For an odd prime $p$, we say $f(X) \in {\mathbb F}_p[X]$ computes square roots in $\mathbb F_p$ if, for all nonzero perfect squares $a \in \mathbb F_p$, we have $f(a)^2 = a$. When $p \equiv 3 \mod 4$, it is well known that $f(X) = X^{(p+1)/4}$ computes square roots. This degree is surprisingly low (and in fact lowest possible), since we have specified $(p-1)/2$ evaluations (up to sign) of the polynomial $f(X)$. On the other hand, for $p \equiv 1 \mod 4$ there was previously no nontrivial bound known on the lowest degree of a polynomial computing square roots in $\mathbb F_p$; it could have been anywhere between $\frac{p}{4}$ and $\frac{p}{2}$. We show that for all $p \equiv 1 \mod 4$, the degree of a polynomial computing square roots has degree at least $p/3$. Our main new ingredient is a general lemma which may be of independent interest: powers of a low degree polynomial cannot have too many consecutive zero coefficients. The proof method also yields a robust version: any polynomial that computes square roots for 99\% of the squares also has degree almost $p/3$. In the other direction, a result of Agou, Deligl\'ese, and Nicolas (Designs, Codes, and Cryptography, 2003) shows that for infinitely many $p \equiv 1 \mod 4$, the degree of a polynomial computing square roots can be as small as $3p/8$.

翻译：对于奇素数$p$，若对所有非零完全平方数$a \in \mathbb F_p$均有$f(a)^2 = a$，则称多项式$f(X) \in {\mathbb F}_p[X]$在$\mathbb F_p$中计算平方根。当$p \equiv 3 \mod 4$时，众所周知$f(X) = X^{(p+1)/4}$可计算平方根。该次数低得惊人（且事实上已达下界），因为多项式$f(X)$被指定了$(p-1)/2$个（符号意义下的）取值。另一方面，对于$p \equiv 1 \mod 4$的情形，此前并无关于计算$\mathbb F_p$中平方根的多项式最低次数的非平凡界；其可能取值范围在$\frac{p}{4}$至$\frac{p}{2}$之间。我们证明对所有$p \equiv 1 \mod 4$，计算平方根的多项式次数至少为$p/3$。主要创新点是一个可能具有独立价值的通用引理：低次多项式的幂次不能具有过多连续零系数。证明方法同时给出了一个鲁棒性版本：任何对99%的平方数计算平方根的多项式，其次数也接近$p/3$。另一方面，Agou、Deliglésé与Nicolas（《设计、编码与密码学》，2003年）的研究表明，对于无穷多个$p \equiv 1 \mod 4$的情形，计算平方根的多项式次数可降至$3p/8$。