Tutorial for problem Quadratic Equations

This tutorial discusses one of the “hard problems” of the July Contest – Quadratic Equations. I called this problem “hard” because it is placed in the “hard problems” category and there were only 5.25% successful submissions for this problem. However, I believe this was actually one of the easy problems in this competition – provided you knew a little bit of number theory. Let’s see how.

To begin with, let’s get rid of all the verbosity from the problem statement and understand what the problem actually asks. In simplest terms, the problem asks us to find all possible values of w such that (Aw ² +Bw+C) is divisible by prime P. In mathematical terms, the task is to find all possible solutions for the congruence:

With Constraints:   0 < A < P,  0 ≤ w, B, C < P < 10⁶.

Incidentally, if you are a number theory fan, chances are that you already know the answer to this problem. Typically this scenario would be discussed in almost every number theory book, and is usually covered under the heading quadratic residues

Before we go into the detailed solution, let’s jot down few basic points first –

• Can a brute-force solution work? (In almost all programming problems, it becomes very important to understand whether or not the brute-force solution would work without actually writing the code and testing it out. Of course in most of the problems it wouldn’t work.). In the current case, since there are about 10000 test cases and each test case would need 10⁶ iterations in the worst case, the total number of iterations would be 10¹⁰. Convince yourself that an empty loop that runs 10¹⁰ times needs much more time than 3 seconds. The brute-force approach thus gets ruled out.
• Observe that since w < P, smaller cases with lower values of P are very easy to handle. For example, when P=2, the only values that w may take are 0 and 1. Similarly when P=3, the only allowed values for w are 0,1 and 2. Thus we can use the brute-force approach for smaller values of P, like 2, 3,5 etc.
• Since B and C can be zero, it makes sense to deal with these cases separately, as the problem could reduce to a less-complicated version in these cases. Observe that:
  • If B=C=0, then the problem reduces to finding all w such that P | (Aw²).Since 0 < A < P and 0 ≤ w < P, the only solution is w = 0.
  • If C=0 but B≠0, then the problem reduces to finding all w such that w*(Aw+B) ≡ 0 (mod P). Since P is prime, this implies that P|w or P|(Aw+B). Clearly, w = 0 is one solution, and other solutions would be obtained by solving the linear congruence
    Aw+B ≡ 0 (mod P)
    ———–   [B]

    Thus observe that in this case we have reduced the problem of solving a quadratic congruence to solving a linear congruence.

  • If B=0 but C≠0 then the problem reduces to finding all w such that
    Aw²+C ≡ 0 (mod P)
    ———–   [C]

    Again observe that we have a special case of quadratic congruence here, which doesn’t have any linear term.

• In fact, the original congruence in [A] can always be reduced to a form similar to [C] even in the most general case, when 0 < A,B,C < P. The trick is to do the “square completion”. Observe that we can rewrite [A] as:
  A²w²+4ABw+4AC+B²-B² ≡   0   (mod P)

  ⇔  (2Aw+B)²+(4AC-B²)   ≡   0   (mod P)

  Let u=2Aw+B and D=(4AC-B²). Then the congruence can be rewritten as:

  u² + D   ≡   0   (mod P)

  Of course, if u or D are not between 0 to P-1, then can be changed modulo P to bring them in the required range.

  Thus, the most general case of [A] needs a two-step solution:

  1. Solve the following quadratic congruence for u:
     u²+(4AC-B²)   ≡   0   (mod P)

     ———–   [D]
  2. Solve the following linear congruence for w:
     (2Aw+B)   ≡   u   (mod P)
     i.e.   2Aw   ≡   (u-B)   (mod P)
     ———–   [E]

     where u is the solution obtained in step (1).

Thus it should be clear by now that this entire problem is all about dealing with linear and quadratic congruences. Incidentally, a quick google search provides us with all references that are necessary (and sufficient) to solve this problem. That’s why I referred this problem as an “easy problem” in the beginning.

In the remainder of this tutorial we shall see how to solve linear and quadratic congruences. The task of putting these two concepts together and solving the actual problem is (purposely) left as an exercise to the reader.

Task:  Find all possible solutions to the congruence

Mw   ≡   N   (mod P)

Constraints:  P is prime, 0 <   M,N,w   <   P

Let’s take a simple example to understand this case. Let M = 4, N = 3 and P = 11. The following table lists the required values-

w mod P	(Mw) mod P	(Mw – N) mod P
0	0	8
1	4	1
2	8	5
3	1	9
4	5	2
5	9	6
6	2	10
7	6	3
8	10	7
9	3	0
10	7	4

The first column lists all possible values of “w mod P” and the other two columns represent the corresponding values for “(Mw) mod P” and “(Mw-N) mod P” respectively. Observe that no values seem to be repeated in second or third column.  In other words, it looks like all values of   “(Mw) mod P”  are different when w belongs to the set   {0,1,…,P-1}.

