}
{{443,101},44741,544,{4938},{43652,43652}}
{{443,233},103217,84,{2962},{103048,103048}}
{{449,59},26489,984,{5108},{24520,24520}}
{{449,179},80369,628,{7110},{79112,79112}}
{{449,347},155801,8076,{35474},{139648,139648}}
{{457,307},140297,21304,{54672},{97688,97688}}
{{461,59},27197,2532,{8300},{22132,22132}}
{{461,83},38261,976,{6114},{36308,36308}}
{{461,431},198689,25824,{71632},{147040,147040}}
{{463,73},33797,540,{4276},{32716,32716}}
{{463,97},44909,5988,{16400},{32932,32932}}
{{463,397},183809,18832,{58836},{146144,146144}}
{{467,137},63977,7912,{22500},{48152,48152}}
{{467,197},91997,324,{5468},{91348,91348}}
{{467,257},120017,23124,{52682},{73768,73768}}
{{479,281},134597,9804,{36328},{114988,114988}}
{{479,317},151841,1860,{16810},{148120,148120}}
{{487,229},111521,6564,{27058},{98392,98392}}
{{487,337},164117,29580,{69676},{104956,104956}}
{{487,409},199181,20856,{64454},{157468,157468}}
{{487,433},210869,492,{10196},{209884,209884}}
{{491,53},26021,256,{2586},{25508,25508}}
{{491,389},190997,29964,{75652},{131068,131068}}
{{499,37},18461,40,{870},{18380,18380}}
{{499,157},78341,15360,{34690},{47620,47620}}
{{499,229},114269,18228,{45640},{77812,77812}}
{{499,349},174149,672,{10826},{172804,172804}}
{{503,293},147377,4980,{27094},{137416,137416}}
{{509,59},30029,2712,{9026},{24604,24604}}
{{509,71},36137,220,{2826},{35696,35696}}
{{509,467},237701,796,{13764},{236108,236108}}
{{521,179},93257,444,{6442},{92368,92368}}
{{521,251},130769,1428,{13670},{127912,127912}}
{{523,73},38177,1312,{7080},{35552,35552}}
{{523,193},100937,2172,{14810},{96592,96592}}
{{523,313},163697,9460,{39354},{144776,144776}}
{{523,373},195077,34764,{82352},{125548,125548}}
{{523,397},207629,29592,{78386},{148444,148444}}
{{541,79},42737,1104,{6872},{40528,40528}}
{{541,151},81689,8632,{26556},{64424,64424}}
{{541,271},146609,9552,{37424},{127504,127504}}
{{547,73},39929,5464,{14772},{29000,29000}}
{{547,397},217157,0,{466},{217156,217156}}
{{557,47},26177,100,{1626},{25976,25976}}
{{557,479},266801,784,{14472},{265232,265232}}
{{563,41},23081,424,{3132},{22232,22232}}
{{563,53},29837,5784,{13138},{18268,18268}}
{{563,173},97397,144,{3758},{97108,97108}}
{{563,281},158201,844,{11562},{156512,156512}}
{{563,557},313589,2832,{29806},{307924,307924}}
{{569,59},33569,772,{5094},{32024,32024}}
{{569,479},272549,66048,{134170},{140452,140452}}
{{571,73},41681,1584,{8128},{38512,38512}}
{{571,373},212981,1116,{15424},{210748,210748}}
{{571,433},247241,7260,{42370},{232720,232720}}
{{577,43},24809,5352,{11524},{14104,14104}}
{{577,127},73277,11880,{29506},{49516,49516}}
{{577,223},128669,11112,{37814},{106444,106444}}
{{577,487},280997,19680,{74366},{241636,241636}}
{{577,547},315617,100,{5646},{315416,315416}}
{{587,197},115637,8272,{30930},{99092,99092}}
{{587,233},136769,15312,{45764},{106144,106144}}
{{587,269},157901,10500,{40720},{136900,136900}}
{{587,389},228341,19804,{67248},{188732,188732}}
{{587,449},263561,46044,{110162},{171472,171472}}
{{593,71},42101,16,{846},{42068,42068}}
{{593,227},134609,3888,{22880},{126832,126832}}
{{593,443},262697,24924,{80918},{212848,212848}}
{{593,467},276929,3652,{31806},{269624,269624}}
{{599,89},53309,744,{6302},{51820,51820}}
{{599,101},60497,4032,{15620},{52432,52432}}
{{599,257},153941,13116,{44936},{127708,127708}}
{{601,43},25841,2004,{7198},{21832,21832}}
{{601,139},83537,5184,{20812},{73168,73168}}
{{601,163},97961,18216,{42244},{61528,61528}}
{{601,283},170081,1636,{16686},{166808,166808}}
{{601,331},198929,48384,{98108},{102160,102160}}
{{607,109},66161,1696,{10596},{62768,62768}}
{{607,313},189989,684,{11408},{188620,188620}}
{{607,577},350237,31144,{104442},{287948,287948}}
{{613,31},19001,4504,{9252},{9992,9992}}
{{613,43},26357,1692,{6680},{22972,22972}}
{{613,127},77849,12,{1006},{77824,77824}}
{{613,463},283817,36760,{102144},{210296,210296}}
{{617,467},288137,1372,{19890},{285392,285392}}
{{617,479},295541,50460,{122120},{194620,194620}}
{{617,587},362177,9060,{57286},{344056,344056}}
{{619,541},334877,27624,{96182},{279628,279628}}
{{631,349},220217,7752,{41320},{204712,204712}}
{{641,83},53201,3444,{13538},{46312,46312}}
{{641,131},83969,15172,{35694},{53624,53624}}
{{641,383},245501,36900,{95180},{171700,171700}}
{{641,443},283961,39240,{105560},{205480,205480}}
{{643,37},23789,3108,{8600},{17572,17572}}
{{643,181},116381,1156,{11604},{114068,114068}}
{{643,193},124097,1360,{12996},{121376,121376}}
{{643,421},270701,30900,{91460},{208900,208900}}
{{647,149},96401,1200,{10760},{94000,94000}}
{{647,509},329321,72216,{154216},{184888,184888}}
{{653,47},30689,484,{3858},{29720,29720}}
{{653,167},109049,12012,{36194},{85024,85024}}
{{653,227},148229,36864,{73922},{74500,74500}}
{{653,251},163901,14436,{48644},{135028,135028}}
{{653,563},367637,76924,{168168},{213788,213788}}
{{659,257},169361,35476,{77514},{98408,98408}}
{{659,269},177269,36828,{80800},{103612,103612}}
{{659,281},185177,6700,{35226},{171776,171776}}
{{659,509},335429,22668,{87200},{290092,290092}}
{{661,163},107741,11460,{35140},{84820,84820}}
{{661,223},147401,696,{10136},{146008,146008}}
{{673,127},85469,2244,{13852},{80980,80980}}
{{673,547},368129,52132,{138534},{263864,263864}}

Remember that there are only 2 sums of two squares, but many sums of three squares!

My independent investigations into 1 mod 4 semiprimes show that while it is well known that there are only two sums of two squares per the p*q, there are actually many many more sums of three squares that equal p*q. Legendre's three-square theorem proves that there is a sum of three squares to describe most numbers, but it doesn't hint at how many three squares equal to 1 mod 4 semiprimes.

Showing the sums of three squares for the modulus 89*29 we find:

{{0, 9, 50}, 
 {0, 30, 41}, 
 {6, 12, 49}, 
 {6, 32, 39}, 
 {9, 14, 48}, 
 {9, 30, 40}, 
 {14, 33, 36}, 
 {18, 24, 41}, 
 {18, 31, 36}, 
 {22, 24, 39}}

You'll notice that there are two sums of 2 squares in:

{0, 9, 50}, 
{0, 30, 41},

With these two sums of two squares you can factor 89*29 via the famous Euler's factorization method.

Looking at the list above you notice there are 8 sums of three squares, for larger numbers there are many more. In fact there seem to be as many sums of three squares as roughly $(p+q)/10$ .

Dickson's "History of the Theory of Numbers" vol 2 chapter 7 is entitled "Sums Of Three Squares" p259-274. On page 268 Dickson summarises the work of Eugène Charles Catalan who has a series of formulas that convert the roots of three squares into the roots of two squares:

E. Catalan states that all solutions of $x^{2}+y^{2}=u^{2}+v^{2}+w^{2}$ are given without repetition by:

$u=x+\alpha$

$v=y-\beta$

$x=s*p+\beta *\theta$

$y=s*q+\alpha *\theta$

where $2*s=\alpha ^{2}+\beta ^{2}+w^{2}$

and $\alpha$ and $\beta$ are relatively prime

while $\beta *q-\alpha *p=1$

Taking the sums of three squares for $89*29=6^{2}+49^{2}+12^{2}$ , we can draw up the relevant Mathematica equation and see that these equations do get the two sums of squares from one set of three squares, and so then Euler's factorisation method can be employed to factor p*q:

In:= Solve[ 6 == x + alpha && 49 == y - beta && 
  x == s p + beta theta && y == s q + alpha theta && 
  2 s == alpha^2 + beta^2 + 12^2 && beta q - alpha p == 1, {x, 
  y}, Integers]
{{x -> ConditionalExpression[-41, 
    alpha == 47 && beta == -79 && C \ Integers && 
     p == 42 + 79 C && q == -25 - 47 C && s == 4297 && 
     theta == 2285 + 4297 C], 
  y -> ConditionalExpression[-30, 
    alpha == 47 && beta == -79 && C \ Integers && 
     p == 42 + 79 C && q == -25 - 47 C && s == 4297 && 
     theta == 2285 + 4297 C]}, {x -> 
   ConditionalExpression[-41, 
    alpha == 47 && beta == -19 && C \ Integers && 
     p == 2 + 19 C && q == -5 - 47 C && s == 1357 && 
     theta == 145 + 1357 C], 
  y -> ConditionalExpression[30, 
    alpha == 47 && beta == -19 && C \ Integers && 
     p == 2 + 19 C && q == -5 - 47 C && s == 1357 && 
     theta == 145 + 1357 C]}, {x -> 
   ConditionalExpression[-9, 
    alpha == 15 && beta == 1 && C \ Integers && 
     p == C && q == 1 + 15 C && s == 185 && 
     theta == -9 - 185 C], 
  y -> ConditionalExpression[50, 
    alpha == 15 && beta == 1 && C \ Integers && 
     p == C && q == 1 + 15 C && s == 185 && 
     theta == -9 - 185 C]}, {x -> 
   ConditionalExpression[9, 
    alpha == -3 && beta == 1 && C \ Integers && 
     p == C && q == 1 - 3 C && s == 77 && theta == 9 - 77 C],
   y -> ConditionalExpression[50, 
    alpha == -3 && beta == 1 && C \ Integers && 
     p == C && q == 1 - 3 C && s == 77 && 
     theta == 9 - 77 C]}, {x -> 
   ConditionalExpression[41, 
    alpha == -35 && beta == -79 && C \ Integers && 
     p == 70 + 79 C && q == 31 + 35 C && s == 3805 && 
     theta == 3371 + 3805 C], 
  y -> ConditionalExpression[-30, 
    alpha == -35 && beta == -79 && C \ Integers && 
     p == 70 + 79 C && q == 31 + 35 C && s == 3805 && 
     theta == 3371 + 3805 C]}, {x -> 
   ConditionalExpression[41, 
    alpha == -35 && beta == -19 && C \ Integers && 
     p == 6 + 19 C && q == 11 + 35 C && s == 865 && 
     theta == 271 + 865 C], 
  y -> ConditionalExpression[30, 
    alpha == -35 && beta == -19 && C \ Integers && 
     p == 6 + 19 C && q == 11 + 35 C && s == 865 && 
     theta == 271 + 865 C]}}

I found a very quick way to find a sum of three squares for a large number, specificaly RSA230. See the next section! For instance for the modulus, $337*577$ there are at least 92 sums of three squares applicable, which is close to $(337+577)/10$ .

On page 274 of Dickson's History of Numbers vol2 there are two further references to mathematicians who gave formulas for converting

x^{2}+y^{2}=u^{2}+v^{2}+w^{2}

A. Gerardin and E Miot gave many identities $x^{2}+y^{2}=u^{2}+v^{2}+w^{2}$

He gave long formulas said to solve $x^{2}+y^{2}=u^{2}+v^{2}+w^{2}$ completely.

Neither A. Gerardin, E Miot, or A.S. Werebrusow (Веребрюсов А) seem to have wiki biops in any wiki. E. Catalan does.

A.S. Werebrusow's father seems to have a ruwiki article as an archeologist and there is another Werebrusow featured, a polar air pilot, perhaps A.S.'s son.

First Thoughts on Catalan's Equations Shown Above

Please note that if you know $\alpha ^{2}+\beta ^{2}$ and this sum is a 1 mod 4 prime number, then discovery of $\alpha$ and $\beta$ can be known in log(n) time, basically instantly. This solves for the two squares that sum to p*q.

It is possible to obtain

\alpha ^{2}+\beta ^{2}{\bmod {GCD}}\equiv p*q-SQ1^{2}-SQ2^{2}

It is easily possible to create large numbers of three squares that equal p*q. So some of them will have sums that are $GCD$ .

I have not been able to take this attack further, except to note that $SQ3^{2}=\alpha ^{2}+\beta ^{2}+2*\alpha *SQ1+2*\beta *SQ2$ and that $s=\alpha ^{2}+\beta ^{2}+\alpha *SQ1+\beta *SQ2$ and that $\alpha *SQ1+\beta *SQ2{\bmod {GCD}}\equiv 0$ .

It is also possible to come up with the following equivalence:

SQ3^{2}=\alpha ^{2}+\beta ^{2}+2*\alpha *SQ1+2*\beta *SQ2{\bmod {SQ1+SQ2}}\equiv \alpha ^{2}+\beta ^{2}+2*(\alpha -\beta )*SQ1

Second Thoughts on Catalan's Equations Shown Above

After a second thought it does seem that three squares are not needed for Catalan's equations. You can substract 2*SQUARE1, as in:

89*29-2*25^{2}=1331

where

\alpha =5

and

\beta =16

As such:

1331{\bmod {25}}\equiv 6\equiv 5*5+16*16

So $\alpha ^{2}+\beta ^{2}$ can be found for the mod that is a square root of this amount, rather larger than the figure I had in my post just above.

And Catalan's equations seem to work, at least for my example, as in:

(Debug) In:= PowersRepresentations
(Debug) Out= {{9, 50}, {30, 41}}
(Debug) In:= Solve[
 25 == x + alpha && 25 == y - beta && x == s p + beta theta && 
  y == s q + alpha theta && 2 s == alpha^2 + beta^2 + 1331 && 
  beta q - alpha p == 1, {x, y}, Integers]
(Debug) Out= {{x -> 
   ConditionalExpression[-50, 
    alpha == 75 && beta == -34 && C \ Integers && 
     p == 29 + 34 C && q == -64 - 75 C && s == 4056 && 
     theta == 3461 + 4056 C], 
  y -> ConditionalExpression[-9, 
    alpha == 75 && beta == -34 && C \ Integers && 
     p == 29 + 34 C && q == -64 - 75 C && s == 4056 && 
     theta == 3461 + 4056 C]}, {x -> 
   ConditionalExpression[-41, 
    alpha == 66 && beta == 5 && C \ Integers && 
     p == 4 + 5 C && q == 53 + 66 C && s == 2856 && 
     theta == -2293 - 2856 C], 
  y -> ConditionalExpression[30, 
    alpha == 66 && beta == 5 && C \ Integers && 
     p == 4 + 5 C && q == 53 + 66 C && s == 2856 && 
     theta == -2293 - 2856 C]}, {x ->

Now, $5^{2}+16^{2}{\bmod {25}}\equiv 6$ will yield possible answers that will be fully qualified, that is, the $\alpha$ and the $\beta$ derived from the sum will not be residues but full answers. Therefore, $(5-1)^{2}+(16-1)^{2}{\bmod {26}}$ will be fully qualified (not residues) as $\alpha -1$ and $\beta -1$ , which can be manipulated to see if they equal a sum in the 25 modulus field. Therefore, some quick way to intersect the $\alpha$ and $\beta$ between the $25$ and $26$ fields must be found if the problem is to be solved in the manner I have described above.

Adding a 1 Mod 4 Prime Modulus To Catalan's Equations

With $\alpha ^{2}+\beta ^{2}{\bmod {X}}$ known now (see above section), we can add a 1 mod 4 prime modulus to Catalan's Equations.

To get an answer almost instantly that is $x^{2}+y^{2}{\bmod {p}}\equiv P*Q$ , you need to:

set

theta=1

set a value for

\alpha +\beta

. Around half will give you an answer.

Solve[0 == x + alpha && 0 == y - beta && x == s p + beta theta && 
  y == s q + alpha theta && 
  2 s == alpha^2 + beta^2 + (2000029 3000017 - 2 800029^2) && 
  beta q - alpha p == 1 && 
  alpha^2 + beta^2 == Mod && 
  alpha + beta == 3 && theta == 1 && beta alpha == ba, {x, y}, 
 Modulus -> 800029]
{{x -> ConditionalExpression[353438, 
    alpha == 446591 && ba == 248018 && beta == 353441 && p == 539266 &&
      q == 402359 && s == 304002 && theta == 1], 
  y -> ConditionalExpression[353441, 
    alpha == 446591 && ba == 248018 && beta == 353441 && p == 539266 &&
      q == 402359 && s == 304002 && theta == 1]}, {x -> 
   ConditionalExpression[446588, 
    alpha == 353441 && ba == 248018 && beta == 446591 && p == 539266 &&
      q == 397670 && s == 304002 && theta == 1], 
  y -> ConditionalExpression[446591, 
    alpha == 353441 && ba == 248018 && beta == 446591 && p == 539266 &&
      q == 397670 && s == 304002 && theta == 1]}}

If you set $\alpha +\beta$ correctly, then you get the correct answer.

