Results

**21 - 28**of**28**### A Simpli ed Quadratic Frobenius Primality Test

, 2005

"... The publication of the quadratic Frobenius primality test [6] has stimulated a lot of research, see e.g. [4, 10, 11]. In this test as well as in the Miller-Rabin test [13], a composite number may be declared as probably prime. Repeating several tests decreases that error probability. While most of t ..."

Abstract
- Add to MetaCart

The publication of the quadratic Frobenius primality test [6] has stimulated a lot of research, see e.g. [4, 10, 11]. In this test as well as in the Miller-Rabin test [13], a composite number may be declared as probably prime. Repeating several tests decreases that error probability. While most of the above research papers focus on minimising the error probability as a function of the number of tests (or, more generally, of the computational e ort) asymptotically, we present a simpli ed variant SQFT of the quadratic Frobenius test. This test is so simple that it can easily be implemented on a smart card. During prime number generation, a large number of composite numbers must be tested before a (probable) prime is found. Therefore we need a fast test, such as the Miller-Rabin test with a small basis, to rule out most prime candidates quickly before a promising candidate will be tested with a more sophisticated variant of the QFT. Our test SQFT makes optimum use of the information gathered by a previous Miller-Rabin test. It has run time equivalent to two Miller-Rabin tests; and it achieves a worst-case error probability of 2 −12t with t tests. Most cryptographic standards require an average-case error probability of at most 2 −80 or 2 −100, see e.g. [7], when prime numbers are generated in public key systems. Our test SQFT achieves an average-case error probability of 2 −134 with two test rounds for 500−bit primes. We also present a more sophisticated version SQFT3 of our test that has run time and worst-case error probability comparable to the test EQFTwc presented in [4] in all cases. The test SQFT3 avoids the computation of cubic residuosity symbols, as required in the test EQFTwc. Key Words: smart card, prime number generation, primality testing, quadratic Frobenius test

### and

, 1993

"... The following two computational problems are studied: Duplicate grouping: Assume that n items are given, each of which is labeled by an integer key from the set 0,..., U � 1 4. Store the items in an array of size n such that items with the same key occupy a contiguous segment of the array. Closest p ..."

Abstract
- Add to MetaCart

The following two computational problems are studied: Duplicate grouping: Assume that n items are given, each of which is labeled by an integer key from the set 0,..., U � 1 4. Store the items in an array of size n such that items with the same key occupy a contiguous segment of the array. Closest pair: Assume that a multiset of n points in the d-dimensional Euclidean space is given, where d � 1 is a fixed integer. Each point is represented as a d-tuple of integers in the range 0,..., U � 14 Ž or of arbitrary real numbers.. Find a closest pair, i.e., a pair of points whose distance is minimal over all such pairs.

### FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS)

, 2013

"... of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002. Comments concerning FIPS publications are welcomed and should be addressed t ..."

Abstract
- Add to MetaCart

of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002. Comments concerning FIPS publications are welcomed and should be addressed to the

### unknown title

"... The literature of cryptography has a curious history. Secrecy, of course, has always played a central role, but until the First World War, important developments appeared in print in a more or less timely fashion and the field moved forward in much the same way as other specialized disciplines. As l ..."

Abstract
- Add to MetaCart

The literature of cryptography has a curious history. Secrecy, of course, has always played a central role, but until the First World War, important developments appeared in print in a more or less timely fashion and the field moved forward in much the same way as other specialized disciplines. As late as 1918, one of the most influential cryptanalytic papers of the twentieth century, William F. Friedman’s monograph The Index of Coincidence and Its Applications in Cryptography, appeared as a research report of the private Riverbank Laboratories [577]. And this, despite the fact that the work had been done as part of the war effort. In the same year Edward H. Hebern of Oakland, California filed the first patent for a rotor machine [710], the device destined to be a mainstay of military cryptography for nearly 50 years. After the First World War, however, things began to change. U.S. Army and Navy organizations, working entirely in secret, began to make fundamental advances in cryptography. During the thirties and forties a few basic papers did appear in the open literature and several treatises on the subject were published, but the latter were farther and farther behind the state of the art. By the end of the war the transition was complete. With one notable exception, the public literature had died. That exception was Claude Shannon’s paper “The Communication Theory of Secrecy Systems, ” which

