Context
In the context of DLP-based cryptography one has to choose a group whose order behaves well with respect to the chinese remainder theorem. Ideally want wants the order to be prime. This is why for instance, one may choose for a safe prime $p$ the groups $\mathbb{Z}_p^{*}$ or $\mathbb{QR}_p$. This problem studies a different candidate for DLP-based cryptography.
Problem
We call strong prime to a prime $p$ of the form $p = kq+1$ with $q$ prime and $k \in \mathbb{N}$. Consider $\mathbb{Z}_p^{*} = \langle g \rangle$ and $\mathbb{QR}_p = \{x^2 \; mod \; p: x \in \mathbb{Z}_p^{*}\} $ is the set of quadratic residues modulo $p$.
How can I show that $\langle g^k \rangle \le \mathbb{QR}_p$?
Assume $p$ odd.
Either $q$ is odd and then $k$ is even. Hence $g^k$ is trivially a quadratic residue.
Or $q=2$ and $p=2k+1.$
But since $g^{2k}=1,$ we must have $g^k=-1,$ otherwise $g^k=1,$ contradicting the primitivity of $g.$ Now $-1$ is a quadratic residue iff $p \equiv 1 \pmod{4}.$ by Euler criterion
https://en.wikipedia.org/wiki/Euler%27s_criterion
Thus if $q=2$ the statement must assume that condition.
A counterexample is obtained for $p=7=2\times 3+1$ and $g=5.$