PowersRepresentations
{{133708, 3461553}, {1975847, 2845392}}
(Debug) In:= Solve[
 0 == x + alpha && 0 == y - beta && x == s p + beta theta && 
  y == s q + alpha theta && 
  2 s == alpha^2 + beta^2 + (2000029 3000017 - 2 800029^2) && 
  beta q - alpha p == 1 && 
  alpha^2 + beta^2 == Mod && 
  alpha + beta == 1593911 && theta == 1 && beta alpha == ba, {x, y}, 
 Modulus -> 800029]
(Debug) Out= {{x -> 
   ConditionalExpression[132505, 
    alpha == 667524 && ba == 740151 && beta == 126358 && p == 684044 &&
      q == 615227 && s == 304002 && theta == 1], 
  y -> ConditionalExpression[126358, 
    alpha == 667524 && ba == 740151 && beta == 126358 && p == 684044 &&
      q == 615227 && s == 304002 && theta == 1]}, {x -> 
   ConditionalExpression[673671, 
    alpha == 126358 && ba == 740151 && beta == 667524 && p == 684044 &&
      q == 184802 && s == 304002 && theta == 1], 
  y -> ConditionalExpression[667524, 
    alpha == 126358 && ba == 740151 && beta == 667524 && p == 684044 &&
      q == 184802 && s == 304002 && theta == 1]}}

Figuring out what $\alpha *\beta$ is will also solve the equation. There does seem to be a relationship between what you set $\alpha +\beta$ to and $\alpha *\beta$ but I haven't figured it out yet.

To conclude, if there was a way to figure out $\alpha +\beta {\bmod {P}}$ then you could use Catalan's equations to solve for 1 mod 4 semiprimes quite quickly.

All Sums Of Two Squares Are Modular Pythagorean Triples

We can take the square root of $\alpha ^{2}+\beta ^{2}{\bmod {P}}$ and establish a modular square root.

Then we can use Dickson's method of Pythagorean Triples described here. Therefore we can solve for the $r$ , $s$ and $t$ of such triples as in:

Find an equivalent $\alpha$ and $\beta$ pair (ie., $\alpha =446691$ , $\beta =353441$ ):

Solve[0 == x + alpha && 0 == y - beta && x == s p + beta theta && 
  y == s q + alpha theta && 
  2 s == alpha^2 + beta^2 + (2000029 3000017 - 2 800029^2) && 
  beta q - alpha p == 1 && 
  alpha^2 + beta^2 == Mod && 
  alpha + beta == 3 && theta == 1 && beta alpha == ba, {x, y}, 
 Modulus -> 800029]
{{x -> ConditionalExpression[353438, 
    alpha == 446591 && ba == 248018 && beta == 353441 && p == 539266 &&
      q == 402359 && s == 304002 && theta == 1], 
  y -> ConditionalExpression[353441, 
    alpha == 446591 && ba == 248018 && beta == 353441 && p == 539266 &&
      q == 402359 && s == 304002 && theta == 1]}, {x -> 
   ConditionalExpression[446588, 
    alpha == 353441 && ba == 248018 && beta == 446591 && p == 539266 &&
      q == 397670 && s == 304002 && theta == 1], 
  y -> ConditionalExpression[446591, 
    alpha == 353441 && ba == 248018 && beta == 446591 && p == 539266 &&
      q == 397670 && s == 304002 && theta == 1]}}

Then apply the following mathematica equation(noting that ${\sqrt {304002}}{\bmod {800029}}\equiv 379045$ :

Solve[2 s t == r^2 && 446591 == (r + s) && 353441 == (r + t) && 
  379045 == (r + s + t), {r, s, t}, Modulus -> 800029]
{{r -> 420987, s -> 25604, t -> 732483}}

$r$ climbs by the amount that $\alpha +\beta$ is increased in Catalan's equations.

The correct answer happens when you set the $r$ correctly.

Solve[2 s t == r^2 && 667524 == (r + s) && 126358 == (r + t) && 
  379045 == (r + s + t), {r, s, t}, Modulus -> 800029]
{{r -> 414837, s -> 252687, t -> 511550}}

We haven't progressed to the answer here, but we have showed that the intermediate values of Dickson's method can be ascertained, with help from Catalan's equations, and we have shown that $r_{0}$ when $\alpha +\beta =0$ progresses to $r_{\alpha +\beta }=r_{0}+\alpha +\beta$ for the correct answer.

Miot Gives Formulas that instantly give 2 squares from 3, but only for some 3 squares

Miot's work gives formulas that instantly create 2 squares from 3 squares, but only for certain 3 squares. I tried this out on RSA230 but several thousand 3 square sums did not get anywhere with Miot's formulas:

Miot gives 12 formulas that derive 2 squares from 3. They are given in the following mathematica function. These formulas will instantly find 2 squares if the main conditions hit.

miot := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, 
   a15},
  a1 = Solve[
    sq1 == (p - m) && sq2 == (q - n) && sq3 == (2 m - 2 n) && 
     x == (m + p - 2 n) && y == (m + q - 2 n) && m + n == p + q, {x, 
     y}, Integers];
  a2 = Solve[
    sq1 == (n - m) && sq2 == (q - m + n - p) && sq3 == ( m - p) && 
     x == (2 n - m - p) && y == (q - p) && m + n == p + q, {x, y}, 
    Integers];
  a3 = Solve[
    sq1 == (p - m - q + n) && sq2 == (n - m) && sq3 == (m - q) && 
     x == (2 n - m - q) && y == (p - q) && m + n == p + q, {x, y}, 
    Integers];
  a4 = Solve[
    sq1 == (n - p) && sq2 == (n - m) && sq3 == ( m + q - p - n) && 
     x == (q - p) && y == (2 m - n - p) && m + n == p + q, {x, y}, 
    Integers];
  If[a1 != {},
   Print;];
  If[a2 != {},
   Print;];
  If[a3 != {},
   Print;];
  If[a4 != {},
   Print;];
  a5 = Solve[
    sq1 == (n - q) && sq2 == (m + p - n - q) && sq3 == (m - n) && 
     x == (p - q) && y == (2 m - n - q) && m + n == p + q, {x, y}, 
    Integers];
  a6 = Solve[
    sq1 == (2 n - 2 m) && sq2 == (p - m) && sq3 == ( q - m) && 
     x == (p - 2 m + n) && y == (q - 2 m + n) && m + n == p + q, {x, 
     y}, Integers];
  a7 = Solve[
    sq1 == (q - m) && sq2 == (p - q) && sq3 == (n + p - q - m) && 
     x == (q - m) && y == (2 p - q - m) && m + n == p + q, {x, y}, 
    Integers];
  a8 = Solve[
    sq1 == (q - n) && sq2 == (m + p - q - n) && sq3 == ( p - q) && 
     x == (m - n) && y == (2 p + q - n) && m + n == p + q, {x, y}, 
    Integers];
  If[a5 != {},
   Print;];
  If[a6 != {},
   Print;];
  If[a7 != {},
   Print;];
  If[a8 != {},
   Print;];
  a9 = Solve[
    sq1 == (2 q - q p) && sq2 == (m - p) && sq3 == (n - p) && 
     x == (m + q - 2 p) && y == (n + q - 2 p) && m + n == p + q, {x, 
     y}, Integers];
  a10 = Solve[
    sq1 == (m - q) && sq2 == (n - q) && sq3 == ( 2 p - 2 q) && 
     x == (m + p - 2 q) && y == (n + p - 2 q) && m + n == p + q, {x, 
     y}, Integers];
  a11 = Solve[
    sq1 == (q - p) && sq2 == (n + q - m - p) && sq3 == (p - m) && 
     x == (2 q - m - p) && y == (n - m) && m + n == p + q, {x, y}, 
    Integers];
  a12 = Solve[
    sq1 == (m + q - n - p) && sq2 == (q - p) && sq3 == ( p - n) && 
     x == (2 q - n - p) && y == (m - n) && m + n == p + q, {x, y}, 
    Integers];
  If[a9 != {},
   Print;];
  If[a10 != {},
   Print;];
  If[a11 != {},
   Print;];
  If[a12 != {},
   Print;];
  Return;
  ]

Try these for tests(these are examples from Miots work:

miot
miot
miot
miot
miot
miot
miot
miot
miot
miot
miot

Werebrusow gives a general formula to derive 2 squares from 3 but it is very very slow

Werebruscow gives a general formula to derive 2 squares from 3 but it only worked on his example. For almost any other 3 square combination it was too slow to use. The mathematica formula for his work is given below:

erebrussov := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, 
   a15},
  a1 = Solve[
    sq1 == (a^2 - c^2) m - (b^2 - d^2) n + (a b + c d) t && 
     sq2 == -(a d - b c) (m - n) + (a c - b d) t &&
     sq3 == 2 (a c m - b d n)
     && x == (a^2 + c^2) m - (b^2 + d^2) n + (a b - c d) t && 
     y == (a d - b c) (m + n) + (a c + b d) t &&
     c*(x + sq1) == b (y + sq2) && m (y + sq2) == n (x - sq2), {x, y},
     Modulus -> sq3];
  Print;
  ]

WereBruscow's tests were:

a=3;b=c=2;d=1;m=2;n=1
werebrussov
werebrussov
werebrussov
werebrussov

It's Easy To Get The Sums Of Three Squares For RSA Numbers

With some Internet research I was able to get the sums of three squares that equal RSA230, which still hasn't been factored yet. The sums, which were computed with both Mathematica and the Python2 interpreter on the Raspberry PI are as follows:

In:= RSA230
Out= 1796949159794106673291612844957324615636756180801260007088891\
8835531726460341490933493372247868650755230855864199929221814436684722\
8740520652579374956943483892631711525225256544109808191706117425097024\
40718010364831638288518852689
In:= cc1
Out= 1059443675295336206903990032177460807418972848557933447798562\
577562645416414595037181025050793827302992107472819164
In:= cc2
Out= 3776571573920219939515093763531383887422242718192208743361060\
316544426926673520279457864260379607843037554625909088
In:= cc3
Out= 1607662229411243491074817949573445948811265336194645770178567\
6314739439621472137233436060406493556443939160932757439
In:= cc1^2 + cc2^2 + cc3^2 == RSA230
Out= True

Using Rabin and Shallit's 1986 paper "Randomized Algorithms in Number Theory" as a starting point I was able to scout some Python code on the web that efficiently find two squares to equal a prime. This code was attributed to the work of Moron, but looks to me as if it follows the algorithm specified by Rabin and Shallit.

Rabin and Shallit claim that most large numbers are the combination of a square and a prime. Therefore I was able to find the square and prime combination for RSA230 with the following Mathematica function:

gettriplesum := Module[{a1, a2, a3, a4, a5, a6a7, a8, a9, a10},
  a2 = IntegerPart;
  For[a1 = 1, a1 <= 10000, a1++,
   a3 = RandomInteger;
   a4 = n - a3^2;
   If == 1 && PrimeQ,
    Print;
    Break;
    ];
   ]
  ]
 gettriplesum
{
1059443675295336206903990032177460807418972848557933447798562577562645416414595037181025050793827302992107472819164,
16847070696817776955023057830757895086859297723779890333200095426684361615676774916907649128657920475263571237974721202924734845958611847111565024073198103645771175940386211354906765850662429243724892455890188710147403230673193793}
// the first number is the square and the second number is the prime n-x^2

For a 1 mod 4 prime number, the mathematica function, PowersRepresentations will also find the two squares that the prime number equates to very quickly.

I then used the following Python code, on the Raspberry PI Python2 Interpreter to split the prime number found by mathematica routine above into the sum of two squares::

# code taken from web: Python code for sum of 2 squares for a prime number, author=Robin Chapman, url = 
# "https://math.stackexchange.com/questions/5877/efficiently-finding-two-squares-which-sum-to-a-prime", access-date=19/10/2017
def mods(a, n):
    if n <= 0:
        return "negative modulus"
    a = a % n
    if (2 * a > n):
        a -= n
    return a
def powmods(a, r, n):
    out = 1
    while r > 0:
        if (r % 2) == 1:
            r -= 1
            out = mods(out * a, n)
        r /= 2
        a = mods(a * a, n)
    return out
def quos(a, n):
    if n <= 0:
        return "negative modulus"
    return (a - mods(a, n))/n
def grem(w, z):
    # remainder in Gaussian integers when dividing w by z
    (w0, w1) = w
    (z0, z1) = z
    n = z0 * z0 + z1 * z1
    if n == 0:
        return "division by zero"
    u0 = quos(w0 * z0 + w1 * z1, n)
    u1 = quos(w1 * z0 - w0 * z1, n)
    return(w0 - z0 * u0 + z1 * u1,
           w1 - z0 * u1 - z1 * u0)
def ggcd(w, z):
    while z != (0,0):
        w, z = z, grem(w, z)
    return w
def root4(p):
    # 4th root of 1 modulo p
    if p <= 1:
        return "too small"
    if (p % 4) != 1:
        return "not congruent to 1"
    k = p/4
    j = 2
    while True:
        a = powmods(j, k, p)
        b = mods(a * a, p)
        if b == -1:
            return a
        if b != 1:
            return "not prime"
        j += 1
def sq2(p):
    a = root4(p)
    return ggcd((p,0),(a,1))

It turns out to be quite easy to find sums of three squares for RSA numbers, even RSA numbers that have not been factored yet.

This above Python code, by the way, essentially does a complex Euclidean GCD function on $GCD$ . It also works for p*q modulus as in the following run of the GGCD(...) function

ggcd((2581,0),(945,1))
(-30, -41)
30*30+41*41
2581
ggcd((2581,0),(568,1))
(50, -9)
50*50+9*9
2581

where $945\equiv {\sqrt {-1}}{\bmod {89*29}}$ and $568\equiv {\sqrt {-1}}{\bmod {89*29}}$ . Since this function runs in log(n) time it is super quick to find the sums of squares of any size p*q when you know the corresponding ${\sqrt {-1}}_{i}{\bmod {p*q}}$ .

It remains to be seen whether the Catalan set of linear equations, shown above this section, can efficiently reduce the three squares to two squares. (This assumes that RSA230 is a 1 mod 4 semiprime).

Because Of Dickson, There Are Modular Pythagorean Triples

If you look at Dickson's method of generating Pythagorean Triples, (see Formulas_for_generating_Pythagorean_triples#Dickson's_method), you will see that modular pythagorean triples can easily be generated. Since:

r^{2}=2*s*t

x=r+s

y=r+t

z=r+s+t

Take for instance,

6^{2}=36

(36/2)*5^{-1}{\bmod {89*29}}\equiv 1036

or in other words:

2*5*1036{\bmod {89*29}}\equiv 36

so the

r^{2}=2*s*t

is defined where

r=6

s=5

t=1036

Note this doesn't work in continuous arithmetic but does work in modular arithmetic. Thus:

x=6+5=11

y=6+1036=1042

and

z=6+5+1036=1047

And this works since:

11^{2}+1042^{2}{\bmod {89*29}}\equiv 1047^{2}\equiv 1865

whereas:

11^{2}+1042^{2}=1085885

and

1047^{2}=1096209

Dickson treats Pythagorean Triples as the equation $x^{2}+y^{2}=z^{2}$ and treats the equation here

Bottari's Extension of Dickson's Method of Establishing Pythagorean Triples

Bottari, reported by Dickson on "History Of Numbers", vol 2, p169, extends Dicksons definitions of the intermediate terms: $r$ , $s$ , and $t$ :

A. Bottari proved that all integral solutions of $x^{2}+y^{2}=z^{2}$ are given by $x=u+w$ , $y=v+w$ , $z=u+v+w$ where $u=p^{2}*k$ , $v=2^{2s-1}*q^{2}*k$ , $w=2^{s}*p*q*k$ , $p$ and $q$ being relatively prime odd integers. Thus $x*y$ is not a square.

These equations above can be seen to jive with my own observation that a Pythagorean Triple can be described as:

(2*x*y+2*y^{2})^{2}+(x^{2}+2*x*y)^{2}==(x^{2}+2*x*y+2*y^{2})^{2}

If you set Bottari's $k=1$ and $s=1$ then the following equation can be seen:

p^{2}+2*p*q+2*q^{2}=z

This equals: $(p+q)^{2}+q^{2}$ , so any successful use of these equations will reveal one of the two sums of squares for p*q.

So it seems that Bottari's equations anticipate my own observation on how a Pythagorean Triple can be built, but the way I derive the equations (by use of the squareless number mod p*q) is probably unique, and thus a new proof on this matter.

Volpicelli, reported by Dickson, is relevant to the Two Squares of 1 mod 4 semiprimes

Dickson reports Volpicelli's work on vol 2 p168 as:

P Volpicelli noted that $z=\alpha ^{2}+\beta ^{2}=a^{2}+b^{2}$ imply that

$x=\pm (a*\alpha \pm b*\beta )$ and $y=\pm (a*\beta \pm b*\alpha )$

are solutions of $x^{2}+y^{2}=z^{2}$

A quick look with Mathematica shows this to be true:

 In:= PowersRepresentations
 Out= {{9, 50}, {30, 41}}
 In:= PowersRepresentations
 Out= {{0, 2581}, {781, 2460}, {900, 2419}, {1131, 
  2320}, {1780, 1869}}
 In:= 9 30 + 50 41
 Out= 2320
 In:= 9 41 - 50 30
 Out= -1131

So it looks that if you can find the sum of two squares of $(p*q)^{2}$ you are on the way to finding out the sums of squares of $p*q$ . Thus if you can find the Pythagorean Triple that includes $(p*q)^{2}$ you should be in good shape.

