We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not require the the signer to maintain any state, and can be proven secure against adaptive chosen message attack under a reasonable intractability assumption, the so-called Strong RSA Assumption. Moreover, a hash function can be incorporated into the scheme in such a way that it is also secure in the random oracle model under the standard RSA Assumption.

A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudo-prime of the same size that passes the Miller-Rabin test for only one base. Therefore our algorithm is even faster than presently-used algorithms for generating only pseudo-primes because several Miller-Rabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA public-key cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSA-moduli that satisfy t...

Abstract not found

Erdös [8] conjectured that there are x 1;o(1) Carmichael numbers up to x, whereas Shanks [24] was skeptical as to whether one might even nd an x up to which there are more than p x Carmichael numbers. Alford, Granville and Pomerance [2] showed that there are more than x 2=7 Carmichael numbers up to x, and gave arguments which even convinced Shanks (in person-to-person discussions) that Erdös must be correct. Nonetheless, Shanks's skepticism stemmed from an appropriate analysis of the data available to him (and his reasoning is still borne out by Pinch's extended new data [14,15]), and so we herein derive conjectures that are consistent with Shanks's observations, while tting in with the viewpoint of Erdös [8] and the results of [2,3].

Abstract. We get an upper bound of O(x 5/14+o(1) ) on the number of Carmichael numbers ≤ x with exactly three prime factors. 1.

A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to generate strong primes than it takes to generate random primes.

Abstract not found

This document describes the Advanced Cryptographic Engine (ACE). It specifies a public key encryption scheme as well as a digital signature scheme with enough detail to ensure interoperability between different implementations. These schemes are almost as efficient as commercially used schemes, yet unlike such schemes, can be proven secure under reasonable and well-defined intractability assumptions. A concrete security analysis of both schemes is presented.

We describe the primality testing algorithms in use in some popular computer algebra systems, and give some examples where they break down in practice. 1 Introduction In recent years, fast primality testing algorithms have been a popular subject of research and some of the modern methods are now incorporated in computer algebra systems (CAS) as standard. In this review I give some details of the implementations of these algorithms and a number of examples where the algorithms prove inadequate. The algebra systems reviewed are Mathematica, Maple V, Axiom and Pari/GP. The versions we were able to use were Mathematica 2.1 for Sparc, copyright dates 1988-1992; Maple V Release 2, copyright dates 1981-1993; Axiom Release 1.2 (version of February 18, 1993); Pari/GP 1.37.3 (Sparc version, dated November 23, 1992). The tests were performed on Sparc workstations. Primality testing is a large and growing area of research. For further reading and comprehensive bibliographies, the interested re...

Abstract. Recently, Damg˚ard, Landrock and Pomerance described a procedure in which a k-bit odd number is chosen at random and subjected to t random strong probable prime tests. If the chosen number passes all t tests, then the procedure will return that number; otherwise, another k-bit odd integer is selected and then tested. The procedure ends when a number that passes all t tests is found. Let pk,t denote the probability that such a number is composite. The authors above have shown that pk,t ≤ 4 −t when k ≥ 51 and t ≥ 1. In this paper we will show that this is in fact valid for all k ≥ 2 and t ≥ 1. 1.