I tried to prove that $\text{FACTORING} \le_P \text{SQROOT}$ in a general setting, so $n = p_1^{\alpha_1} \cdot p_2^{\alpha_2} \cdot \ldots \cdot p_k^{\alpha_k}$.
THEOREM:Let $n$ be a composite number and let $x$ and $y$ be integers such that $x^2 \equiv y^2 \pmod n$ and $x \not \equiv \pm y \pmod n$ holds. Then $\gcd(x+y, n)$ and $\gcd(x-y, n)$ are non-trivial divisors of $n$.
My attempt:
$\text{FACTORING} \le_P \text{SQROOT}$: Suppose we have an algorithm $\mathcal{A}$ that solves $\text{SQROOT}$. We show that we can then factor $n$ with prime factorisation $n = p_1^{\alpha_1} \cdot p_2^{\alpha_2} \cdot \ldots \cdot p_k^{\alpha_k}$. Select a random $x \in Z/nZ$ with $\gcd(x,n) = 1$. Compute $a = x^2 \pmod n$ and use $\mathcal{A}$ to find a square root $y$ of $a$ modulo $n$. If $y \equiv \pm x \pmod n$ choose another $x$ and repeat this process until a $y$ with $y \not \equiv \pm x \pmod n$ is found. Since there are $2^k$ distinct square roots of $a$ modulo $n$ the chance that said procedure needs to be repeated is $\frac{1}{2^{k-1}}$. So by the theorem above we can find two non-trivial divisors of $n$ in expected polynomial time. Repeating this procedure for the thus found factors of $n$ we can find the prime factorisation of $n$ in expected polynomial time.
I am a bit unsure about the whole "expected polynomial time" thing. I have only heard informal definitions of it until now. Could you please have a look at my proof?
EDIT: I initially accepted the answer of Meir Maor below, but there was a gap in it as I just realised:
$k=2$ is the worst case. But this implies only that $n=p_1^{\alpha_1}p_2^{\alpha_2}$, not $n=p_1 p_2$. So we still have to find some non-trivial divisors of the thus found factors of $n$ to get $p_1$ and $p_2$. I would like to keep the rigour of Meir Maor's answer, but I do not know how to determine the runtime of this procedure. Could you help me?