Euler Can Factor From Two Equations Of a^2+D*y^2, not just from x^2+y^2

In Euler's factorization method, the following quote occurs:

Euler's factorization method is a technique for factoring a number by writing it as a sum of two squares in two different ways. For example the number $1000009$ can be written as $1000^{2}+3^{2}$ or as $972^{2}+235^{2}$ and Euler's method gives the factorization $1000009=293\cdot 3413$ .

In addition to this is Euler's other factoring method, mentioned in p362 of vol 1 of Dickson's "History of Numbers":

Euler noted that $N=a^{2}+\lambda *b^{2}=x^{2}+\lambda *y^{2}$ imply

$N=(1/4)*(\lambda *m^{2}+n^{2})*(\lambda *p^{2}+q^{2})$ , $a\pm x=\lambda *m*p,n*q$ , $y\pm b=m*q,n*p$

so that $\lambda *p^{2}+q^{2}$ , or its half or quarter, is a factor of N.

It seems that finding two sets of $a^{2}+\lambda *b^{2}=P*Q$ is easier than finding two sets of $x^{2}+y^{2}=P*Q$ .

The following equation shows this to work:

Solve[
 a^2 + 5 b^2 == 8467 39343 && a > 0 && b > 0, {a, b}, Integers]
{{a -> 16541, b -> 3450}, {a -> 17776, b -> 1851}}
aa = 
 Solve[16541 - 17776 == 5 m p && 3450 + 1851 == m q && 
   3450 - 1851 == n p, {m, n, p, q}, Integers]
 {{m -> -19, n -> 123, p -> 13, q -> -279}, {m -> 19, 
  n -> -123, p -> -13, q -> 279}}
now one of the factors is seen, 39343
(1/2) (5 p^2 + q^2) /. aa
{39343, 39343}

This example shows the factoring algorithm works on 3 mod 4 semiprimes, and is thus more general than the more well known Euler factoring algorithm.

Knowing ${{a->16541,b->3450},{a->17776,b->1851}}$ it is possible to find the two square roots of -5 and thus solve for the square root of 1. With the square root of 1 p*q can be factored.

5*3450*16541^{-1}{\bmod {39343*8467}}\equiv 189345732

where

189345732^{2}{\bmod {39343*8467}}\equiv -5

5*1851*17776^{-1}{\bmod {39343*8467}}\equiv 10438022

where

10438022^{2}{\bmod {39343*8467}}\equiv -5

189345732*10438022^{-1}{\bmod {39343*8467}}\equiv 128927010\equiv {\sqrt {1}}

and

GCD==PorQ

After some research I can point to a 1996 paper on Euler Factorization by James McKee. In this paper he shows how to instantly solve $a^{2}+D*b^{2}==p*q$ when $D>{\sqrt {p*q}}$ . In this case $p*q{\bmod {D}}\equiv a^{2}$ and, if D is a prime number, then you can take the modular square root easily giving $a$ . If $D>{\sqrt {p*q}}$ then $a$ is not a residue but the actual square root. Therefore $(p*q-a^{2})/D==b^{2}$ and so b is easy to find. However, for most large values of D there is no solution and certainly not two solutions. However, if there are two solutions, then the differing square roots of $a^{2}{\bmod {D}}$ will provide the two answers necessary for Euler's algorithm to work. D usually needs to be a composite number before there are two solutions.

McKee provides an algorithm that determines $a*p*q==x^{2}+D*y^{2}$ in $\Omega ({\sqrt{N}})$ operations.

P. Tchebychef, which is referenced on p 363 vol 1 of Dickson's History Of Numbers, provides a workable method to create quickly $x_{i}^{2}+D_{i}*y_{i}^{2}==a_{i}*N$ . In this algorithm he uses mathematical sequences that are alike to his famous T and U sequences. Since the D's are different in these sequences they can't be used with Euler factorization, but Tchebychef does have math that limits the number of possible factors, but I haven't translated the German for this yet, so I can't report more on it.

Another source that extends Euler's $x^{2}+D*y^{2}==p*q$ work to $F*x^{2}+D*y^{2}==p*q$ is at url .

For the more general equation, $F*x^{2}+D*y^{2}{\bmod {p*q}}\equiv 0$ it is easily possible to get a second equation with the same coefficients but different squares. However, this second equation does not help solve the modular square root problem of $F^{1/2}*D^{-1/2}$ better than the first such equation.

The work for this second general equation is in Mathematica below:

create a first equation
Solve
{{y -> 43210}}
Use Mathematica to get our answer for the set of squares, assuming that (x+z)^2 and (y+z)^2 holds
Solve[2  (2 2 x) + 43210 (2 3  x ) + (2 + 43210) (x^2) == 0, {x}, 
 Modulus -> 337 577]
{{x -> 0}, {x -> 116667}, {x -> 141942}, {x -> 169174}}
convert the equation to the equation below (where x is the same increase in square for both earlier squares
Solve[2  (2 2 ) + 43210 (2 3   ) + (2 + 43210) (x) == 0, {x}, 
 Modulus -> 337 577]
{{x -> 116667}}
confirm second equation has been found
Mod
0

a^2+b^2+c^2 equiv 0 Can Easily Be Turned Into a^2+D*e^2 equiv 0

If you have the sum of three squares that equal p*q as in:

a^{2}+b^{2}+c^{2}{\bmod {p*q}}\equiv 0

(This equation is rather easy to come by). You can easily turn the above equation into

a^{2}+D*e^{2}{\bmod {p*q}}\equiv 0

See the following Mathematica for how:

try555 := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, d1, d2},
  make the first coefficient for the third square
  d1 = Mod)^2 + 1, p q];
  make the second coefficient for the second square
  d2  = Mod)^2 + 1, p q];
  create the two a^2+D*b^2===0 equations (a1 and a2 should be 0)
  a1 = Mod;
  a2 = Mod;
  now make the square root of -d1
  a3 = Mod, p q];
  now make the square root of -d2
  a4 = Mod, p q];
  Print;
  ]

A Second Lambda Equation With The Same Lambda Is Possible

I was able to get a second equation:

a^{2}+D*b^{2}{\bmod {p*q}}\equiv 0

a^{2}+D1*d^{2}{\bmod {p*q}}\equiv 0

and

c^{2}+D*d^{2}{\bmod {p*q}}\equiv 0

where $c{\bmod {p*q}}\equiv a*{\sqrt {-D1}}*{\sqrt {-D}}$

via the following Mathematica procedure

try555a := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, d1, d2, aa, 
   aa1},(* make the first coefficient for the third square *)
  d1 = Mod)^2 + 1, pq];
  (* make the second coefficient for the second square d2= *)
  d2 = Mod)^2 + 1, pq];
  (* create the two a^2+D*b^2===0 equations (a1 and a2 should be 0) *) 
  a1 = Mod;
  a2 = Mod;
  a3 = Mod, pq];
  (* now make the square root of-d2*) 
  a4 = Mod, pq];
  (* create new sq1 value for new equation with d1 as coefficient *)
  a10 = Mod a3, pq];
  (* create second lambda equation with d1 as coefficient *) 
  a9 = Mod;
  (*now make the square root of-d1 *) 
  a8 = Mod, pq];
  (* show all equations === 0 *)
  Print;
  (* show square roots for each, will be the same number *)
  Print;
  ]
xx = gettriplesum
Out= \
{165860061048452763122039049657801862112488124844426769348338381761838\
14044125663241348400613753473490541580331600292633724766, \
{{25944870035655880693470184661269460904056949255968992822389092893715\
074425420651767658631053048013008721569909941245307881395, 
   3452669649074040512807064992216570444848151505579000402143700132129\
6114351445158713082710689537165522558482742515055457347034}}}
try555a], xx], xx]]
{0,0,0}
{1314918825722326266553810724613655705450573430361780650965255219994346873009830842936478043044889827565960168693343635958715548336143856317630304562317098246478476883836301907222798067314919038129210689957690416029268511846909871046833022463555902835,
1314918825722326266553810724613655705450573430361780650965255219994346873009830842936478043044889827565960168693343635958715548336143856317630304562317098246478476883836301907222798067314919038129210689957690416029268511846909871046833022463555902835}

I was successful in getting the second lambda equation with the same D set, but these are equivalences and I could not apply Euler's equations. And the calculation of ${\sqrt {-D}}{\bmod {p*q}}$ was always the same.

x^2+y^2 mod RSA250 equiv -1 Given

As it works out, from reading the last section, the square root of (-d1)^2 + sq1^2 mod p*q==-1!

So the difficult sum of two squares (for big modula) can be solved quite quickly and easily.

First, get a sum of three squares for RSA250.

Here is RSA250
RSA250 = 2140324650240744961264423072839333563008614715144755017797754\
9208814180234471401366433455190958046796109928518724709145876873962619\
2155736304745477052080511905649310668769159001975940569345745223058932\
5976697471681738069364894699871578494975937497937
Here is the Mathematica function to quickly get a sum of three squares
gettriplesum := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, 
  a2 = IntegerPart;
  For;
   a4 = n - a3^2;
   If == 1 && PrimeQ,(*Print[{a3,PowersRepresentations[
    a4,2,2]}];*)
    Break;];];
  Return}]]
Call these Mathematica function with RSA250 as a parameter
In:= xx = gettriplesum
Get the three squares as in {sq1 {{sq2, sq3}}}
Out= \
{243380194038096721134728635329583049374302758780918783047778468000204\
08951489652005729084735517130026118580586677733557228650, \
{{15571417391916781570313932870412914878875779562929051747073116333550\
958978301349252861839216717338401458664855976888733005331, 
   3613193078354989362361048454753033207443616957247130450038451637022\
7361689326905007008354298940632858505779761105701152682626}}}
Verify that a sum of three squares has been found.
Mod[
 xx]^2 + xx]^2 + xx]^2, RSA250]= 0

Now use the following Mathematica function to find two equations that match

a^{2}+b^{2}{\bmod {p*q}}\equiv -1

Use this function to find the sum of two squares equivalent to -1 
(there will be two of the many possible equations)
try333 := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10},
  a1 = Mod, pq];
  a2 = Mod, pq];
  a3 = Mod, pq];
  a4 = Mod, pq];
  Print;
  Print == pq - 1];
  Print;
  Print == pq - 1];
  ]
Call the function with the result of the sum of three squares
try333], xx], xx]]
{20531750694324444278194615633359107622786730656405815811283334282496438825649004986807633314
192758485080501459280012835625675591324044290554905379578360681668877793625098111587991587524
3402636647648989593183240107441157037970834906371969195115706045,
137234074163171487327487258017935715874463146065821660277962023202104067985790892654907939069
435476500304347602923900594193201340378557021828650433051727667994046506106923369059570452647
8985786660883769985144804512456179268024201827582795664492962038,
the square of these equiv to -1 mod RSA250}
True
{2058939105332570506966632459210337476578836982622628151064611190716985403292889078279085904619
26232867822101211765799749379103106513053574742158632737358346149165543679778796790432858491397
9880613119683180870284399038454516995333555882941337370020246,
125861236994699879978009154578085
19341562919317725704551392290765423337011029727993120835287383385603162629789031453667054584801
26589343477937166793364831484318881166117013009465590110340260791300136907101768344999800459542
228308110158167680555421897,
the square of these equiv to -1 mod RSA250}
True

Please remember that if you run this equation through Mathematica with $x^{2}=lowsquare$ that ${\sqrt {-1-lowsquare}}{\bmod {bigsemiprime}}$ needs be taken, and this is beyond all computers to do. So this procedure, outlined above, does successfully solve, for two instances, the sum of two squares equaling -1.

It follows that $z^{2}*(x^{2}+y^{2}){\bmod {p*q}}\equiv -z^{2}$ is easy to derive, so the sum of two squares for any negative square can be established.

Also, Catalan

has an equation that can be used to derive

x^{2}+y^{2}{\bmod {p*q}}\equiv -1-z^{2}

Specifically, the identity

(ad)^{2}+(bd)^{2}+w^{2}=(a+bd)^{2}+(ad-b)^{2}

a^{2}+b^{2}=w^{2}

can be used with $w^{2}{\bmod {p*q}}\equiv -1$ . So a $d$ can be applied to the powers in the left of the equation, and a $-d^{2}$ can be added to the right of the equation.

x^2+y^2 mod p*q equiv -n Given

Working with the above Mathematica functions, it can be seen that they can be extended to do the equation:

x^{2}+y^{2}{\bmod {p*q}}\equiv -n

By subtracting $p*q-n*sq1^{2}==1mod4prime$ we can find the equation above. See the Mathematica functions below, and how they are called:

try333N := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10},
  a1 = Mod, pq];
  a3 = Mod, pq];
  Print;
  Print == pq - n1];
  ]
gettriplesumN := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, 
  a2 = IntegerPart;
  For;
   a4 = n - n1 a3^2;
   If == 1 && PrimeQ,(*Print[{a3,PowersRepresentations[
    a4,2,2]}];*)
    Break;];];
  Return}]]
sumsnsquares := Module[{a1, a2, a3, a4},
  a1 = gettriplesumN;
  a2 = try333N], a1], a1], a1]]
  ]
sumsnsquares
{12939728750111234257608962548126805776280714145554311976952887652105665290942880515065286493785
653843091970592009510256347174358060619053312425943588008089095230469479676915168784093627987660
27342046542651976916986106637392512950954851030663913587187,
351447907186317343211642979258329126954320918895828050722989458375280300598192867940472019229055
623179931493542366555481983148460724299015966829980417810494952735245566934627686727636686064413
750607290779073735925537404456002481645847848869157806977,
the square of these equiv to,-5, mod RSA250}
True
sumsnsquares
{149221662643548489728763750083153100747820875206356872791620279621720311536699163799339067932479
5326563195006058544921285012535390688241249394387155902358869565967616289835595632867566977496990
474814940243132116887666175813509631645946313567741074806,
751908899528113220927249272500819163126
2333367079610125023903372548930596605058754106617309459820814518188930241795525440170088468397198
6425264697557251207834869894201082148795543387681679243685978474259170298361096443566595348441341
1344994168981130,
the square of these equiv to,-2, mod RSA250}
True

How To Get x(x-1)+y(y-1) mod p*q equiv 0

If we manipulate the gettriplesumN mathematica routine shown just above, and change the sign within it, we can create:

x^{2}+y^{2}-n*z^{2}{\bmod {p*q}}\equiv 0

and from there we can get

(x^{2}/z^{2})+((y^{2}/z^{2})-n)*z^{2}{\bmod {p*q}}\equiv 0

At this point, just like the math shown above, we can take the modular square root and come up with

a^{2}+b^{2}{\bmod {p*q}}\equiv n

Now if we set $n=2^{-1}{\bmod {p*q}}$ and increase our roots by $n$ each, then we can come up with

c^{2}+d^{2}{\bmod {p*q}}\equiv c+d

and this is equivalent to:

c(c-1)+d(d-1){\bmod {p*q}}\equiv 0

So while obtaining $c^{2}+d^{2}{\bmod {p*q}}\equiv 0$ is really hard the similar but slightly different equation above only takes a few seconds, no matter how big the number is:

Here is the mathematica to obtain $c^{2}+d^{2}{\bmod {p*q}}\equiv c+d$

try333N1 := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, 
  a1 = Mod, pq];
  a3 = Mod, pq];
  Print;
  Print == n1];
  a8 = Mod, pq];
  a9 = Mod, pq];
   Print == Mod}];]
gettriplesumN1 := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, 
  a2 = IntegerPart;
  For;
   a4 = n + n1 a3^2;
   If == 1 && PrimeQ,(*Print[{a3,PowersRepresentations[
    a4,2,2]}];*)Break;];];
  Return}]]
sumsnsquares := 
 Module;
  a2 = try333N1], a1], a1], a1]]]
sumsnsquares
{110610,75342,the square of these equiv to,97225, mod RSA250}
True
{{13386,172567},True}
Mod = 0
Here is the RSA250 equation for x^2+y^2 mod p*q===x+y
sumsnsquares]
{2094270975834518249162826924456669790774040145778878109638331489597260246292415443852225987841131
00517929898398881631794003738057259169123297843871838208407375537019410168737914825570285839917952
705150903661104412013108290750556186049399607111225965,
70653300607618580031176408112794637852756330094007676495780155382933744894865974883920761996452593
05470074951769838581635593362421356811137522604332832547596149502075690596674222812195287293573416
70997725563516418218455582760034662497839268347466776,the square of these equiv to,
10701623251203724806322115364196667815043073575723775088988774604407090117235700683216727595479023
39805496425936235457293843698130960778681523727385260402559528246553343845795009879702846728726115
294662988348735840869034682447349935789247487968748969, mod RSA250}
True
Here is x and y for  x^2+y^2 mod RSA250 === x+y
{{1279589422703824305548494228865333760581711372150265319862710609400435036352811612706895358332015
440323426324335117089087847436188219947804821571257098610966903783572754014532924705273132568644067
999813892009840252882142973197906121838647095079974934,
177669533119655828094397561754761316003187065851245427385667901427004646067222981716088037951242827
035250392111321931545740303437309645979527598781854365731914319676091290546243216092237545808345696
5660713912252259087490265207384598287086756316215745},True}

Square Roots From x(x-1)+y(y-1) mod p*q equiv 0

With two items equalling 0, it is possible to divide elements of each against the other, and often the square root of one can be obtained. With $x(x-1)+y(y-1){\bmod {p*q}}\equiv 0$ I show an example and then show the three square roots that can be obtained from the example:

sumsnsquares
{142305,118403,the square of these equiv to,97225, mod 337*577}
True
45081(45080)+21179(21178) mod 337*577 equiv 0
{{45081,21179},True}
Mod, 337 577]=7756
PowerMod), 1/2, 
 337 577]=7756
Mod, 337 577]=52774
PowerMod), 1/2, 
 337 577]=52774
Mod, 337 577]=32522
PowerMod), 1/2, 
 337 577]=32522

Square Roots From x(u)+y(z) mod p*q equiv 0

Extrapolating from the section just above, we now show that square roots can be taken from any equation

x*u+y*z{\bmod {p*q}}\equiv 0

More specifically, the modular square root of:

-x*z^{-1}{\bmod {p*q}}\equiv {\sqrt {-x*y*(u*z)^{-1}}}{\bmod {p*q}}

can be taken.

