Integer and Rational Solutions of a Binary Quadratic Equation (2): Quadratic Residue

In this post, we’re interested in finding any or all integer solutions of a binary quadratic equation:

x2nya=0.x^2 - ny - a = 0.

We assume that the equation is non-degenerate in the sense that n0n \neq 0.

Normalization

We first normalize the problem to simplify its properties.

  • Assume n>0n > 0. Otherwise, reduce it to x2(n)(y)a=0x^2 - (-n)(-y) - a = 0.
  • Assume n=pen = p^e is a prime power. Otherwise, write n=i=1kpiein = \prod\limits_{i=1}^k p_i^{e_i} and solve x2a(modpiei)x^2 \equiv a \pmod {p_i^{e_i}} for each pieip_i^{e_i} and use CRT to combine all results.
  • Assume a0a \neq 0. If a=0a = 0, all solutions are {pimodpe:e2i2e}\{p^i \bmod p^e: e \leq 2i \leq 2 e\}.
  • Assume pp does not divide aa. Otherwise, write a=apea = a' p^{e'} where pp does not divide aa'.
    • If ee' is odd, there exists no solution.
    • If ee' is even, xx must be a multiple of pe/2p^{e'/2}, so reduce it to (x/pe/2)2a(modpee)(x/p^{e'/2})^2 \equiv a' \pmod{p^{e-e'}}.

After normalization, the problem that we’re interested in is:

Default

For a prime pp, an integer a0a \neq 0 such that pp does not divide aa, find one or all integer xx such that

x2a(modpe).\labeleq:quadresidue\begin{equation} x^2 \equiv a \pmod{p^e}. \label{eq:quad-residue} \end{equation}

We say that xx is a quadratic residue modulo nn if x2a(modn)x^2 \equiv a \pmod{n} has a solution, and a quadratic non-residue modulo nn otherwise.

The case of p=2p = 2

(Solubility) For p=2p = 2, aa is a quadratic residue modulo pep^e if and only if a1(mod8)a \equiv 1 \pmod 8.

To find one or all solutions, we first consider the two easy cases:

  • If e=1e = 1, certainly the case is a1(mod2)a \equiv 1 \pmod 2 and all solutions are x1(mod2)x \equiv 1 \pmod 2.
  • If e=2e = 2:
    • If a1(mod4)a \equiv 1 \pmod{4}, all solutions are x1(mod2)x \equiv 1 \pmod 2.
    • Otherwise, there is no solution.

Now we assume e>2e > 2.

(Any solution) Observe that:

(x+x2a2)2a=(x+1)(x2a)+(x2a2)2.\left(x + \frac{x^2 - a}{2} \right)^2 - a = (x+1)(x^2 - a) + \left( \frac{x^2 - a}{2} \right)^2.

So if xe1x_{e-1} satisfies x2a(mod2e1)x^2 \equiv a \pmod{2^{e-1}}, then xe=xe1+xe12a2x_e = x_{e-1} + \frac{x_{e-1}^2 - a}{2} satisfies x2a(mod2e)x^2 \equiv a \pmod{2^e}. Thus, we can begin with x2=1x_2 = 1.

(All solutions) Let xx^* be any solution to x2a(mod2e)x^2 \equiv a \pmod{2^e}. It is clear that xx^* must be odd. Consider xx2\frac{x^* - x}{2} and x+x2\frac{x^* + x}{2}. The sum is xx^*, so only one of them is even. The product is x2x240(mod2e2)\frac{x^{*2} - x^2}{4} \equiv 0 \pmod{2^{e-2}}, thus one of them is 0 modulo 2e22^{e-2}. Thus, the set of all solutions is:

x{±x}(mod2e1).x \in \{\pm x^*\} \pmod{2^{e-1}}.

The case of an odd prime pp

(Solubility) The solubility is often determined by the Jacobi symbol, which is the generalization of the Legendre symbol: For an odd prime pp, aa is a quadratic residue modulo pep^e if and only if

(ape)=1,(ape):=(ap)e,\left( \frac{a}{p^e} \right) = 1, \quad \left( \frac{a}{p^e} \right) := \left( \frac{a}{p} \right)^e,

where (ap)\left( \frac{a}{p} \right) is the Legendre symbol.

Note that this does not apply to p=2p = 2 (e.g., x23(mod4)x^2 \equiv 3 \pmod 4) or general composite numbers (e.g., x28(mod15)x^2 \equiv 8 \pmod {15}).

(Modulo a prime (e=1e=1)) There exist well-known algorithms for finding a solution to x2a(modp)x^2 \equiv a \pmod p, e.g., the Tonelli-Shanks algorithm and Cipolla’s algorithm.

(Modulo a prime power (e>1e > 1)) Let xx' be any solution to x2a(modp)x^2 \equiv a \pmod{p}. Tonelli shows that

xxpe1a(pe2pe1+1)/2(modpe),x^* \equiv x'^{p^{e - 1}} \cdot a^{(p^e - 2 p^{e-1} + 1) / 2} \pmod{p^e},

is a solution to Equation \eqref{eq

}.

Alternatively, Cipolla’s algorithm can be extended to find a solution to Equation \eqref{eq

} directly: Let uu be any integer such that u2au^2 - a is a quadratic non-residue modulo pp, then

x12a(pe2pe1+1)/2((u+u2a)s+(uu2a)s).(modpe)x^* \equiv \frac{1}{2} a^{(p^e - 2 p^{e-1} + 1) / 2} \left(\left(u + \sqrt{u^2 - a}\right)^s + \left(u - \sqrt{u^2 - a}\right)^s \right). \pmod{p^e}

where s:=pe1(p+1)/2s := p^{e-1} (p+1)/2.

Moreover, it’s also possible to use the identity

(x2+a2x)2a=(x2a)24x2\left( \frac{x^2 + a}{2x} \right)^2 - a = \frac{(x^2 - a)^2}{4x^2}

to generate a solution from xx' by iterating it for loge\log e times, but a division modulo pep^e takes O(logpe)O(\log p^e) time so it won’t be faster.

(All solutions) Similarly, let xx^* be any solution to x2a(modpe)x^2 \equiv a \pmod{p^e}. Since (xx)(x+x)0(modpe)(x^* - x)(x^* +x) \equiv 0 \pmod {p^e}, and at most one of xxx^* - x and x+xx^* + x is a multiple of pp, we conclude that all solutions are

x{±x}(modpe).x \in \{\pm x^*\} \pmod{p^e}.

References