Results 1  10
of
11
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomia ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
Efficient Generation of Prime Numbers
, 2000
"... The generation of prime numbers underlies the use of most publickey schemes, essentially as a major primitive needed for the creation of key pairs or as a computation stage appearing during various cryptographic setups. Surprisingly, despite decades of intense mathematical studies on primality test ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
The generation of prime numbers underlies the use of most publickey schemes, essentially as a major primitive needed for the creation of key pairs or as a computation stage appearing during various cryptographic setups. Surprisingly, despite decades of intense mathematical studies on primality testing and an observed progressive intensification of cryptographic usages, prime number generation algorithms remain scarcely investigated and most reallife implementations are of rather poor performance. Common generators typically output a nbit prime in heuristic average complexity O(n^4) or O(n^4/log n) and these figures, according to experience, seem impossible to improve significantly: this paper rather shows a simple way to substantially reduce the value of hidden constants to provide much more efficient prime generation algorithms. We apply our...
Implementation Of The AtkinGoldwasserKilian Primality Testing Algorithm
 Rapport de Recherche 911, INRIA, Octobre
, 1988
"... . We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual impl ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
. We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implementation of this test and its use on testing large primes, the records being two numbers of more than 550 decimal digits. Finally, we give a precise answer to the question of the reliability of our computations, providing a certificate of primality for a prime number. IMPLEMENTATION DU TEST DE PRIMALITE D' ATKIN, GOLDWASSER, ET KILIAN R'esum'e. Nous d'ecrivons un algorithme de primalit'e, principalement du `a Atkin, qui utilise les propri'et'es des courbes elliptiques sur les corps finis et la th'eorie de la multiplication complexe. En particulier, nous expliquons comment l'utilisation du corps de classe et du corps de genre permet d'acc'el'erer les calculs. Nous esquissons l'impl'ementati...
Secure acceleration of DSS signatures using insecure server
 in Asiacrypt'94
"... . Small units like chip cards (smart card) have the possibility of computing, storing and protecting data. Today such chip cards have limited computing power and some cryptoprotocols are too slow. Some new chip cards with secure coprocessors are coming but are not very reliable at the moment and a l ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
. Small units like chip cards (smart card) have the possibility of computing, storing and protecting data. Today such chip cards have limited computing power and some cryptoprotocols are too slow. Some new chip cards with secure coprocessors are coming but are not very reliable at the moment and a little bit expensive. A possible alternative solution is to use an auxiliary unit in order to help the chip card. The known protocols are not very secure or are not efficient. We show how to accelerate the computation of a \Theta b mod c and of a t mod c where a; b; c; t are public. Next we show how to accelerate the discrete exponential modulo a prime number: this protocol is useful to accelerate DSS signatures and other schemes. This protocol is also the first one accelerating DSS signatures with the help of an insecure server: it is secure against both passive and active attacks (that is, when the server sends false values to get some information from the card). Moreover, this protocol ...
Two Observations on Probabilistic Primality Testing
, 1987
"... In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's test so good. It turns out that a single iteration fails with a nonnegligible probability on a composite number of the ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's test so good. It turns out that a single iteration fails with a nonnegligible probability on a composite number of the form 4j +3 only if this number happens to be easy to split. The second observation is much more fundamental because is it not restricted to primality testing: it has profound consequences for the entire field of probabilistic algorithms. There we ask the question: how good is Rabin's algorithm? Whenever one wishes to produce a uniformly distributed random probabilistic prime with a given bound on the error probability, it turns out that the size of the desired prime must be taken into account. 1. Introduction In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's te...
Fast Generation of Prime Numbers of Portable Devices: An Update
 Proceedings of CHES 2006, LNCS 4249
, 2006
"... Abstract. The generation of prime numbers underlies the use of most publickey cryptosystems, essentially as a primitive needed for the creation of RSA key pairs. Surprisingly enough, despite decades of intense mathematical studies on primality testing and an observed progressive intensification of ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. The generation of prime numbers underlies the use of most publickey cryptosystems, essentially as a primitive needed for the creation of RSA key pairs. Surprisingly enough, despite decades of intense mathematical studies on primality testing and an observed progressive intensification of cryptography, prime number generation algorithms remain scarcely investigated and most reallife implementations are of dramatically poor performance. We show simple techniques that substantially improve all algorithms previously suggested or extend their capabilities. We derive fast implementations on appropriately equipped portable devices like smartcards embedding a cryptographic coprocessor. This allows onboard generation of RSA keys featuring a very attractive (average) processing time. Our motivation here is to help transferring this task from terminals where this operation usually took place so far, to portable devices themselves in near future for more confidence, security, and compliance with networkscaled distributed protocols such as electronic cash or mobile commerce.
Atkin's test: news from the front
 In Advances in Cryptology
, 1990
"... We make an attempt to compare the speed of eeme primality testing algorithms for certifying loodigit prime numbers. 1. Introduction. The ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
We make an attempt to compare the speed of eeme primality testing algorithms for certifying loodigit prime numbers. 1. Introduction. The
DISTRIBUTED PRIMALITY PROVING AND THE PRIMALITY OF (2^3539+ 1)/3
, 1991
"... We explain how the Elliptic Curve Primality Proving algorithm can be implemented in a distributed way. Applications are given to the certification of large primes (more than 500 digits). As a result, we describe the successful attempt at proving the primality of the lO65digit (2^3539+ l)/3, the fir ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We explain how the Elliptic Curve Primality Proving algorithm can be implemented in a distributed way. Applications are given to the certification of large primes (more than 500 digits). As a result, we describe the successful attempt at proving the primality of the lO65digit (2^3539+ l)/3, the first ordinary Titanic prime.
Pseudoprimes: A Survey Of Recent Results
, 1992
"... this paper, we aim at presenting the most recent results achieved in the theory of pseudoprime numbers. First of all, we make a list of all pseudoprime varieties existing so far. This includes Lucaspseudoprimes and the generalization to sequences generated by integer polynomials modulo N , elliptic ..."
Abstract
 Add to MetaCart
this paper, we aim at presenting the most recent results achieved in the theory of pseudoprime numbers. First of all, we make a list of all pseudoprime varieties existing so far. This includes Lucaspseudoprimes and the generalization to sequences generated by integer polynomials modulo N , elliptic pseudoprimes. We discuss the making of tables and the consequences on the design of very fast primality algorithms for small numbers. Then, we describe the recent work of Alford, Granville and Pomerance, in which they prove that there