The generation of prime numbers underlies the use of most public-key schemes, essentially as a major primitive needed for the creation of key pairs or as a computation stage appearing during various cryptographic setups. Surprisingly, despite decades of intense mathematical studies on primality testing and an observed progressive intensification of cryptographic usages, prime number generation algorithms remain scarcely investigated and most real-life implementations are of rather poor performance. Common generators typically output a n-bit prime in heuristic average complexity O(n^4) or O(n^4/log n) and these figures, according to experience, seem impossible to improve significantly: this paper rather shows a simple way to substantially reduce the value of hidden constants to provide much more efficient prime generation algorithms. We apply our...

Abstract not found

The publication of the quadratic Frobenius primality test [6] has stimulated a lot of research, see e.g. [4, 10, 11]. In this test as well as in the Miller-Rabin test [13], a composite number may be declared as probably prime. Repeating several tests decreases that error probability. While most of the above research papers focus on minimising the error probability as a function of the number of tests (or, more generally, of the computational e ort) asymptotically, we present a simpli ed variant SQFT of the quadratic Frobenius test. This test is so simple that it can easily be implemented on a smart card. During prime number generation, a large number of composite numbers must be tested before a (probable) prime is found. Therefore we need a fast test, such as the Miller-Rabin test with a small basis, to rule out most prime candidates quickly before a promising candidate will be tested with a more sophisticated variant of the QFT. Our test SQFT makes optimum use of the information gathered by a previous Miller-Rabin test. It has run time equivalent to two Miller-Rabin tests; and it achieves a worst-case error probability of 2 −12t with t tests. Most cryptographic standards require an average-case error probability of at most 2 −80 or 2 −100, see e.g. [7], when prime numbers are generated in public key systems. Our test SQFT achieves an average-case error probability of 2 −134 with two test rounds for 500−bit primes. We also present a more sophisticated version SQFT3 of our test that has run time and worst-case error probability comparable to the test EQFTwc presented in [4] in all cases. The test SQFT3 avoids the computation of cubic residuosity symbols, as required in the test EQFTwc. Key Words: smart card, prime number generation, primality testing, quadratic Frobenius test

Abstract. In this paper we analyze a simple method for generating prime numbers with fewer random bits. Assuming the Extended Riemann Hypothesis, we can prove that our method generates primes according to a distribution that can be made arbitrarily close to uniform. This is unlike the PRIMEINC algorithm studied by Brandt and Damg˚aard and its many variants implemented in numerous software packages, which reduce the number of random bits used at the price of a distribution easily distinguished from uniform. Our new method is also no more computationally expensive than the ones in current use, and opens up interesting options for prime number generation in constrained environments. Keywords: Public-key cryptography, prime number generation, RSA, efficient implementations, random bits. 1