### 18.783 Elliptic Curves Spring 2013 Lecture #13 03/21/2013

"... In this lecture, we consider the following problem: given a positive integer N, how can we efficiently determine whether N is prime or not? This question is intimately related to the problem of factoring N. Without a method for determining primality, we have no way of knowing when we have completely ..."

Abstract
- Add to MetaCart

In this lecture, we consider the following problem: given a positive integer N, how can we efficiently determine whether N is prime or not? This question is intimately related to the problem of factoring N. Without a method for determining primality, we have no way of knowing when we have completely factored N. This is a serious issue for probabilistic factorization algorithms such as ECM: if we attempt to factor a prime number N with the ECM algorithm, the algorithm will never terminate. This problem is in not unique to ECM; currently every known factorization algorithm that achieves a subexponential running time (even heuristically) is a randomized algorithm; in the absence of an explicit primality test most of these algorithms will simply fail to terminate on prime inputs. Even if we are able to ensure termination, there is still the issue of correctness. If a Monte Carlo algorithm outputs the factorization N = pq, it is easy to check whether the product of p and q is in fact equal to N. But how do we know that this is the complete factorization of N? We need a way to unequivocally prove that p and q are both prime. 13.1 Classical primality tests The most elementary approach to the problem is trial division: attempt to divide N by every integer p ≤ √ N. If no such p divides N, then N must be prime. This takes time O ( √ NM(log N)), which is exponential in log N. Remark 13.1. This complexity bound can be slightly improved. Using fast sieving techniques [6, Alg. 3.2.2], we can enumerate the primes p up to √ N in O ( √ N log N / log log N) time and then perform trial divisions by just the primes p ≤ √ N. Applying the prime number theorem and the Schönhage-Strassen bound, the sieving time dominates the cost of the divisions and the overall complexity of trial division becomes O ( √ N log N / log log N). Many early primality tests were based on Fermat’s little theorem. Theorem 13.2 (Fermat). If N is prime, then for all a ∈ Z/NZ: a N = a. This implies that if a N = a for some a ∈ Z/NZ, then N cannot be prime. This gives us a way to efficiently prove that certain integers are composite. For example, N = 91 is not prime, since: 2 91 ≡ 37 mod 91. But this does not always work. For example, 341 = 11 · 31 is not clearly not prime, but

### Breaking a Cryptographic Protocol with

"... Abstract. The Miller-Rabin pseudo primality test is widely used in cryptographic libraries, because of its apparent simplicity. But the test is not always correctly implemented. For example the pseudo primality test in GNU Crypto 1.1.0 uses a fixed set of bases. This paper shows how this flaw can be ..."

Abstract
- Add to MetaCart

Abstract. The Miller-Rabin pseudo primality test is widely used in cryptographic libraries, because of its apparent simplicity. But the test is not always correctly implemented. For example the pseudo primality test in GNU Crypto 1.1.0 uses a fixed set of bases. This paper shows how this flaw can be exploited to break the SRP implementation in GNU Crypto. The attack is demonstrated by explicitly constructing pseudoprimes that satisfy the parameter checks in SRP and that allow a dictionary attack. This dictionary attack would not be possible if the pseudo primality test were correctly implemented. Often important details are overlooked in implementations of cryptographic protocols until specific attacks have been demonstrated. The goal of the paper is to demonstrate the need to implement pseudo primality tests carefully. This is done by describing a concrete attack against GNU Crypto 1.1.0. The pseudo primality test of this library is incorrect. It performs a trial division and a Miller-Rabin test with a fixed set of bases. Because the bases are known in advance an