An Indexing for Quadratic Residues Modulo $N$ and a Non-uniform Efficient Decoding Algorithm

TL;DR

This paper introduces a polynomial-time decodable indexing for quadratic residues modulo N, enabling efficient sampling with minimal randomness when N's factorization is known, improving upon previous methods.

Contribution

It provides the first polynomial-time decodable indexing for quadratic residues modulo N, optimizing sampling efficiency with minimal randomness.

Findings

Decodable indexing for quadratic residues in polynomial time

Efficient sampling of quadratic residues with minimal random bits

Improvement over previous expected polynomial-time methods

Abstract

An \emph{indexing} of a finite set $S$ is a bijection $D : \{1,...,|S|\} \rightarrow S$. We present an indexing for the set of quadratic residues modulo $N$ that is decodable in polynomial time on the size of $N$, given the factorization of $N$. One consequence of this result is a procedure for sampling quadratic residues modulo $N$, when the factorization of $N$ is known, that runs in strict polynomial time and requires the theoretical minimum amount of random bits (i.e., $\log{(\phi(N)/2^r)}$ bits, where $\phi(N)$ is Euler's totient function and $r$ is the number of distinct prime factors of $N$). A previously known procedure for this same problem runs in expected (not strict) polynomial time and requires more random bits.