Examples follow:

set the equation = to 0
Mod= 0
divide two of the components
Mod, 89 29]= 1085
Use Mathematica to get the modular square of the following components of the zero equation
PowerMod, 
 1/2, 89 29]= 17
Now multiply 17 by the square root of 1 mod 89 29 to get the other square root.
Mod=1085

Combining this new definition of a square root with work previously done at User:Endo999#A_Close_Call_ON_RSA, which shows that given:

x*y^{e}+z*u^{e}{\bmod {p*q}}\equiv 0

that

x^{1/e}*z^{-1/e}{\bmod {p*q}}\equiv x*y^{e-1}*(z*u^{e-1})^{-1}

we can use the two equations on the same numbers to get

{\sqrt{-x*y^{-1}*(u*z)^{-1}}}{\bmod {p*q}}

The mathematica follows:

1034, 5^23, y, and 11^23 must have modular square roots
y1 = 
 Solve
{{y -> 37670000}}
Now use the first equation (from this section) to get a type of square root
Mod, 8501 9001]=7288984
Mathematica shows this square root is correctly taken
PowerMod, 1/2, 
 8501 9001]=7288984
Now set up the second equation (from the A Close Call On RSA section)
Mod, 8501 9001]=15303498
Mathematica confirms this equation is correct.
Mod PowerMod[37670000, -1/23, 
   8501 9001], 8501 9001]=15303498
Another definition of the first equation(306035 is the square root of 1 mod 8501*9001)
AA=Mod PowerMod[37670000, 23/46,
    8501 9001] PowerMod[
   PowerMod PowerMod, -1,
    8501 9001]
 , 8501 9001]=7288984
get rid of some of the powers
Mod=51923275
we now have 
Mod PowerMod[37670000, 23/46, 
   8501 9001] PowerMod[
   PowerMod PowerMod, -1, 
   8501 9001]
 , 8501 9001]=51923275
now reduce some more powers
Mod, 8501 9001]=68983501
Mathmatica confirms again what we have created
BB=Mod PowerMod[37670000, 45/46, 
   8501 9001] PowerMod[
   PowerMod PowerMod, -1, 
   8501 9001]
 , 8501 9001]=68983501
BB is, for the most part, the 23rd root of AA(see previous equation)(I leave it to the reader to 
divide BB by 37670000 so that PowerMod becomes
PowerMod)

So, by algebraic manipulation we have managed to take the 23rd root of the first equation, which only had square roots within it.

There is a possibility that this last equation is a combination of the roots of 11 and 5 but I have not been able to ascertain what that equation might be at the present moment.

x(x-3)+y(y-3) mod p*q equiv 0

If we call our Mathematica routine smsnsquares with the sum 4+1/2 and we add one to the x and y returned, we then have

x^{2}+y^{2}{\bmod {p*q}}\equiv 3(x+y)

x(x-3)+y(y-3){\bmod {p*q}}\equiv 0

sumsnsquares]
{41259,97442,the square of these equiv to,97229, mod RSA250}
Add one to the numbers below to get x^2+y^2 mod 337*577 equiv 3(x+y)
{{138484,218},False}
Mod= 27214
Mod= 27214
Mod= 0

x^2+(x+1)^2+y^2+(y+1)^2 mod p*q equiv 0

We can easily create the sum of four squares equivalent to 0 for any size p*q modulus via the following math(Please see Mathematica routines in sections above):

sumsnsquares]
{124557,79914,the square of these equiv to,97224, mod 337*577}
True
{{27333,177139},False}
Mod= 0

Since the $-177139{\bmod {337*577}}\equiv {\sqrt {-(27332^{2}+27333^{2}+177138^{2})}}$

then we are close to having a way to create modular Pythagorean Quadruples, however, we have to deal with sign issues.

It is unusual to have the sum of two adjacent squares equivalent to 0 mod p*q. I am unaware if this is new math.

x^2+y^2 mod pq equiv n can yield the modular square root of (x^(-2))n-1

$x^{2}+y^{2}{\bmod {p*q}}\equiv n$ can yield the modular square root of $(x^{-2})*n-1$ . This is done by creating the sum $-x^{-2}*n$ and then adding this to the $x^{2}+y^{2}{\bmod {p*q}}\equiv n$ to create $(-x^{-2}*n+1)*x^{2}+y^{2}{\bmod {p*q}}\equiv 0$ From there a modular square root can easily be taken.

The mathematica with an example of this follows:

sumsnsquares
{73974,127344,the square of these equiv to,1, mod RSA250}
True
Thus 73974^2+127344^2 mod 337*577 equiv 1
Mod= 1
Now make the D term in D*x^2+y^2==0
Mod (-1) + 1, 337 577]= 193668
Prove the 0 equation holds
Mod= 0
Now get the modular square root of the -D term
Mod, 
 337 577]= 122213
see that the square root mod 337*577 of -193668 has been found
Mod= 193668
The same procedure can be done for the 127344^2 as well.

This works for any size modulus in very quick time. Thus lots of modular square roots can be found, from the square to the root, but we still cannot determine the square to have its root taken.

X^3+y^3 mod p*q equiv n can derive the Cube Root Of (x^(-3)(-n)+1)

Taking the idea of converting $x^{m}+y^{m}{\bmod {p*q}}\equiv n$ to $\lambda *x^{m}+y^{m}{\bmod {p*q}}\equiv 0$ as in the previous section, we can therefore take, given the following equation:

x^{3}+y^{3}{\bmod {p*q}}\equiv n

we can derive the following cube root

x^{-3}(-n)+1

via

(x^{-3}(-n)+1)*x^{2}*y^{-2}{\bmod {p*q}}\equiv {\sqrt{(x^{-3}(-n)+1)}}

The following Mathematica example shows this to be true:

make the sum of cubes equation, any n will do
Mod= 229
create the D in D*x^2+y^2 mod p*q===0
Mod (-229)+1, 89 29]= 702
confirm the equation is set
Mod= 0
derive the cube root of 702
Mod, 89 29]= 1889
ensure that 1889^3 is 702, as it is
Mod= 702

This method could happen for high powers, even powers used as the public keys of RSA.

This cubing works with large numbers

Using RSA260 as the modulus I will obtain the cube root of $((-9)/8)+1{\bmod {RSA260}}$

RSA260 = 2211282552952966643528108525502623092761208950247001539441374\
8319128822941402001986512729726569746599085900330031400051170742204560\
8592763579537571859542988389587092292384910067030341246205457845664136\
64540684214361293017694020846391065875914794251435144458199
In:= Mod (-9) + 1) 2^3 + 1, RSA260]
Out= 0
In:= root = (PowerMod (-9) + 1)
Out= -2487692872072087473969122091190450979356360069027876731871546\
6859019925809077252234826820942390964923971637871285325057567084980130\
9666859026979768341985861938285478828933023825409133901981140076372153\
72608269741156454644905773452189949110404143532864537515474
In:= Mod
Out= 19348722338338458130870949598147952061660578314661263470112029\
7792377200737267517381986385107485282742001627887774750447743994289907\
5186681320953753771001148408887057558367963086515485904297756149561195\
6473098687566131390482268240592182641425444970005751400924
In:= f1 = Mod
Out= 11056412764764833217640542627513115463806044751235007697206874\
1595644114707010009932563648632848732995429501650157000255853711022804\
2963817897687859297714941947935461461924550335151706231027289228320683\
2270342107180646508847010423195532937957397125717572229099
In:= Mod == Mod
Out= True

This Rooting also works with the RSA root of 23

Repeating the same equation as just above, this time with the RSA power of 23:

In:= n = Mod
Out= 8388609
In:= Mod (-n) + 1) 2^23 + 1, RSA260]
Out= 0
In:= rsa = (PowerMod (-n) + 1)
Out= -\
1823036614912868011712788026285598289907112664939832406605855746395330\
5566418939802808400542422831632117602012801069837273093805236506512125\
1801795511752469924336751658952653852057231684651411662361016592378816\
749576517216160535917358794858457784435830494823917971195
In:= Mod
Out= 3805381513377872844851901753342547023867551837548099699404447\
4287046405684922356662404431707833791366785067149913345336758579896786\
2258467168551258278748586904196775629954257397251522922050639261510719\
084671572744963395445500749989052758071563694875589134555
In:= f1 = Mod
Out= 1105641276476483321764054262751311546380604475123500769720687\
4159564411470701000993256364863284873299542950165015700025585371102280\
4296381789768785929771494194793546146192455033515170623102728922832068\
32270342107180646508847010423195532937957397125717572229099
In:= Mod == Mod
Out= True
Thus the 23rd root of ((1/(2^23)(-8388609))+1 is found mod a large number.

Square Roots Of Adjacent Squares Shown

Using Pythagorean Triples as the two squares such as:

x^{2}+y^{2}{\bmod {p*q}}\equiv z^{2}

we can find the square roots of adjacent squares:

{\sqrt {x^{-2}*(z^{2})-1}}

{\sqrt {x^{-2}*(z^{2})}}\equiv x^{-1}*z

The mathematica showing an example of this follows:

set up the Pythagorean Triple
Mod=25
Determine the root to be found
Mod (-25) + 1, 89 29]=285
Ensure the sums of squares equaling zero is met
Mod=0
Ensure the sums of squares equaling zero is met for the 
number previous. (use the third square of the Pythorgorean 
Triple for this)
Mod=0
Find the root of -285
Mod, 89 29]=859
Ensure the root is correct
Mod=285
Find the root of the square previous to this (-284)
Mod, 89 29]=1719
ensure the root is correct
Mod=284
Show this root is result of two squares
Mod (-5), 89 29]=1719

Ways To Make A Second x^2+h*y^2 equals n

Dickson says at Vol II p 420:

Matsunago, in the first half of the eighteenth century, noted that $r*x^{2}+y^{2}=z^{2}$ has the solution $x=2*m*n$ , $y=r*m^{2}-n^{2}$ , $z=r*m^{2}+n^{2}$ . If $k-l=t^{2}$ , $k*x^{2}-l*y^{2}=z^{2}$ has the solution $y=\alpha +t*\beta$ , $z=l*\beta -\alpha *t$ , provided $x^{2}=\alpha ^{2}+l*\beta ^{2}$ , which is of the preceding type.

I have verified through Mathematica that given given one $x^{2}+h*y^{2}=n$ that $x_{1}^{2}+h*y_{1}^{2}=n^{2}$ is easily made.

Dickson says at Vol II p 433:

A. Gerardin stated that $x^{2}+h*y^{2}=z^{2}+h*t^{2}$ has the solutions (Realis ) $x=m^{2}+n^{2}+hp^{2}-2m(n+hp),z=m^{2}+n^{2}-hp^{2}+2n(hp-m),x=n^{2}+hp^{2}-hm^{2},$ $z=n^{2}-hp^{2}+hm^{2}+2hn(p-m)$ $y=n^{2}+hp^{2}-m^{2},t=m^{2}+hp^{2}-n^{2}+2p(n-m),y=n^{2}+hp^{2}+hm^{2}-2m(n+hp),$ $t=hp^{2}+hm^{2}-n^{2}+2p(n-hm)$

This math looks too difficult to set for p*q, but by setting $m,n,h,p,n$ it should be possible to establish a N and factor this with the Euler factorisation algorithm shown above that works with $N=x^{2}+h*y^{2}=z^{2}+h*t^{2}$ .

Theoretically, any large but random number could be factored this way, but I tried Gerardin's equations in Mathematica and there was no solution:

Solve[
 x == m^2 + n^2 + h p^2 - 2 m (n + h p) && 
      z == m^2 + n^2 - h p^2 + 2 n (h p - m) && 
      x == n^2 + h p^2 - h m^2 && 
      z == n^2 - h p^2 + h m^2 + 2 h n (p - m) & y == 
   n^2 + h p^2 - m^2 && t == m^2 + h p^2 - n^2 + 2 p (n - m) && 
  y == n^2 + h p^2 + h m^2 - 2 m (n + h p) && 
  t == h p^2 + h m^2 - n^2 + 2 p (n - h m) && nn == x^2 + h y^2 && 
  nn == z^2 + h t^2
  && m == 100 && n == 201 && p == 307 && h == 7 ,
 {nn, x, y, h, z, t}, Integers]
 {}

This often happens with Girardin's work. He offers exciting solutions but they don't actually work for any but very small numbers.

According To Barbette P or Q can't be y*x-1 mod x where y is small

Again, in Dickson's "History Of The Theory Of Numbers" vol 1 p 367, Dickson writes:

E. Barbette noted that $10*d+u$ has a divisor $10*m-1$ if and only if $d+m*u$ has that divisor. Set $d+m*u=n(10*m-1)$ , $d=10*d_{1}+u_{1}$ . Then

$m*n=d_{1}+x$ , $10*x=m*u+n+u_{1}$

Eliminating $n$ , we get a quadratic for $m$ . Its discriminant is a quadratic function of $x$ which is to be made a square. Similarly for $10*m+1$ , $10*m\pm 3$ .
A. Gerardin developed Barbette's method

Let's get examples for this and see that method works not just for $p{\bmod {10}}\equiv 9$ but for $p{\bmod {10^{n}}}\equiv -1$

p*q=89*29

and

p*q=89*29=2581=258*10+1

and

89=9*10-1

and that therefore

y*89=258+1*9

and that

GCD=89

Now, by symmetry, lets try for a $p{\bmod {1000}}\equiv -1$

p*q=20113*49999=1005629887

and see that

GCD=49999

So when $p{\bmod {2^{n}}}\equiv -1$ and $p=b*2^{n}-1$ , when $b$ is low, then p*q is vulnerable!

Let's try out a modulus that is not $2^{n}$ , $83$ for instance.

Mod= 82
20113 11287= 227015431
Mod= 56
(227015431 - 56)/83= 2735125
(11287 + 1)/83= 136
GCD= 11287

So Barbette's method can be used for any modulus where $p{\bmod {x}}\equiv -1$

Barbette's Method for p mod x = 1

Taking $p{\bmod {x}}\equiv 1$ we can see that a change in sign from + to - effects the change.

12119 mod 83 === 1
12118/83= 146
12119 20113= 243749447
Mod= 27
(243749447 - 27)/83= 2936740
note the change in sign from + to -
GCD= 12119

Since any factor of x=(p-1) will ensure that $p{\bmod {x}}\equiv 1$ and common factors of p-1 and q-1 are always in the factorisation of $p*q-1$ then candidates for $x$ are available this way, although b still needs to be small as in ( $p=b*x+1$ )

Jacobi Can Solve x^2+27 y^2 equals large 4(1 mod 12 prime)

In Dickson states:

C. G. J. Jacobi, as an application of cyclotomy, found that if $p=3*n+1$ is a prime, we have $4*p=a^{2}+27*b^{2}$ , where a is the absolutely least residue (between $-(1/2)*p$ and $+(1/2)*p$ modulo p of $-(n+1)(n+2)...(2n)/n!$ , and that this residue is $1{\bmod {3}}$ . If $p=7*n+1$ is a prime, then $p=L^{2}+7*M^{2}$ , where L is the absolutely least residue modulo p of $(1/2)*(2n+1)*(2n+2)...(3n)/n!$ and this residue is $1{\bmod {7}}$ .

This hints that $4*p=a^{2}+27*b^{2}$ is solvable for four times large 1 mod 12 primes. Accordingly I show the Mathematica routine below that successfully derives this equation for 1000 bit 1 mod 12 primes. It takes a few seconds to do.

try11 := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10},
  For[a1 = 2^1000 + 1, a1 < 2^1000 + 1000, a1++,
    a2 = a1 12 + 1;
    If, Continue;];
    a3 = PowersRepresentations;
    a4 = Solve[x^2 + 27 y^2 == 4 a2 && x > 0 && y > 0, {x, y}, 
      Integers];
    Print;
    Print;
    Print;
    ];
  ]
{Prime,128581032862352078513811005887200217267368577404664032893250046604442126134992334699183805457883502975311360750106
3776190224574342830776852318149308963828976472148132978907718250528952607484537025354501858365576998029832952087852107099
86527352924754974854357732238506011925157979831492642046468016843589}
{Sum Of Squares,{{626176556066997691854450532831018756333590716455819271880741717469457186893346652690094266532709590547645302626723583717
2409867108904549850010086427758,9453640829096453890954090946807600146759773306685861265129667222548049489226855908180620573389745817858848
929834172863446342124609028102267697002796545}}}
{X^2+27 y^2,{{x->125780689710630818693710076905385131316601197830306628212917333498816475920212405629607290620564189949504158377333248044938167781187041823
28458326488897,y->363173416595569966074036281225052388948457559288277127129856887502803553005372934246598348106154270506157103803816458892861203322612907285
8313084955731}}}

The above routine will work with the square of the 4*prime as well, in other words a2*a2*16 instead of a2*4.

