Let \begin{document}$ p $\end{document} be a prime such that \begin{document}$ p = 1+2^nm $\end{document}, where \begin{document}$ n\geq 1 $\end{document} and \begin{document}$ m $\end{document} is odd. Given a square \begin{document}$ u $\end{document} in \begin{document}$ \mathbb{Z}_p $\end{document} and a non-square \begin{document}$ z $\end{document} in \begin{document}$ \mathbb{Z}_p $\end{document}, we describe an algorithm to compute a square root of \begin{document}$ u $\end{document} which requires \begin{document}$ \mathfrak{T}+O(n^{3/2}) $\end{document} operations (i.e., squarings and multiplications), where \begin{document}$ \mathfrak{T} $\end{document} is the number of operations required to exponentiate an element of \begin{document}$ \mathbb{Z}_p $\end{document} to the power \begin{document}$ (m-1)/2 $\end{document}. This improves upon the Tonelli-Shanks (TS) algorithm which requires \begin{document}$ \mathfrak{T}+O(n^{2}) $\end{document} operations. Bernstein had proposed a table look-up based variant of the TS algorithm which requires \begin{document}$ \mathfrak{T}+O((n/w)^{2}) $\end{document} operations and \begin{document}$ O(2^wn/w) $\end{document} storage, where \begin{document}$ w $\end{document} is a parameter. A table look-up variant of the new algorithm requires \begin{document}$ \mathfrak{T}+O((n/w)^{3/2}) $\end{document} operations and the same storage. In concrete terms, the new algorithm is shown to require significantly fewer operations for particular values of \begin{document}$ n $\end{document}.

让\begin{文档}$ p $\end{文档}是一个素数，使得\begin{文档}$ p = 1+2^nm $\end{文档}， 在哪里\begin{文档}$ n\geq 1 $\end{文档}和\begin{文档}$ m $\end{文档}很奇怪。给定一个正方形\begin{文档}$ u $\end{文档}在\begin{document}$ \mathbb{Z}_p $\end{document}和一个非正方形\begin{文档}$ z $\end{文档}在\begin{document}$ \mathbb{Z}_p $\end{document}，我们描述了一种计算平方根的算法\begin{文档}$ u $\end{文档}这需要\begin{文档}$ \mathfrak{T}+O(n^{3/2}) $\end{文档}运算（即平方和乘法），其中\begin{文档}$ \mathfrak{T} $\end{文档}是对元素求幂所需的操作数\begin{document}$ \mathbb{Z}_p $\end{document}对权力\begin{document}$ (m-1)/2 $\end{document}. 这改进了 Tonelli-Shanks (TS) 算法，该算法需要\begin{文档}$ \mathfrak{T}+O(n^{2}) $\end{文档}操作。Bernstein 提出了一种基于表查找的 TS 算法变体，它需要\begin{文档}$ \mathfrak{T}+O((n/w)^{2}) $\end{文档}操作和\begin{document}$ O(2^wn/w) $\end{document}存储，在哪里\begin{文档}$ w $\end{文档}是一个参数。新算法的查表变体需要\begin{文档}$ \mathfrak{T}+O((n/w)^{3/2}) $\end{文档}操作和相同的存储。具体而言，新算法显示出对特定值的操作显着减少\begin{文档}$ n $\end{文档}.