It is easy to see that this observation will always hold. To see why, suppose there are two distinct values of w, say w1 and w2, with 0 ≤ w2 < w1 < P, such that

Mw1 ≡ k (mod P)     and

Mw2 ≡ k (mod P)

for some k. This would imply that Mw1 ≡ Mw2(mod P), which means P | M(w1-w2), which in turn means P | (w1-w2) : a contradiction since P > w1 > w2 ≥ 0.

Thus we see that every entry in column-2 will be different (and each entry will be between 0 to P-1 inclusive). As there are exactly P entries in column 2, this means that every entry in the set {0,1,…,(p-1)} will occur exactly once in column-2. Consequently, there would be exactly one value of w which would evaluate to N in column-2. In fact, this is the value of w that we are looking for, since this is the only value that satisfies Mw  ≡  N  (mod P). (Applying this argument to the example above, we would return w = 9 as our answer to the congruence Mw ≡ N (mod P)).

Moral of the story – The linear congruence Mw ≡ (mod P) with 0<M,N<P has exactly one solution. And the good news is that it is not at all difficult to find what this solution would be.

Let w = k represent this solution. Then we have:

Mk ≡ N (mod P)

i.e. (Mk – N = Pu) for some integer u.

Rearranging the terms, we get Mk + P(-u) = N.

Observe that since GCD of M and P is 1,  

Bézout’s identity guarantees existence of integers x and y such that Mx+Py=1. A quick google search would reveal that the Extended Euclid’s Algorithm can be used to get values of x and y. Detailed implementation of Extended Euclid’s algorithm is easily available on the web and hence left as a (trivial) exercise to the reader. Once we get x, observe that k = xN. Of course, make sure to adjust the value of xN (if needed) to bring it in the set {0,1,…,P-1}. The solution to the equation (B) can then be obtained by plugging values M = A and N = -B in the above discussion. Similarly solution of (E) can be obtained by plugging M = 2A and N = u-B in the above discussion.

Task:  Find all possible solutions to the congruence Mw² ≡ N (mod P)

Constraints:  P is prime, 0 <   M,N,w   <   P

Since the table-approach worked in the previous case, let’s use the same again.With M = 4, N = 3 and P = 11, we get following results:

w mod P	w2mod P	(Mw2)mod P	(Mw2-N)mod P
0	0	0	8
1	1	4	1
2	4	5	2
3	9	3	0
4	5	9	6
5	3	1	9
6	3	1	9
7	5	9	6
8	9	3	0
9	4	5	2
10	1	4	1

Observe that unlike the previous table, the columns in this table don’t have all the values. Taking an example of second column (w²mod P ), we see that some values (like 2) are not present, whereas some other values (like 4) are repeated. More specifically –

• if we ignore the starting 0 in this column, then the column looks symmetric – The values 1,4,9,5,3 repeat in the reverse order.
• All values in the first half of this column are distinct.

It is easy to see that these two observations will always hold. And the proofs are very trivial:

• Observe that (P-w)² ≡ w² (mod P). Thus, for any w, numbers w² and (P-w)² would evaluate to the same result mod P. This means that the column (Mw² mod P) would always be symmetric around the center.
• To see why all the values in the first half of the column would be distinct, let us assume that two values of w, say w1 and w2, (WLG let w1 > w2) both occurring in the set {0,1,…,(P-1)/2} evaluate to the same result in column-2, i.e., let Mw1² ≡ Mw2² (mod P). This would mean that P|(w1²-w2²), which would in turn mean P|(w1+w2) or P|(w1-w2). But this is clearly a contradiction, as both (w1+w2) and (w1-w2) are less than P but greater than zero.

Moral of the story – There are exactly (P-1)/2 distinct values for (w²mod P) with 0 < w < P, and each of these values occurs twice. (Notice the strict inequality “0 w”. This is because when w=0, the value in column-2 is 0 which is the only value that doesn’t repeat).

It is not hard to prove exactly the same results for columns-3 and 4 also. The proofs are very trivial, and are left as an exercise to the reader.

What all this means is that the congruence Mw² ≡ N(mod P) may or may not have a solution. Further, if it has a solution, say w = k , then there will be exactly one more solution, given by w = (P-k). In other words, the congruence Mw²≡ N (mod P) has either 0 or 2 solutions.