Showing that Mathematica can also do the equation $p=L^{2}+7*M^{2}$ quickly when $p=7*n+1$ note the following Mathematica procedure and its invocation.

try112 := Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10},
  For[a1 = 2^1000 + 1, a1 < 2^1000 + 1000, a1++,
    a2 = a1 28 + 1;
    If, Continue;];
    a3 = PowersRepresentations;
    a4 = Solve;
    Print;
    Print;
    Print;
    Break;
    ];
  ]
try112
{Prime,3000224100121548498655590137368005069571933472775494100842501087436982943149821142980955460683948402757265084169148811110524006
79993847932207568172091560094510167897695078467591790088941746391972582717100285301299540294355487165491656635230490157761607993501375
223180694492035286273482831441758705949137}
{Sum Of Squares,{{1150806314968068727146123357056885619469649979028849850844196453181801798217270923100224969011009351667664622170718763364665983851966
1133366287153343544,1294553562256565224483621421076232660055995172660705961188957840298454705954113931007696103856465599582733326595695
7131164756911083919843754054197876649}}}
{X^2+7 y^2,{{x->157304830171714332605677866092018027280370023779927555463574103219979718292899144978579620380536264818784075565328449845301220705470
13154003170125103375,y->274055036335602726761027521599993587003300808005972618065115577057055135899598819194386061044300944545681499566865221260921239568918
9280816958899288596}}}

The above routine will work with the square of the prime as well, in other words a2^n instead of a2.

I was unable to get a quick answer for the following in Mathematica. Mathematica returned a nil answer quickly:

a4 = Solve;

Solving x^2 + 7 y^2 mod p*q equiv 2^n Has A Strange Trigonmetric Answer

In an unpublished proof by Euler which is shown by the Mathematica help pages put together by Eric Weisstein

In an unpublished proof, Euler showed that the quadratic Diophantine equation

$2^{n}=7x^{2}+y^{2}$

has a unique solution for every positive n>=3 in which x and y are both odd and positive (Engel 1998, p. 126). Rather amazingly, these can be given analytically by

$x=((2^{n/2})/({\sqrt {7}}))|sin|$

$y=2^{n/2}|cos|$

which is related to the norms of elements of the ring of integers in the quadratic field Q(sqrt(-7)) which exhibits unique factorization (Hickerson 2002). The first few solutions (x,y) for n=1, 2, 3, ... are (1, 1), (1, 3), (1, 5), (3, 1), (1, 11), (5, 9), (7, 13), (3, 31), ... (OEIS A077020 and A077021).

I was able to derive this equation using Mathematica. If Mathematica can, as seen above, can derive $x^{2}+7*y^{2}=large1{\bmod {7}}prime\equiv 2^{n}{\bmod {p*q}}$ .

So you can derive Euler's equation above in the modular domain, in Mathematica for large primes, via the following Mathematica procedure:

try113 := 
 Module[{a1, a2, a3, a4, a5, a6, a7, a8, a9, a10}, a6 = 0;
  a7 = 0;
  a8 = 0;
  a9 = 0;
  For[a1 = 2^10 + 1, a1 < 2^10 + 1000, a1++, a2 = 7 pq + 2^(4 + a6);
   a6 += 2;
   a9++;
   a2 = 7 pq + 2^(2 + a6);
   If != 1, Continue;];
   a7++;
   If, Continue;];
   a8++;
   a4 = Solve;
   Print;
   Print;
   (*Return;
   Break;*)];
  Print;]
ensure that p*q has square root of 7
try113
{Prime,281474977027847,48}
{X^2+7 y^2,{{x->11020820,y->4781161}}}
{{x -> 11020820, y -> 4781161}}
now divide by 2^24 to get trigometric sums
this is supposed to be |sin|/squarerootof7
Mod, 401 113]=41533
this is suppose to be 
|cos|
Mod, 401 113]=38882
get square root of 7 to check sums
PowerMod=4326
now make sure that sin^2+cos^2==1
Mod= 1

I was unable to go further into the complicated trigonmetic identity shown. Also, I was able to do something similar with the code that finds $x^{2}+3*y^{2}==1{\bmod {3}}Prime$ . But I have been unable to prove it is a trigonmetric identity.

The Above Equation Seems Not To Be A Trigonmetric Identity

With Euler's unpublished identity shown above, it seems that this may not be a trigometric identity in modular arithmetic.

|sin|/{\sqrt {7}}

If the Sin is a real number then the norm of it is itself. Thus we should have a $Sin/{\sqrt {7}}{\bmod {p*q}}$ value.

With knowledge of $cos$ we can easily create $Sin/{\sqrt {7}}{\bmod {p*q}}\equiv Sin*2*cos/{\sqrt {7}}{\bmod {p*q}}$

We can also use Chebychev polynomials, which I have verified work in modular arithmetic.

U_{2}(Sin){\bmod {p*q}}\equiv Sin\equiv ((4*(7*Sin/{\sqrt {7}})^{2})-7)*7^{-1}

Since we now have $Sin/{\sqrt {7}}{\bmod {p*q}}$ and $Sin$ we should be able to divide and get the modular square root of 7.

I have done this equations and we do not get anything that is the modular square root of 7. I have either misapplied the equations, or the norm of the trigonometric identities is not themselves, or Euler's math does not work in modular numbers.

Ah, my mistake is that one of the squares is even, they both have to be odd, according to Weiss.

This math may not work for modular arithmetic as $tan^{-1}$ is the ARCTAN function and the resulting Sin may not be expressable as a rational number and thus may not be part of the p*q field.

As far as the Weiss quote goes, it has two references for the unpublished Euler equation. I have checked the Engel reference and it does not have the trigometric identity claim that Weiss gives. I was unable to get a hold of the Hickerson reference. It is in an email group and I couldn't retrieve it. It would be interesting to see what that reference had to say regarding the trigometric identities because I cannot get them to work in mod p*q space.

With $ARCTAN{\bmod {p*q}}$ sought then possibly the sides of the triangle are ${\sqrt {7}},1,{\sqrt {8}}$ and the sine of this triangle would be ${\sqrt {7}}*{\sqrt{8}}$ or ${\sqrt{8}}$ . I used p*q combinations that had both square roots of both 7 and 8, but could not make the trigometric identity in p*q space.

Get \sqrt{7}*sin
Mod=27890
Use Chebychev polynomials to get Sin
Mod, 401 113]=6722
try to get \sqrt{7}\bmod{p*q}
Mod), 401 113]= 24083
show we don't have square root of 7
Mod= 29802

On the possibility that symmetry is available here, I have been able to get two odd X and Y values for the equation: $x^{2}+3*y^{2}{\bmod {p*q}}=4*(1{\bmod {3}}prime)\equiv 2^{n}{\bmod {p*q}}$ which is the other equation Jacobi said could be solved.

However, the math shown above, replicated onto the ${\sqrt {3}}$ does not work either. Either I have misapplied the math, the math does not work for ${\sqrt {3}}{\bmod {p*q}}$ , the math does not work for modular arithmetic, or the norm of the trigometric identities is not the same as the identities.

Jacobi Has A Similar Trigometric Identity To Hickerson

Dickson says at that Jacobi stated:

C. G. J. Jacobi stated that, if p is a prime 4*n+1, and $x^{2}-p*y^{2}==-4$ then:

${\sqrt {p}}(x+y*{\sqrt {p}})=2^{(p+1)/2}\Pi Sin^{2}$ ,

where $a$ ranges over the quadratic residues, between 0 and p/2, of p. If q is a prime 8n+3, and $x^{2}-q*y^{2}=-2$ , then

$x+y*{\sqrt {q}}={\sqrt {2}}*\Pi Sin$

This is a difficult statement to read. Dickson actually means by "ranges over the quadratic residues" include only the nonquadratic numbers.

I have confirmed that the first of the two equations has analogues in modular arthmetic. And also that Mathematica can find integer solutions to the problem. Mathematica cannot find integer solutions to the second problem.

Here is an example of the first equation:

Solve
{{x -> 1, y -> 1}, {x -> 4, y -> 2},
get modular square root of 5 mod 89*29
PowerMod=337
2 is the only nonquadratic between 1 and 2 inclusive for p=5/2
Sin^2  
5/8 + Sqrt/8
make the right side of the equation above
Mod, 89 29]=342
make the left side of the equation above
Mod= 342

I can't find the Hickerson reference for the original equation of this section. However, Jacobi's equation above is pretty similar, and can be made to work. The answer (5+5^(1/2)) has some resonnance with Hickerson's claim that the trigonmetic identity is in the field of ${\bmod {\sqrt {-7}}}$

Adolf Kunerth's 1878 Modular Square Root Algorithm

Adolf Kunerth's little known 1878 Modular Square Root Algorithm, as detailed in his paper. Dickson's reference isn't enough to reconstruct the algorithm, but Kunerth's 1878 paper is. I was able to get copies of these two papers (one on the Quadratic Equation, and the other on the Modular Quadratic problem) from the Ernest Mayr Library at Harvard University. Thanks to Mary Sears for obtaining the copies.

I was able to confirm that Kunerth's four examples of solving the modular quadratic problem do work, and I have been able to create four examples where his algorithm does work. One such example that actually finds the square root of B mod (P*Q mod B) instead of B mod P*Q is shown below. I have been able to find the modular square root of B mod N in 3 other examples. All four examples require that C in the quadratic (A*x^2+B*x+C) be a natural square. You do not need to factor the modulus N to get the modular square root.

The algorithm is a fascinating algorithm in that it would be practible for large numbers if one can solve a quadratic equation of $w^{2}==Az^{2}+Bz+C$ , which is often hard to solve. However, most of the equations are not modular and the one modular computation for the problem $y^{2}{\bmod {p*q}}$ is ${\sqrt {p*q}}{\bmod {(y^{2}{\bmod {p*q}})}}$ . So the residue becomes the modulus and this is often much easier to factor than the hard semiprime of the original problem. Thus, I conclude, this equation would be solvable, for large numbers, and it is the resulting quadratic equation which makes the computation infeasible.

A naiive explanation of the algorithm follows:

1) for

y^{2}{\bmod {p*q}}

first solve

r\equiv {\sqrt {p*q}}{\bmod {(y^{2}{\bmod {p*q}})}}

2) create a w^2 == quadratic involving r and solve for w. This is the hard equation and Kunerth usually solves it by having C of w^2==Ax^2+Bx+C be a natural square and X thus equals 0. Set V == r in case X == 0 in the computation of w. For the first example of his second paper, where

r==17\equiv {\sqrt {20521}}{\bmod {1124}}

, use the following Mathematica equation to obtain the quadratic:

Expand=

-18 + 34 z + 1124 z^2

for

{\sqrt {1124}}{\bmod {20521}}

3) having set W and V create alpha and beta in another equation:

\alpha ==w(v+\beta *w)

4) figure out what Y is by

y==\alpha *X+\beta

after figuring out what X is by the equation (which can be factored) of

[α^{2} * x^{2} + (2 * α * β - b) x + (β^{2} - c)]

. Thus

y=(\alpha *x+\beta )

As I said, the algorithm is a fascinating algorithm as it involves mostly sums and quadratic equations. If you can solve the quadratic equation the algorithm does seem to work. (An attempt of mine to solve the quadratic equation by making it modular did not work).

It looks as if $(r^{2}\pm p*q)/(y^{2}{\bmod {p*q}})$ is a square then the algorithm is feasible, even for large numbers.

I found an example that fits this qualification for when Kunerth's algorithm can work. the square root of 4289 mod 2048764 === 4049. The square root of -2048764 mod 4289 is 2095. If we take the quadratic that this produces, we, indeed, see that C in the Quadratic is a square.

Expand)/4289]
1024 + 4190 z + 4289 z^2

So W=32 and V=2095.

Solving for alpha and beta we get

Solve
{{a -> 
   ConditionalExpression, C \ Integers], 
  b -> ConditionalExpression, C \ Integers]}}

Thus alpha can be 480 and beta -65.

We do get a factor for the equation given above to discover X.

alpha =480
beta = -65
xx = 
 Factor[alpha^2 x^2 + (2 alpha beta - 
      Mod) x + (beta^2 - 4289)]
(-64 + 225 x) (1 + 1024 x)
However, this X does not recover Y or the modular square root 4289^(1/2) mod 2048764
Mod + beta, 2048764]
1775667

Therefore, my first attempt to make an example of Kunerth's algorithm, besides his examples, didn't work.

The Example works for mod equals 2911

equals 2911">edit]

Good news, I was able to make Kunerth's algorithm work, for my example, when I changed the modulus from 2848764 to 2911 or Mod=2911.

The math follows:

alpha=480
beta=-65
Mod + beta, 2911]
= 1430
Mod + beta, 2911]
= 1481
Mod= 1378
Mod= 1378
and 
1378 + 2911= 4289
which is the original square
so my example works for 4289^(1/2) Mod(2848764  mod 4289]
so two roots are found
1481 and 1430
So I have found an example where Kunerth's method does
work in a sense.  If I had found a quadratic that worked with the full original modulus, 2848764 instead of 
mod=2911 then I would have found the 
square root of 4289^(1/2) mod 2848764.
2911 is a semiprime so it would normally have to be factored before
the square root could be found by other methods.
FactorInteger= {{41, 1}, {71, 1}}

Kunerth with Big Modula

If the modula is of the form, no matter how big it is,

5*(SQUARE-1)+1

then the resulting associated quadratic will have C as a square and you can take the modular square root of 5 easily.

If the modula is of the form, no matter how big it is,

3*(SQUARE-2)+2

then the resulting associated quadratic will have C as a square and you can take the modular square root of 3 easily.

Details and examples at

Getting square root of Y times modulus of combined modulus

The talk page of Talk:Kunerth's_algorithm shows how to get the modular square root of 67*y mod RSA260. Here we will show how to get the square root of y*89 29 mod 89 29 (89 29+13) (in small numbers).

It's quite complicated but here is the mathematica with some notes

How to find square root of 139 mod 89 29 (89 29+13) times 89 29
given: square root of 67*139 mod 89 29
       square root of 67 mod 89 29+13
       square root of 139 mod 89 29+13
Output: square root of 139*89*29 mod 89 29(89 29+13)
take square roots in modulus near 89 29 (which is hopefully a prime)
In:= PowerMod
Out= 135
we know this, it is given by Kunerth's modified routine
In:= PowerMod
Out= 694
In:= PowerMod
Out= 151407
take chinese remainder and get a sum for combined modulus
In:= x3 = ChineseRemainder
Out= 111677
we don't know this but will get this sum times 89 29 at end of procedure
In:= PowerMod
Out= 557621
Show the equation that chinese remainder theorum has gotten us
In:= Mod[
 PowerMod + 
  PowerMod[67 , 
    1/2, ( 89 29) (89 29 + 13)] (( (557621 - 1)) (89 29 + 
       13)) PowerMod, (89 29) (89 29 + 
    13)]
Out= 111677
get a sum for 67*139 in full modulus(we can do this)
In:= Mod (557621), 
 89 29 (89 29 + 13)]
Out= 978893
redo the sum
In:= Mod[
 PowerMod + 
  PowerMod (557620), 89 29 (89 29 + 13)]
Out= 978893
multiply by difference between the two modula 
In:= Mod[
 13 PowerMod + 
  PowerMod[67 , 
    1/2, ( 89 29) (89 29 + 13)] (( (557621 - 1)) (89 29 + 
       13)), (89 29) (89 29 + 13)]
Out= 1451801
substract two sums
In:= Mod
Out= 2116420
get the new answer
In:= Mod (557620) 89 29, 
 89 29 (89 29 + 13)]
Out= 2116420
square 
In:= Mod, 
 89 29 (89 29 + 13)]
Out= 2720374
this is result of squaring after dividing by 67
In:= Mod
Out= 2720374
multiply by former sum and divide by  67
In:= Mod, 
 89 29 (89 29 + 13)]
Out= 588468
this is the new equation
In:= Mod
Out= 588468
subtract two sums to get 
In:= Mod
Out= 3019770
we have 1 less than square root of 139 with 89 29 square as multiplier
In:= Mod
Out= 3019770
play with the modulus
In:= Mod[
 2 3019770 PowerMod, 
 89 29 (89 29 + 13)/2]
Out= 3115267
we now have 1 less than the square root of 139 times 89 29
In:= Mod
Out= 3115267
add 89 29 to get square root of 139 times 89 29
In:= Mod
Out= 3117848
we have final sum
In:= Mod
Out= 3117848

Square Root of 5 mod X*RSA260+1

Kunerth's method is quite exciting since it doesn't have to factor the modulus. Follow the mathematica below and see how the square root of 5 mod x*RSA260+1 is found within seconds on a Raspberry PI 4 palmtop.

