Correct the modular fourth-roots function

trailofbits / zkdocs

Interactive documentation on zero-knowledge proof systems and related primitives.

https://zkdocs.com

Creative Commons Attribution 4.0 International

142 stars 21 forks source link

Correct the modular fourth-roots function #9

Closed beaurancourt closed 1 year ago

beaurancourt commented 1 year ago

The original explanation implied that x^(1/4) mod N = x^(((p-1)*(q-1)+4)/8) mod N, but checking fact 2.160 from the Handbook of Applied Cryptography:

the text says that this is a formula for square roots not fourth roots. Thus, to get the fourth root, we apply the formula twice.

CLAassistant commented 1 year ago

All committers have signed the CLA.

mhluongo commented 1 year ago

Can confirm, this tripped us up!

fcasal commented 1 year ago

Great catch! I've added the explicit formula to your edit and mentioned that the exponent only needs to be computed once as it does not depend on the input.