So the entire discussion for the “quadratic congruence case” boils down to two fundamental questions:

• How do we know whether Mw² ≡ N (mod P) has a solution or not?
• If there is a solution, how do we find it?

Interestingly, any web search with this or related questions will certainly end up in references on quadratic residues. Looks like good time to throw-in some theory.

Consider a quadratic congruence x²≡ m(mod n) with 0≤m<n. In mathematical jargon, the number m is called quadratic residue modulo n, if there exists some x that satisfies this congruence. If there is no x that can satisfy this congruence, then m is called quadratic non-residue modulo n.
For example, with m = 9 and n = 15, observe that x = 12 satisfies this congruence, and hence we say that 9 is a quadratic reside modulo 15. Similarly, 4 is also a quadratic residue modulo 15, since x = 2 satisfies the congruence x²≡4(mod 15). On the other hand, there is no x for which x²≡11(mod 15), and hence 11 is a “quadratic non-residue” modulo 15. As another example, observe that 0,1 and 4 are the only quadratic residues modulo 8.

Interestingly, note that it is only the terminology that is new here – the underlying concept is very much close to what most of us would have already studied (hopefully!). For example, we all know that every square is of the form 4k or 4k+1. (Proof is trivial, left as an exercise to the reader). This means that x²≡v(mod 4) has a solution only when v = 0 or 1. In other words, the only quadratic residues modulo 4 are 0 and 1. Taking another example, we (definitely) know that a square always end in 0,1,4,5,6 or 9. That is to say, the congruence x²≡v(mod 10) has a solution only when v belongs to the set {0,1,4,5,6,9}. Stated differently, the set of quadratic non-residues modulo 10 is {2,3,7,8}.

Thus, in the simplest terms – A number m is a called as quadratic residue mod n if a square can take the form (nk+m) for some integer k.

Finally observe that in the current case, we are only interested in finding quadratic residues modulo a prime number. More specifically, we want to find –

• if x²≡a  (mod p) has a solution for a given a
• Find the value of x if this equation has a solution.

The first part is somewhat easy. Recollecting

Fermat’s little theorem, we know that x^p-1≡1 (mod p) when x < p. Thus, (x²)^(p-1)/2≡1 (mod p). In other words, x²≡a(mod p) would have a solution iff a^(p-1)/2≡1 (mod p).

Thus, in the current context, to check whether Mw² ≡ N(mod P) has a solution, we multiply throughout by M to get the congruence (Mw)² ≡ MN(mod P), and then use the above test with a=MN (and x = Mw)

(An exercise for the reader- Prove xor disprove : a^(p-1)/2 will either be congruent to 1 or -1 (mod P) where P is an odd prime and 0 < a < P).

This brings us to the last part of the discussion – The procedure for actually finding the value of a quadratic residue (provided it exists). This is the place where most of us would again do a web search, and would certainly come up with Shank-Tonelli algorithm. This algorithm is actually a procedure for solving quadratic congruences of the form x²≡n (mod P) where P is an odd prime and n is a quadratic residue modulo P. (Proving the correctness of this algorithm is quite complicated and beyond the scope of this tutorial.) We just re-state this algorithm at the end of this tutorial for the sake of completeness.

Thus we have now answered both the questions, and effectively learnt how to tackle quadratic congruences. This completes the discussion of the problem of quadratic equation.

• The basic reason why I stated this problem as an “easy” problem in the beginning is that it doesn’t require a person to “think a lot”, or think “out of the box” or “discover” some complex logic. All that is needed is a little bit of playing around, some familiarity with Number Theory, and well-developed Google-search skills. That in fact explains why such problems are actually a feast in programming competitions.
• The Shank-Tonelli algorithm to solve x² ≡ a (mod P) where P is an odd prime is as follows:
  1. Express (p-1) as a product of an odd number and a power of 2 – Let p-1 = 2ⁿk
  2. Let q be a quadratic non-residue modulo P. (To find q, set initial value of q to 2 and keep on incrementing till you don’t get q satisfying q^(p-1)/2≡ -1 (mod p)
  3. Let t = a^(k+1)/2 % p and let r = a^k%p
  4. If r≡1 (mod p) then return t as answer (i.e. algorithm ends).
  5. Else find v = smallest power of 2 such that r^v≡1(mod p). (Let v = 2ⁱ)
  6. Let e = 2^(n-i-1)
  7. Let u = q^(ke)%P.
  8. Set t = (t*u)%P
  9. Set r = (r*u*u)%P and goto step (4)

This completes the discussion on the problem “Quadratic Equations”. To see actual solutions based on this idea, refer Ashutosh’s Solution, or Josh Metzler’s solution or my solution.