Using the Pythagorean Theorum Solve the quadratic
In:= w = 
 Expand[((2 (RSA260^2 - 1^2 ))^2 + 1 (RSA260^2 - 1^2)^2 + 
      5 (((2 1 RSA260)^2)))/(5)]^(1/2)
Out= 4889770528994189727851565631690024017165005555729269682395332\
5863566645342454412925398180236065314500376295946985354254181805038742\
4723625429992521654787837491618048319631364040388191253484698255313698\
7424736875836220039610457304524305120045165665398590929500984074537021\
3332671406165455614268623279672955402907322055976895600593186605328911\
5169593626456219480475197831634106662908018989638508845064827782102219\
8331778793835658611538459312186788747890608185252992497633380107893907\
21301760772016869260727399301258323602
set v
In:= v = 2 (RSA260^2 - 1^2)
Out= 9779541057988379455703131263380048034330011111458539364790665\
1727133290684908825850796360472130629000752591893970708508363610077484\
9447250859985043309575674983236096639262728080776382506969396510627397\
4849473751672440079220914609048610240090331330797181859001968149074042\
6665342812330911228537246559345910805814644111953791201186373210657823\
0339187252912438960950395663268213325816037979277017690129655564204439\
6663557587671317223076918624373577495781216370505984995266760215787814\
42603521544033738521454798602516647200
make the modulus a variable
In:= mod =  (RSA260^2 - 1^2)^2 + 5 (((2 1 RSA260)^2))
Out= 2390985582622011804596626598395673467700135963629555889132984\
5992580385378407468442673330055684425335333246848835333293215726575872\
1355685125318060112890318777229278719348539134043483869594721596706402\
4651101060452794751171383943446773743600355859434238217228786384923053\
5389751388452988050713762957991442433151288721501791712710759860571865\
5790897032492359755314922463372956523242589287663244150824214352062397\
1538543656788644287421389533958059991841118958363279465471977198209879\
2469088087239949376049602423582807491703992476167184773046653404954534\
8594032808685422438526157752221902651776609480274917656256432838107178\
4959761186928798048189304205947855234339204482167029856642017237764576\
9783217378669834197799692670939878034230039774474178421414940663330766\
6517128460930159144372737789700813274692324363089889374327026605350455\
5763358876399563570064243443818628546720647588356443002938261756026433\
0727573629317789549844076859516283862514294434927309207692660437108140\
4188164670644817863924855879204361453559753554627758324307483432020
solve for alpha and beta
In:= Solve
Out= {{a -> 
   ConditionalExpression[
    239098558262201180459662659839567346770013596362955588913298459925\
8038537840746844267333005568442533533324684883533329321572657587213556\
8512531806011289031877722927871934853913404348386959472159670640246511\
0106045279475117138394344677374360035585943423821722878638492305353897\
5138845298805071376295799144243315128872150179171271075986057186557908\
9703249235975531492246337295652324258928766324415082421435206239715385\
4365678864428742138953395805999184111895836327946547197719820987924690\
8808723994937604960242358280749072603837036834682747634027861653005597\
0279757396389916136708704918932270811859768983802020921977520710323678\
6721622028968457922672100313014834070015120946235831840757383830417024\
4099616286480128906527345493065906279576655208696051007963932173351863\
3127907115717622366374703427899345923324023616471839243552476899116514\
0508519837719685358562078470982142940369226140343661144042344482927482\
9661162765989427987241984992810374716271261961734525530268753001878176\
58685649551103709068064778326238119416169413210338282316959996 + 
     23909855826220118045966265983956734677001359636295558891329845992\
5803853784074684426733300556844253353332468488353332932157265758721355\
6851253180601128903187772292787193485391340434838695947215967064024651\
1010604527947511713839434467737436003558594342382172287863849230535389\
7513884529880507137629579914424331512887215017917127107598605718655790\
8970324923597553149224633729565232425892876632441508242143520623971538\
5436567886442874213895339580599918411189583632794654719771982098792469\
0880872399493760496024235828074909216291915281144165904029038841310166\
5687997962556070343252200837319885218167742068539474186623877871182886\
2460103619913573012422179920751655404010174009758579831295066235587318\
5962726642586805911907529519201340962445681365052526910518441235401452\
4907154429575698534785555675858497058514648069096495793537408852840473\
7958434386144714957171853914935664876524714804113498768046899611500344\
1520151656858253927133077831992555005890570811557177427742374456431091\
759882648604455752225627663533281207483646456119935487350254404 C, 
    C \ Integers], 
  b -> ConditionalExpression, C \ Integers]}}
set alpha
In:= alpha = \
2390985582622011804596626598395673467700135963629555889132984599258038\
5378407468442673330055684425335333246848835333293215726575872135568512\
5318060112890318777229278719348539134043483869594721596706402465110106\
0452794751171383943446773743600355859434238217228786384923053538975138\
8452988050713762957991442433151288721501791712710759860571865579089703\
2492359755314922463372956523242589287663244150824214352062397153854365\
6788644287421389533958059991841118958363279465471977198209879246908808\
7239949376049602423582807490726038370368346827476340278616530055970279\
7573963899161367087049189322708118597689838020209219775207103236786721\
6220289684579226721003130148340700151209462358318407573838304170244099\
6162864801289065273454930659062795766552086960510079639321733518633127\
9071157176223663747034278993459233240236164718392435524768991165140508\
5198377196853585620784709821429403692261403436611440423444829274829661\
1627659894279872419849928103747162712619617345255302687530018781765868\
5649551103709068064778326238119416169413210338282316959996
Out= 2390985582622011804596626598395673467700135963629555889132984\
5992580385378407468442673330055684425335333246848835333293215726575872\
1355685125318060112890318777229278719348539134043483869594721596706402\
4651101060452794751171383943446773743600355859434238217228786384923053\
5389751388452988050713762957991442433151288721501791712710759860571865\
5790897032492359755314922463372956523242589287663244150824214352062397\
1538543656788644287421389533958059991841118958363279465471977198209879\
2469088087239949376049602423582807490726038370368346827476340278616530\
0559702797573963899161367087049189322708118597689838020209219775207103\
2367867216220289684579226721003130148340700151209462358318407573838304\
1702440996162864801289065273454930659062795766552086960510079639321733\
5186331279071157176223663747034278993459233240236164718392435524768991\
1651405085198377196853585620784709821429403692261403436611440423444829\
2748296611627659894279872419849928103747162712619617345255302687530018\
7817658685649551103709068064778326238119416169413210338282316959996
set beta
In:= beta = -1
Out= -1
find x value via factoring 
In:= Timing[
 xxx1 = Factor[(alpha^2 x^2 + (2 alpha beta - (mod)) x + (beta^2 -  ( 
        5)))]]
Out= {0.016567, 
 4 (-1 + 5977463956555029511491566495989183669250339909073889722832461\
4981450963446018671106683325139211063338333117122088333233039316439680\
3389212813295150282225796943073196798371347835108709673986803991766006\
1627752651131986877928459858616934359000889648585595543071965962307633\
8474378471132470126784407394978606082878221803754479281776899651429663\
9477242581230899388287306158432391308106473219158110377060535880155992\
8846359141971610718553473834895149979602797395908198663679942995524698\
1172720218099873440124006058957018726326118873021448095905694133372322\
7382091988379180478221022385036616642236051052932055232499442906567720\
4623721055196470029643028060035462827852498212544872146634214102632624\
0215714299153677304967349484894852960073367412419171670822768586299817\
2300429606748391956484622346252430343031537539163549468013793271631745\
7072535817395349805528635140444815190927887282605988808365190392321271\
2881103020224084907917578829791642379984340920395197431919577844035986\
135889372162624437916477625473279798757837173092575185269320916401 x) \
(1 + 23909855826220118045966265983956734677001359636295558891329845992\
5803853784074684426733300556844253353332468488353332932157265758721355\
6851253180601128903187772292787193485391340434838695947215967064024651\
1010604527947511713839434467737436003558594342382172287863849230535389\
7513884529880507137629579914424331512887215017917127107598605718655790\
8970324923597553149224633729565232425892876632441508242143520623971538\
5436567886442874213895339580599918411189583632794654719771982098792469\
0880872399493760496024235828074909216291915281144165904029038841310166\
5687997962556070343252200837319885218167742068539474186623877871182886\
2460103619913573012422179920751655404010174009758579831295066235587318\
5962726642586805911907529519201340962445681365052526910518441235401452\
4907154429575698534785555675858497058514648069096495793537408852840473\
7958434386144714957171853914935664876524714804113498768046899611500344\
1520151656858253927133077831992555005890570811557177427742374456431091\
759882648604455752225627663533281207483646456119935487350254404 x)}
find the root of 5 mod (modulus/4)
In:= y20 = 
 Mod[alpha (-1 PowerMod[
       239098558262201180459662659839567346770013596362955588913298459\
9258038537840746844267333005568442533533324684883533329321572657587213\
5568512531806011289031877722927871934853913404348386959472159670640246\
5110106045279475117138394344677374360035585943423821722878638492305353\
8975138845298805071376295799144243315128872150179171271075986057186557\
9089703249235975531492246337295652324258928766324415082421435206239715\
3854365678864428742138953395805999184111895836327946547197719820987924\
6908808723994937604960242358280749092162919152811441659040290388413101\
6656879979625560703432522008373198852181677420685394741866238778711828\
8624601036199135730124221799207516554040101740097585798312950662355873\
1859627266425868059119075295192013409624456813650525269105184412354014\
5249071544295756985347855556758584970585146480690964957935374088528404\
7379584343861447149571718539149356648765247148041134987680468996115003\
4415201516568582539271330778319925550058905708115571774277423744564310\
91759882648604455752225627663533281207483646456119935487350254404, -1,
        mod/4]) + beta, mod/4]
Out= 2988731978277514755745783247994591834625169954536944861416230\
7490725481723009335553341662569605531669166558561044166616519658219840\
1694606406647575141112898471536598399185673917554354836993401995883003\
0813876325565993438964229929308467179500444824292797771535982981153816\
9237189235566235063392203697489303041439110901877239640888449825714831\
9738621290615449694143653079216195654053236609579055188530267940077996\
4423179570985805359276736917447574989801398697954099331839971497762349\
0586360109049936720062003029478509364752234858433835709504605896985419\
1746832262245710365578296023423967480854323210666782024826442680496482\
5273688229999561105687889943052909678673818644078483258092972755196505\
3239118771150663921813444263360465964683455219082984459381783457164587\
4562760223895074176484556492459333378519541844219077299900607141760752\
5218192819399602759231636532652525524062214972457433699463679861605741\
8156876663858503144250621629353649297988759508947597992420495265082440\
728151908643043067493304332580870621887973411643651640363750009905
verify root of 5 has been found
In:= Mod
Out= 5
show modulus is 1 off a multiple of RSA260
In:= GCD
Out= 2211282552952966643528108525502623092761208950247001539441374\
8319128822941402001986512729726569746599085900330031400051170742204560\
8592763579537571859542988389587092292384910067030341246205457845664136\
64540684214361293017694020846391065875914794251435144458199

How To Find Two Roots of 5 Mod P*Q, using Kunerth

I finally found out how to get the two roots of 5 mod 89*29, which allows the p*q modulus to be factored easily.

Any 1 mod 4 prime (which is the sum of two squares) can be used to factor p*q, if you can solve two equations (that I admit I can't solve for big numbers yet).

There are two equations to solve for the root of 5, which is the sum of two squares, 1 and 4.

((2(x^{2}-1))^{2}+(x^{2}-1)^{2}+5(2*1*x)^{2})/5)^{1/2}

the modulus is

(x^{2}-1)^{2}+5(2*1*x)^{2})

and

(((x^{2}-1))^{2}+(2(x^{2}-1))^{2}+5(2*1*x)^{2})/5)^{1/2}

the modulus is

(2(x^{2}-1))^{2}+5(2*1*x)^{2})

If you solve for x in the two equations so that the two modula are both multiples of P*Q, then you will often get the two different square roots of 5 (in this case). With the two different roots of 5, factoring p*q is easy.

Look at the mathematica below where these equations are solved and then used in the Kunerth method to get the two different roots of 5 mod 89*29, which are 1265 and 337.

In:= Solve
Out= {{x -> 134}, {x -> 269}, {x -> 311}, {x -> 443}, {x -> 
   714}, {x -> 888}, {x -> 1023}, {x -> 1113}, {x -> 1468}, {x -> 
   1558}, {x -> 1693}, {x -> 1867}, {x -> 2138}, {x -> 2270}, {x -> 
   2312}, {x -> 2447}}
In:= Solve[4 ((x)^2 - 1)^2 + 5 (2 1 x)^2 ==  89 29, 
 Modulus -> 89 29]
Out= {{x -> 73}, {x -> 217}, {x -> 317}, {x -> 495}, {x -> 
   607}, {x -> 785}, {x -> 1029}, {x -> 1262}, {x -> 1319}, {x -> 
   1552}, {x -> 1796}, {x -> 1974}, {x -> 2086}, {x -> 2264}, {x -> 
   2364}, {x -> 2508}}
In:= w1 = ((5 (134^2 - 1)^2 + 5 (2* 1* 134)^2)/5)^(1/2)
Out= 17957
In:= w2 = ((5 (73^2 - 1)^2 + 5 (2 *1 *73)^2)/5)^(1/2)
Out= 5330
In:= v1 = 2 (134^2 - 1)
Out= 35910
In:= v2 = (73^2 - 1)
Out= 5328
In:= mod1 = (134^2 - 1)^2 + 5 (2 *1* 134)^2
Out= 322741145
In:= Mod
Out= 0
In:= mod2 = 4 (73^2 - 1)^2 + 5 (2 *1* 73)^2
Out= 113656916
In:= Mod
Out= 0
In:= Solve
Out= {{a -> 
   ConditionalExpression, 
    C \ Integers], 
  b -> ConditionalExpression, C \ Integers]}}
In:= alpha1 = 322382021
Out= 322382021
In:= beta1 = -1
Out= -1
In:= alpha2 = 28398240
Out= 28398240
In:= beta2 = 0
Out= 0
In:= Timing[
 xx1 = Factor[
   alpha1^2 x^2 + (2 alpha1 beta1 - mod1) x + (beta1^2 - (((5))))]]
Out= {0.001582, (-4 + 322310209 x) (1 + 322453849 x)}
In:= Timing[
 xx2 = Factor[
   alpha2^2 x^2 + (2 alpha2 beta2 - mod2) x + (beta2^2 - (((5))))]]
Out= {0.000982, (-5 + 28387584 x) (1 + 28408900 x)}
In:= y201 = 
 Mod) + beta1, 89 *29]
Out= 1265
In:= Mod
Out= 5
In:= y201 = 
 Mod) + beta2, 89 *29]
Out= 337
In:= Mod
Out= 5
In:= GCD, 89* 29] + 1, 89 *29]
Out= 89
In:= GCD, 89* 29] - 1, 89* 29]
Out= 29

This procedure above is not a deterministic way to get the two modular square roots. Sometimes it returns the same root.

Is Kunerth A Case Of Equivalent Squares

Is the Kunerth method a case of equivalent squares, in that the quadratic equation essentially presents as two equivalent squares.

My current answer is: Usually no, but close, sometimes it is.

For instance to take the root of 5 the quadratic is $(x^{2}-1)^{2}+(2*1*x)^{2}$ but the modulus for this quadratic is either $(x^{2}-1)^{2}+5*(2*1*x)^{2}$ or $4*(x^{2}-1)^{2}+5*(2*1*x)^{2}$ . Thus Kunerth's method is not usually equivalent squares. It may be equivalent squares for actual natural squares as in $(5*(x^{2}-1))^{2}+25*(2*1*x)^{2}$ .

If you set x so that the modulus is mod 0 for the modulus you are seeking to solve for, then

(2(x^{2}-1))^{2}

is a square but the whole equation isn't, it is

5((x^{2}-1)^{2})+(2*1*x)^{2})

this isn't a square, it is

5*SQUARE

the actual quadratic is a square but remember that the modulus is this case (

(2*1*x)^{2}

isn't a multiple of the intended modulus.

Conclusions About Kunerth's modular square root algorithm

I conclude that Kunerth's algorithm is an important, although limited in scope, modular square root algorithm.

It requires that C in the resulting quadratic Ax^2+Bx+C be a natural square, but I have shown that once you get this result that the square root can be found, in my example of a residue of the original modulus.

I have also shown in the example given above that Kunerth's algorithm can find one square root of a semiprime without factoring the semiprime. And once the quadratic with the natural square concerning C is found, it is probably quick to find the root.

The Quadratic equation that must be solved is equivalent to p*z^2-x^2 mod x*y===0, and so the square root associated can be solved in other ways than Kunerth's. However, with the Pythagorean Theorum it can be shown, for instance, that certain formula for modula can make taking the root of certain residues easy. Such as modula of x^2+x-1 allow the root of residue 5 to be taken easily using Kunerth. Endo999 (talk) 21:06, 26 February 2023 (UTC)

Who Is Adolf Kunerth

There is very little information on Adolf Kunerth. He was an Austrian, active between 1870s and 1880s. He was a professor of a German/Austrian university as well as being an engineer. Apparently he built a bridge in the former Yugoslavia.

Apparently, in 1869 he was an instructor at a training institute in Troppau, in today's Czech republic. Then this was a German speaking area of Austria. He may have been a professor of engineering at Brun (perhaps the Karlo university) in the 1870s when he published his mathematics, for which he is known today. After this he became a head engineer in Bosnia. So it is possible that his math was a second career for him and he was primarily an engineer.

Because there is so little personal information on Adolf Kunerth, and because his method is the most powerful modular square root algorithm known, it is possible that Kunerth is an alias for a more well known person.

However, Mary Sears, of the Ernest Mayr Library at Harvard University, who knows German, says the journal the paper is published in became the Royal Austrian Society journal, so it is a prestigious journal and it was meant to be seen. The publication is not meant to be kept from the academic world. It appeared at Harvard University in 1906.

The modular square root algorithm would have been an obvious diplomatic or military cipher in the precomputer age, since a mechanical calculator could have computed it.

It is strange that the only English language reference to the Kunerth algorithm is in Dickson's 1921 Theory of Numbers(vol ii, p382-384). 144 years have passed since its publication, and you could help your career by publicising it. As it is the only algorithm known to take the modular square root of composite modula without factoring the modulus.

Translating from the German at

The w. M. Mr. Hofrath Petzval presented a treatise by Prof. Adolf Kunerth at the secondary school in Brunn, entitled: "Practical method for the numerical resolution of indefinite quadratic equations in whole and in rational numbers".

So it appears that a Mr Petzval presented the treatise of Kunerth's. Hofrath is a German word for Counsellor, so this may be an honorific. There is a Joseph Petzval who was a very well known and important Austrian/Hungarian mathematician. In 1878 when this paper was published Petzval had retired and was becoming a recluse in Kahlenberg, outside Vienna. Petzval was a mathematician of great reknown and is important in the history of optics. He was also a good engineer earlier in his career, as Kunerth was. It's possible that Kunerth actually existed, as an engineer, and that Petzel used his name for various reasons that are unknown, to publish Petzel's math on the modular square root algorithm. Petzel was a mathematician who could have produced the math presented in the papers authored by Kunerth.

This is a speculation. Against this argument, Petzval doesn't seem to have done any number theory. The Theory of Numbers by Dickson only has J. Petzval once in the author's index and this is only in a footnote. J. Petzval wasn't known for number theory. He did have a mathematician brother, named Petrol. It is possible that the math is Petrol Petzval's and not Joseph Petzval's. Petrol, better known as wrote several high school mathematical books in Hungaria, so it is more likely that Otto gave the lecture in Brun to a high school audience than Joseph, but Otto is not known for independent math. Endo999 (talk) 00:56, 31 October 2022 (UTC)

X+N and X-N found on unsolvable quadratic equations

$x^{4}+18*x^{2}+1{\bmod {p*q}}\equiv 0$ and $x^{2}+x-1{\bmod {p*q}}\equiv 0$ , if x can be found then with Kunerth the modular square root of 5 can be found.

Both are unsolvable in the P*Q modula space.

We however can get an answer for $x^{4}+18*x^{2}{\bmod {N*P*Q-1}}\equiv 0$ if the modulus is a prime (often we can do this).

The two answers that will be found will be $x_{1}+N$ and $x_{2}-N$ . I can't get further than this however, this happens for both quadratic equations shown above. One of them, the first, will have $x_{1}+N$ and $x_{2}-N-1$ actually.

The mathematica shown below will show this effect.

In:= Solve
Out= {{x -> 0}, {x -> 0}, {x -> 4528}, {x -> 26443}}
In:= Solve
Out= {{x -> 134}, {x -> 269}, {x -> 311}, {x -> 443}, {x ->
   714}, {x -> 888}, {x -> 1023}, {x -> 1113}, {x -> 1468}, {x ->
   1558}, {x -> 1693}, {x -> 1867}, {x -> 2138}, {x -> 2270}, {x ->
   2312}, {x -> 2447}}
In:= Mod
Out= 1947
In:= Mod
Out= 633
In:= 714 - 633
Out= 81
In:= 1947 - 1867
Out= 80
Note that it is possible to find x_1+n and x_2-n-1 for big numbers
as well.
In:= Solve
Out= {{x -> 0}, {x -> 0}, {x ->
   2716082610274971337694474899142218136748963550135500602361031437724\
1148029498527233843245349186917213241417399133612721259249692585804181\
9818630648952854721813303764099692665262595635447345263101006568774477\
6819639057085831464289459835504443854332275069363102750}, {x ->
   1935251726819563576471604818537396032900790177332957476126388938476\
6450492569345259155379732197915384563586789457975978942475750893157139\
6070515431820538430231477541697830873720636717018978520619872151494668\
26026293513345827168515238448239719110330657204806179851}}

One Plus A Cube Cannot Be A Square

Dickson says

in fact, $1+x^{3}=n^{2}$ only when $x=0,2,-1$

This assertion is not true in modular arithmetic. I give the following Mathematica which shows 3 counter examples in 30 tries.

Table]}, {x, 1, 
   30}] // Grid
{
 {1, False},
 {2, True},
 {3, False},
 {4, False},
 {5, False},
 {6, False},
 {7, False},
 {8, True},
 {9, True},
 {10, False},
 {11, False},
 {12, False},
 {13, False},
 {14, False},
 {15, False},
 {16, False},
 {17, False},
 {18, False},
 {19, False},
 {20, False},
 {21, False},
 {22, False},
 {23, False},
 {24, False},
 {25, False},
 {26, False},
 {27, False},
 {28, False},
 {29, True},
 {30, False}
}

Bricard and x^2 - 2 y^2 equals 1(mod 8) prime

Dickson says that a Raoul Bricard has proven that all $\pm 1{\bmod {8}}$ primes can always be decomposed into $x^{2}-2*y^{2}==\pm 1{\bmod {8}}prime$

Dickson says that at vol 2 p255 of his work the method for proving this is explained.

I was not able to get Mathematica to obtain $x^{2}-2*y^{2}==\pm 1{\bmod {8}}prime$ for a big 1000 bit prime number in quick time.

Brocard Studied Pell's Equation Which Bricard Generalised

Henri Brocard, who is mentioned in Dickson's work studied and published a bibliography of Pell's Equation.

Pell's Equation is: $x^{2}-2*y^{2}=1$ .

R. Bricard, in the section above, generalised Pell's equation by proving that all 1 mod 8 primes numbers are of the form

x^{2}-2*y^{2}=1{\bmod {8}}prime

Brocard was a noted geometer, like Bricard. They were both French, and were born only 25 years apart. Much of their mathematical work could be described as complimentary. They could almost have been father and son, except that they were actually from different families with no relation between them.

In the History vol 2 p571 Dickson states:

H. Brocard noted that $x^{3}+(2*a+1)(x-1)=y^{2}$ has the special solution

$x=(a+1)^{2}+2*(a+1)-1$ and $y=(a+1)^{3}+3*(a+1)-1$

I was unable to get this equation to work. I tried it out in mathematica several times. There may be a special solution for this, but it is not a general solution. This is unusual because Dickson usually gets it right.

N. Beguelin Is Trashed By Dickson

An amusing passage, from the point of distance of 100 years since the book was published, is the leveling of | N. Beguelin's reputation by Dickson at History of the Theory of Numbers, vol 2, p13-15 (Chelsea Publishing, 1952). Some elipsed quotes of this:

Nicholas Beguelin attempted to prove Fermat's theorem that every integer is a sum of s polygonial numbers of s sides. ... On p411 Beguelin states without proof the erroneous generalization ... Thus Beguelin contradicts himself in his generalisation of Fermat's theorem ... N. Beguelin made a puerile illogical attempt to prove that every number is the sum of three triangular numbers. ... Beguelin next attempted, but failed completely, to deduce

Dickson was known to be a hard man and he shows his metal against the reputation of Nicholas Beguelin, a Swiss mathematician of the 18th Century.

Another disparraging Beguelin quote for Dickson is at vol 1 p 381

N. Beguelin states that $2^{n}+1$ has a triniary divisor $1+2^{p}+2^{q}$ only when $n=10,24,32$ although his examples (p249) contradict this statement.

D.S Hart solution for x^2-Ay^2=1 Works in Modular Arithmetic

D.S. Hart gave a "new" method to solve $x^{2}-A*y^{2}=1$ . Set $A=r^{2}\pm m$ . Then $(x+ry)(x-ry)=1\pm my^{2}$ Set $x-ry=1$ . Then

$y=\pm 2r/m$ , $x=1\pm 2r^{2}/m$

But the solutions are not in general integers.

This works in modular arithmetic, even for big numbers. The solutions being fractions are not a problem for modular arithmetic. For instance,

<math>x^{2}-7*y{2}=1</math>
In:= A = 4 + 3
Out= 7
In:= yy = Mod, RSA260]
Out= 1474188368635311095685405683668415395174139300164667692960916\
5546085881960934667991008486484379831066057266886687600034113828136373\
9061842386358381239695325593058061528256606711353560830803638563776091\
09693789476240862011796013897594043917276529500956762972134
In:= xx = Mod, RSA260]
Out= 7370941843176555478427028418342076975870696500823338464804582\
7730429409804673339955042432421899155330286334433438000170569140681869\
5309211931791906198476627965290307641283033556767804154018192818880455\
4846894738120431005898006948797021958638264750478381486070
show x^-7*y^2=1 found for RSA260 modulus
In:= Mod
Out= 1

This works for $x^{2}-1*y^{2}{\bmod {p*q}}\equiv 1$ .

In:= yy = Mod, RSA260]
Out= 7370941843176555478427028418342076975870696500823338464804582\
7730429409804673339955042432421899155330286334433438000170569140681869\
5309211931791906198476627965290307641283033556767804154018192818880455\
4846894738120431005898006948797021958638264750478381486065
In:= xx = Mod, RSA260]
Out= 1474188368635311095685405683668415395174139300164667692960916\
5546085881960934667991008486484379831066057266886687600034113828136373\
9061842386358381239695325593058061528256606711353560830803638563776091\
09693789476240862011796013897594043917276529500956762972131
In:= Mod
Out= 1

Lucas Finds the Modular Imaginary Number Of Powers Of Primes From the Prime

According to Dickson:

"E. Lucas treated

x^{2}+1{\bmod {p^{m}}}\equiv 0

, where p is a prime > 2, for use in the question of the number of satins. Given

a^{2}+1{\bmod {p}}\equiv 0

, set

(a+I)^{m}=A+Bi

\beta *B{\bmod {p^{m}}}\equiv 1

Then

A\beta

is a root

x

of the proposed congruence."

This allows the finding of the modular imaginary number for modula of powers of primes once the I number for the Prime modula is known.

This also seems to work for modula of (p*q) and (p*q)^m, as the following example shows. (this works for large numbers as well)

In:= Expand
Out= 59119154872088 + 520428000641 I
In:= PowerMod
Out= 77612584756845935
In:= Mod
Out= 1

This is a very powerful finding since the Pythagorean Bridge, mentioned elsewhere in this blog, between squares and roots can be used for powers of (P*Q)^m as well as (P*Q).

This works for powers of 2 as well, I checked on this.

R. Dedekind Reference In Author's Index Not Found In Text

The author's index of History Of Theory Of Numbers (Chelsea Publishing, 1952) is often the best way to navigate around the three volume reference. Normally, it is extremely accurate, however, in volume 3, p 304, the author's index for Chapter 3 says that R. Dedekind is mentioned at p76. I was unable, after looking several times, to find this mention, although Dedekind is mentioned on the previous page, p75, and perhaps the math extends onto p76. In this case the index reference should be p75-76, but it is instead p75, p76.

An unusual mistake in the Index volume, normally it is very accurate.

After some time, I have reread p75 and p76 of vol 3. Dedekind is definitely mentioned in p75 and a rather long half page proof is given of his, however at the end of p75 Dickson says "we can prove" and then goes on from Dedekind's math to another proof that continues onto p76, and which I assume is Dickson's, but which he assumes follows from Dedekind's earlier proof. Dedekind is not mentioned by name on p76.

Joseph Bertrand Reference does not contain treatment of equation said

Dickson says at Theory of Numbers vol ii p629 that Joseph Bertrand has a treatment of $a*x^{4}+b*y^{4}==SQUARE$ but the reference at p244 does not have this treatment. The reference is at and is Traite Elementaire d'Algebra 1850, p 244. This is quite unusual for a bad reference to Appear in Dickson.

Also the line where Bertrand is mentioned has an asterick footnote, but there is no asterick footnote on p629.

However, a treatment of the equation $x^{4}+y^{4}==z^{2}$ can be found at p224-7 of the said math book.

C. G. Bachet math extends from p205 to p206 but he is not mentioned in p206

As a possibility of a fault, it is to be mentioned that in the author's index vol ii, p 205 that he is mentioned on p205 but not on p206. However, his math starts in p205 and goes into the first paragraph of p206. I think the author's index requires the name be on the page, however,in this case the math laps over from p205 to p206.

Can You Factor PQ With Knowledge Of Only One Square Root Of -1 Mod PQ

People reading my math blog may notice I spend a lot of effort on the rational square root of -1 mod p*q, or the modular imaginary number.

With knowledge of the 2 square roots of -1 it is trivial to factor p and q since the addition of both square roots will be a nontrivial multiple of p or q and the minus of the two square roots will be a multiple of either p or q.

However, it is possible to factor p*q with knowledge of only one square root of -1 mod p*q in the three following ways:

1) by taking the square root of

2*{\sqrt {-1}}_{i}{\bmod {p*q}}

that is not

1+{\sqrt {-1}}_{i}{\bmod {p*q}}

. See .

2) Each square can be rewritten according to Squareless Numbers and the Square. p*q can be factored via the following Blog Entry

3) Each square can be rewritten according to Squareless Numbers and the Square. p*q can be factored easily if the

b(b+1)<p*q

. See for help on this.

If there were any easy way to factor p*q with knowledge of only one ${\sqrt {-1}}_{i}{\bmod {p*q}}$ then this would extend Euler who needs two sums of squares to do his factoring algorithm. Sums of Squares and the ${\sqrt {-1}}_{i}{\bmod {p*q}}$ are interchangeable and easily convertible into the other.

Three Treatments Of The Pythagorean Theorum

1) Where Pythagorean Triples Allow The Complex Square Root Formula to be used in modular arithmetic: #Pythagorean_Triples_Can_Provide_The_Parameters_To_Populate_The_Complex_Square_Root_formula

2) Another Formula Besides Euclid's To Generate Pythagorean Triples: #Another_Formula_For_Generating_Pythagorean_Triples_Besides_The_Famous_Euclidean_One

3)Dickson's Method For Creating Pythagorean Triples Can Also Create Modular Pythagorean Triples: #Because_Of_Dickson,_There_Are_Modular_Pythagorean_Triples

Three Treatments To Make Adjacent Squares With Known Roots In Mod P*Q Fields

1) How to make four squares equivalent to 0 with adjacent roots: x^2, (x+1)^2, y^2, (y+1)^2: User:Endo999#x^2+(x+1)^2+y^2+(y+1)^2_mod_p*q_equiv_0

2) Roots shown of Adjacent Squares Using Pythagorean Triples: #Square_Roots_Of_Adjacent_Squares_Shown

3) Roots shown of Adjacent Squares From Any Residue: #Roots_Of_Adjacent_Squares_Found_From_Any_Residue

4) Roots shown of Squares N apart, not 1 apart: #Roots_From_Squares_N_Apart

Five Treatments That Make A Bridge Between Modular Root And Square

In these treatments the square is determined first and the root is then determined. The square whose root is made known is not known in advance, so these algorithms are not general modular square root algorithms. However, they do establish a bridge between the square and the root. The square can be determined before the root is found.

1) Once the square root of -1 mod p*q is known any square root whose modular complex derivation is populated with Pythagorean Triples can be known: #Pythagorean_Triples_Can_Provide_The_Parameters_To_Populate_The_Complex_Square_Root_formula

2) With any sum of two squares (or two powers actually) two modular square roots can be taken: #x^2+y^2_mod_p*q_equiv_n_can_yield_the_modular_square_root_of_(x^(-2))*n-1. Some people may say that the root determined is a factor of the two squares involved, however all roots are the division of two squares. And this section, #Square_Roots_Of_Adjacent_Squares_Shown, will show a root found that is 1 off the division of two squares. See this section for taking the cube root of the sum of two cubes:#X^3+y^3_mod_p*q_equiv_n_can_derive_the_Cube_Root_Of_(x^(-3)(-n)+1)

3) With any two sums equalling 0 a modular square root can be taken: #Square_Roots_From_x(u)+y(z)_mod_p*q_equiv_0.

4) Using Gauss' method of solving the modular quadratic equation and using Pythagorean Triples a method has been derived where the real component of the modular complex square,

x^{2}{\bmod {p*q}}

, is wiped out by knowledge of the modular complex root,

x{\bmod {p*q}}

. At this point the imaginary number is set to be an actual natural square root, and the Pythagorean Triple root/square equation is changed slightly to accommodate this. As such a bridge between the square (D^2 - 4 * 1 * C* I mod p*q) and the root (-D + 2* x mod p* q ) is created. The root is a modular root of the square. See here available at the Australian IP patent search for more details on this algorithm. The public domain part of this work is available at #Pythagorean_Triples_Can_Make_A_Natural_Square_For_Gauss's_Quadratic_Equation but only part of the algorithm is shown.

The general idea of the algorithm is quoted from the Innovation Patent given above.

1. let X^2 = 2*a + (I^2 + 1)* b_1^2 +2b* I mod p * q be a modular complex number, and let x = a_1 + b_1 * I mod p * q as described in the prior work section of this patent.

2. let the imaginary root, I, have a known square, ie., 4 = 2^2 or 9 = 3^2

3. create a x^2 - D * x + C mod p * q = 0 such that the real component of the complex square number is cancelled out instead of the imaginary component as in the public domain work

A quick example where the imaginary component of the $A*x^{2}-1*x+c{\bmod {p*q}}\equiv 0$ is cancelled out and where $i=2$ and $x=3+i$ and $x^{2}\equiv 8+5+6*i$ and $A{\bmod {p*q}}\equiv 6^{-1}$ follows:

the square is 8+5+6*i, find the inverse of 6
PowerMod=2151
find the square using the pythagorean triple: 3,4,5
and the modified SQUARE equation shown above
Mod=25
find C in the quadratic equation
Mod=2150
make the quadratic equation
Mod= 0
make the square as per GAUSS equation
2151=A
-1=B
-2150=C
Mod=574
now make the root as per GAUSS equation
Mod= 861
Note the root has been found
Mod= 574

Thus, this method can be used with any Pythagorean Triple and within each use of a Pythagorean triple any I can be used, and the I can be a rational number.

After quite a bit of reduction it appears that $574{\bmod {89*29}}\equiv 4*9^{-1}$ and thus that the root is $2*3^{-1}{\bmod {89*29}}\equiv 861$

After some work on this the matter is still inconclusive as the following math shows the case where i=11

find C for quadratic equation
Mod= 2160
find the square
Mod= 1441
find the root
Mod= 863
confirm the root works
Mod= 1441
note that 11/3 is 1 off the root, unlike the example for 2
Mod, 89 29]= 864

5) Obtaining modular square roots from

x^{2}+y^{2}{\bmod {p*q}}\equiv z^{2}

at User:Endo999#Modular_Square_Roots_From_x^2+y^2_mod_p*q_equiv_z^2

6)Working Between Modula to get a root and square combination at User:Endo999#Modular_Square_Roots_From_The_Closest_Prime_To_P*Q

"A Course in Number Theory and Cryptography, Graduate Texts in Math. No. 114, Springer-Verlag, New York, 1987. Second edition, 1994. chapter 3"
Gauss, DA, art. 78
Australian Innovation Patent 2017100261
^ Australian Innovation Patent 2014100414
Australian Innovation Patent 2015100629
"Further Attacks ON Server-Aided RSA Cryptosystems", James McKee and Richard Pinch, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.33.1333
A Course in Number Theory and Cryptography, Graduate Texts in Math. No. 114, Springer-Verlag, New York, 1987. Neal KoblitZ, Second edition, 1994. p94
Rivest, R.; Shamir, A.; Adleman, L. (February 1978). "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" (PDF). Communications of the ACM. 21 (2): 120–126. doi:10.1145/359340.359342.
"common factors in (p-1) and (q-1)",Viktor Dukhovni, openssl-dev Digest, Vol 9, Issue 4, https://www.mail-archive.com/openssl-dev%40openssl.org/msg39736.html, https://www.mail-archive.com/openssl-dev%40openssl.org/msg39725.html
http://mathworld.wolfram.com/DedekindFunction.html
Jour fur Math, 83, 1877, 288. CF H Weber, Elliptische Functionen ,1901,244-5; ed 2, 1008(Algebra III), 234-5
^ Australian Innovation Patent 2018100919
Australian Innovation Patent No. 2015100715
Australian Innovation Patent 2017101121
^ Australian Innovation Patent 2017101124
Australian Innovation Patent 2018100862 "The Modular Quadratic Equation And Modular Square Roots"
Crandall & Pomerance, ex. 6.5 & 6.6, p.273
James Cockle in London-Dublin-Edinburgh Philosophical Magazine, series 3
- 1848 On Certain Functions Resembling Quaternions and on a New Imaginary in Algebra, 33:435–9.
- 1849 On a New Imaginary in Algebra 34:37–47.
- 1849 On the Symbols of Algebra and on the Theory of Tessarines 34:406–10.
- 1850 On the True Amplitude of a Tessarine 36:290-2.
- 1850 On Impossible Equations, on Impossible Quantities and on Tessarines 37:281–3.
Links from Biodiversity Heritage Library.
Lce.hut.fi
Jeroen Demeyer Diophantine Sets over Polynomial Rings and Hilbert's Tenth Problem for Function Fields, Ph.D. theses (2007), p.70.
^ Australian Innovation Patent 2014101388
Nouv Corresp Math, 6 1880 478-9
Compte Rendus, Paris, 87, 1878, 522, correction 599. Reproduced in Desboves' Questions d'algebre, ed. 4, 1892,
"History of the Theory of Numbers" Volume 1 by Leonard Eugene Dickson, p215-216 read online
"AttiR. Accad. Lincei, Rendiconti, (5), 1, 1892, 116-120."
Oded Goldreich, Computational complexity: a conceptual perspective, Cambridge University Press, 2008, p. 588.
[https://archive.org/stream/historyoftheoryo01dick#page/218/mode/2up read online
Australian Innovation Patent 2017100424
Hungerbühler, Norbert (2017). "An alternative quadratic formula". arXiv.
Australian Innovation Patent: 2018100498 "Using The Complex Square Root Formula And Pythagorean Triples To Take Square Roots Of Quaternions, Tessarines, Split Complex Numbers, and Modular Tessarines"
Daniel Shanks, "Number Theory", p 143
Quadratic Partitions, 1904, Introd., xvi-xvii. Math Quest Educ Times, 6, 1904, 84-5;7; 1905, 38-9;8;1905, 18-9
Leonard Eugene Dickson, "History Of The Theory Of Numbers", Vol 1, p219, Chelsea Publishing 1952
Youtube Mathologer Video url=https://www.youtube.com/watch?v=yk6wbvNPZW0 published=13 April 2018
Assoc Franc, av. sc, 12, 1883,98-101
^ L'intermediaire des math, 21, 1914, 190-2
^ L'intermediaire des math,23,1916,12-13,17-18
Rabin and Shallit, "Randomized Algorithms in Number Theory", 1986, Communications on Pure and Applied Mathematics, vol 39 s239-s256
Python code for sum of 2 squares for a prime number, author=Robin Chapman, url = "https://math.stackexchange.com/questions/5877/efficiently-finding-two-squares-which-sum-to-a-prime", access-date=19/10/2017
Dickson, L. E. (1920), History of the Theory of Numbers, Vol.II. Diophantine Analysis, Carnegie Institution of Washington, Publication No. 256,p 168-169 12+803pp Read online - University of Toronto
Periodico di Math, 23, 1908, 104-110
Giornelli Arcadico di Sc Let, ed Arti, Rome, 119, 1849-1850, 27. Annali di Sc. Mat. Fis.,1 ,1850, 159-166, 369, 443
"History of the Theory of Numbers" Volume 1 by Leonard Eugene Dickson, p362 read online
IBID p 11. Comm Arith,2, 220-242, for $\lambda =2$ Opera posthuma, I, 1862, 159
Australian Innovation Patent 2018100869
Australian Innovation Patent 2018100919
"Turning Euler's Factoring Method into a factoring algorithm" by James McKee. Bulletin. London Math Society 28(1996)351-355 url=https://pdfs.semanticscholar.org/6d7d/9e973cc9d228e7b62e77917dc53ec053d98a.pdf
Theorie der Congruenzen, by P. Tchebychef, german translation by H. Schapira, 1889,ch. 8, pp 281-292
"The Completion of Euler's factoring formula", Blecksmith, Brillhart, Decaro url=https://projecteuclid.org/euclid.rmjm/1375361973, Rocky Mountain J. Math. Volume 43, Number 3 (2013), 755-762.
^ "PEIZAS Sum of three Squares" url="https://sites.google.com/site/tpiezas/004"
History Of The Theory Of Numbers vol II, p 420, Chelsea Publishing 1952
Y. Mikami, Abh. Gesch. Math. Wiss., 30, 1912, 231-232.
History Of The Theory Of Numbers vol II, p 433, Chelsea Publishing 1952
Sphinx-Oedipe, 1907-8, 30, 107-9
Nouv. Ann. Math. (2), 18, 1879, 508
Mathesis, (2), 9, 1809, 241
Sphinx-Oedipe, 1906-1907, , 49-50,54,65-7,77-8,81-4;1907-8, 192(correction) Meissner, 137-8
History Of The Theory Of Numbers Vol 3, p 55 by Leonard Dickson, publisher Chelsea Publishing 1952
Jour fur Math, 2 1827, 69; Werke VI 1891, 237
Unpublished Proof by Euler at Weisstein, Eric W. "Diophantine Equation--2nd Powers." From MathWorld--A Wolfram Web Resource. http://mathworld.wolfram.com/DiophantineEquation2ndPowers.html
Engel, A. Problem-Solving Strategies. New York: Springer-Verlag, 1998.
Hickerson, D. "Re: Diophantine sequence" mailing list. 17 Oct 2002.
Engel, A. Problem-Solving Strategies. New York: Springer-Verlag, 1998.
Hickerson, D. "Re: Diophantine sequence" mailing list. 17 Oct 2002.
History Of The Theory Of Numbers by Leonard Dickson, vol 2, p370 Chelsea Publishing 1952
Monatsber. Akad. Wiss. Berlin, 1837, 127; Jour fur Math., 30, 1845, 166; Werke, VI, 263-4; Opuscula Mathematica, 1, 1846, 324-325. Proof by Genoochi
Adolf Kunerth, "Academie Der Wissenschaften" vol 78(2), 1878, p 327-338(for quadratic equation algorithm), p 338-346 (for modular quadratic algorithm), available at Ernest Mayr Library, Harvard University
Leonard Eugene Dickson, "History of Numbers", vol 2, p382-384
Paul Cheffers, "Adolf Kunerth's Modular Square Root Algorithm Explained", Kindle on the Amazon website, url="https://www.amazon.com/dp/B09K3TCQR1"
url=https://www.zobodat.at/pdf/SBAWW_78_0244-0248.pdf, p245
History Of The Theory Of Numbers Vol 2, p 569 by Leonard Dickson, publisher Chelsea Publishing 1952
History Of The Theory Of Numbers, vol 3, p50 by Leonard Dickson, Chelsea Publishing, 1952
Nouvelle correspondance mathématique,vol 3,1877,23-24
Math. Quest Educ Times, 28, 1878, 29-30
Leonard Eugene Dickson, "Theory of Numbers", vol ii, p382
Geometrie des tissus, Assoc. franc., 40, 1911,83-6 French trans of his Italian paper in I'Ingegnere Civile, 1880, Turin
Leonard Eugene Dickson, Theory of Numbers, vol i, p 213
https://gallica.bnf.fr/ark:/12148/bpt6k6569718z/f261.item>
Australian Innovation Patent 2016100469
Australian Innovation Patent 2017100424
Australian Innovation Patent 2018100862 "The Modular Quadratic Equation And Modular Square Roots"

Categories:

$1007713-1006800{\bmod {89*29}}\equiv 945\equiv {\sqrt {-1}}_{2}$	$1007144-1006233{\bmod {89*29}}\equiv 945\equiv {\sqrt {-1}}_{2}$
$1007800-1006713{\bmod {89*29}}\equiv 568\equiv {\sqrt {-1}}_{1}$	$1007233-1006144{\bmod {89*29}}\equiv -568\equiv -{\sqrt {-1}}_{1}$
$1007713+1006800{\bmod {89*29}}\equiv 1$	$1007144+1006233{\bmod {89*29}}\equiv -1$
$1007800+1006713{\bmod {89*29}}\equiv -2493\equiv -{\sqrt {1}}$	$1007233+1006144{\bmod {89*29}}\equiv -2493\equiv -{\sqrt {1}}$

$569800+567713{\bmod {89*29}}\equiv -2$	$569233+567144{\bmod {89*29}}\equiv 2$
$569800-567713{\bmod {8929}}\equiv 2945\equiv 2*{\sqrt {-1}}_{2}$	$569233-567144{\bmod {8929}}\equiv 2945\equiv 2*{\sqrt {-1}}_{2}$
$567800+569713{\bmod {8929}}\equiv 22493\equiv 2*{\sqrt {1}}$	$567233+569144{\bmod {8929}}\equiv 22493\equiv 2*{\sqrt {1}}$
$567800-569713{\bmod {8929}}\equiv -2568\equiv -2*{\sqrt {-1}}_{1}$	$567233-569144{\bmod {8929}}\equiv 2568\equiv 2*{\sqrt {-1}}_{1}$

$-567144{\bmod {8929}}\equiv 944$	$569800{\bmod {8929}}\equiv 944$
$569233{\bmod {8929}}\equiv 946$	$-567713{\bmod {8929}}\equiv 946$
$944233{\bmod {8929}}\equiv 567$	$946800{\bmod {8929}}\equiv 567$
$-946144{\bmod {8929}}\equiv 569$	$-944713{\bmod {8929}}\equiv 569$

Install

Features

Selected Text Translation

Math Blog

Fun Mathematical Observations

Redrafting Cubes

Redrafting an RSA cipher to the 23rd power

Back To Fun Facts On Math

Fun Math Observations for Modular Square Roots

Sum Of Squares

Sum of Powers and RSA

An Equation For A Modular Square Root

A Link Between The Two Equivalent Modular Square Roots

Square Root Of 1 mod P*Q Definition

Definition Of Square Root Of -1 Mod P*Q

Another Definition Of The Square Root of 1 Mod P*Q

P/(P-Q) mod P*Q Seems To Be A Special Number In the MOD P*Q Field

Constructing the Squareless Number and Algebra With The Squareless Number

Idempotent Numbers And 3/2 mod p*q

The Relationship Between The Squareless Number And The Square Root Of -1

The Relationship Between The Squareless Number And The Quad Root Of 1

The Relationship Between The Squareless Number And g^(p-1)-1 mod p*q

Implications For RSA

all powers can be redrawn as sums of powers using P and Q

The Base Can Be Changed

The Product To Sum theorum of RSA semiprimes

Even RSA can be manipulated with the Product To Sum Theorum

With A Public Key of 23

A definition of One mod p*q

All Modular Powers are the sum or subtraction of three powers (of moduli RSA Semiprimes)

With the Use of a Small Third Prime, X, you can find candidates of the equivalency of (p-1 mod (x-1)) and (q-1 mod (x-1)) when only p*q is known

A Third Modulus Transforms the Hard P*Q division problem into a B*E modular residue problem

When P And Q Are Close Enough Together

When B*E Is A Square

Combined Divisor Methods

Factors Of P*q-1 Are Candidates To Divide B*E

How To Find Common Factors Of P-Q or P+Q At Twice The Random Rate

A Factor Of (p-q) and A Factor of (p+q) combined together is the following

Equivalent Square Considerations

Example 1

Example 2: When Y Is A Factor Of P-Q

When X Is A Factor Of P-Q

When X Is A (Factor Of P-Q)^2

The Bad Stuff That Happens When There Are Common Factors Between (P-1) and (Q-1)

Example 1

The Implications For RSA

Looking At The Openssl RSA Key Generation Code For Common Factors

Splitting the message into two products of the cipher

Isolating the Message itself, with another term

The RSA cipher can now be attacked by a Discrete Logarithm Algorithm

General Equation Applied

Every Base Can Be Used In This Equation

The Dedekind Psi Function of (p-2)(q-2) is sometimes the Totient of p*q

For RSA Semiprimes, Common Factors of p+1 and q+1 can be found by factoring p*q+1

When Primes Are Twin, Common Factors of Related Primes Can Be Found

A Close Call ON RSA

Example 3: When A Multiplier Makes P Look Like Q To The Modulus X

When P Is Approximately 5 Times Q

When P Is Less Than 3 Times P-4*B

An Analysis Of X*Y-P*Q

Extending The Modulus

Generalising to g^(Z*e-Z*b)

When the Third Modulus is higher than P: ie., when x = p+b*4

A Definition of Residues 1 off each other

The Curious Case Of The Square Root of -1 mod p*q

The Complex Square Root Function Does Have An Analogue In Modular Arithmetic

Pythagorean Triples Can Provide The Parameters To Populate The Complex Square Root formula

A Generalization Of The Pythagorean Triples Method Of Finding A Square Root

An RSA Cipher Has A Polar Coordinate Root If It Is A Pythagorean Root

Not Always Necessary To Factor some P*Q to do Modular Square Roots

Another Formula For Generating Pythagorean Triples Besides The Famous Euclidean One

Modular Imaginary Numbers Are Close To Quaternions

The Modular Quaternion Worked Out And Demonstrated

The Log And The Exp Functions Of Modular Quaternions

(2)^(1/2)+3^(1/2) In Modular Arithmetic

Modular Square Root Of Two Definition

A Definition Of All Modular Square Roots Mod P*Q

Roots Of Adjacent Squares Found From Any Residue

Roots From Squares N Apart

Knowing the difference between two square roots allows the finding of both square roots

P/(P-Q) mod PQ Seems To Be A Special Number In the MOD PQ Field

A Third Modulus Transforms the Hard PQ division problem into a BE modular residue problem

Factors Of Pq-1 Are Candidates To Divide BE

An Analysis Of XY-PQ

Generalising to g^(Ze-Zb)

Root Of -3 Mod PQ Is Sum Of Two Cube Roots Of -1 Mod PQ

There is only a cube root of -1 mod pq when there is a square root of -3 mod pq

The Formula of 2^(-1)(1+(-3)^(1/2)) mod pq === (-1)^(1/3) Seems To Work For 3 Mod 4 Semiprimes As Well

13x+27x^4 obtained

A Multiplier for **g^(p-1)-1 mod p*q to make g^(4(p-1))-1**

Taking The Square Root Of (-2)^{-2} mod pq Can Factor PQ

ax^4+by^4 equals c*z^2