Results 1 
7 of
7
Signature Schemes Based on the Strong RSA Assumption
 ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
, 1998
"... We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not require the the signer to maintain any state, and can be proven secure against adaptive chosen message attack under a reasonable intractability assumption, the socalled Strong RSA Assumption. Moreove ..."
Abstract

Cited by 150 (8 self)
 Add to MetaCart
We describe and analyze a new digital signature scheme. The new scheme is quite efficient, does not require the the signer to maintain any state, and can be proven secure against adaptive chosen message attack under a reasonable intractability assumption, the socalled Strong RSA Assumption. Moreover, a hash function can be incorporated into the scheme in such a way that it is also secure in the random oracle model under the standard RSA Assumption.
Fast Generation of Prime Numbers and Secure PublicKey Cryptographic Parameters
, 1995
"... A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. The ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
A very efficient recursive algorithm for generating nearly random provable primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudoprime of the same size that passes the MillerRabin test for only one base. Therefore our algorithm is even faster than presentlyused algorithms for generating only pseudoprimes because several MillerRabin tests with independent bases must be applied for achieving a sufficient confidence level. Heuristic arguments suggest that the generated primes are close to uniformly distributed over the set of primes in the specified interval. Security constraints on the prime parameters of certain cryptographic systems are discussed, and in particular a detailed analysis of the iterated encryption attack on the RSA publickey cryptosystem is presented. The prime generation algorithm can easily be modified to generate nearly random primes or RSAmoduli that satisfy t...
Fast Generation Of Random, Strong RSA Primes
, 1997
"... A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to generate strong primes than it takes to generate random primes.
Finding Four Million Large Random Primes
 In Crypto '90, LNCS 537
"... e theory also suggests that pseudoprimes are rare. On the basis of extensive experience and analysis, Pomerance [5, 8] conjectures that the number of pseudoprimes less than n is at most n=L(n) 1+o(1) (2) where L(n) = exp log n log log log n log log n ! : Supported by NSF grant CCR8914428 ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
e theory also suggests that pseudoprimes are rare. On the basis of extensive experience and analysis, Pomerance [5, 8] conjectures that the number of pseudoprimes less than n is at most n=L(n) 1+o(1) (2) where L(n) = exp log n log log log n log log n ! : Supported by NSF grant CCR8914428, and RSA Data Security. email address: rivest@theory.lcs.mit.edu If this conjecture is correct, and we make the (unjustied) additional assumption that the o(1) in conjecture (2) can be ignored, then the number of pseudoprimes less than 2 256 is conjectured to be at most 4 10 52 whereas the number of 256bit primes is approximately 6:5 10 74 : Thus, if Pomerance's conjecture
Some Primality Testing Algorithms
 Notices of the AMS
, 1993
"... We describe the primality testing algorithms in use in some popular computer algebra systems, and give some examples where they break down in practice. 1 Introduction In recent years, fast primality testing algorithms have been a popular subject of research and some of the modern methods are now i ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We describe the primality testing algorithms in use in some popular computer algebra systems, and give some examples where they break down in practice. 1 Introduction In recent years, fast primality testing algorithms have been a popular subject of research and some of the modern methods are now incorporated in computer algebra systems (CAS) as standard. In this review I give some details of the implementations of these algorithms and a number of examples where the algorithms prove inadequate. The algebra systems reviewed are Mathematica, Maple V, Axiom and Pari/GP. The versions we were able to use were Mathematica 2.1 for Sparc, copyright dates 19881992; Maple V Release 2, copyright dates 19811993; Axiom Release 1.2 (version of February 18, 1993); Pari/GP 1.37.3 (Sparc version, dated November 23, 1992). The tests were performed on Sparc workstations. Primality testing is a large and growing area of research. For further reading and comprehensive bibliographies, the interested re...
CryptoBytes 3 (1), 1997
, 1997
"... this article we will examine these criteria. The position of RSA Laboratories is that virtually all of these requirements are unnecessary [10,11]. In particular, we will show that the relevance of strong primes to the security of RSA is, at best, doubtful. However, given this position, we will outli ..."
Abstract
 Add to MetaCart
this article we will examine these criteria. The position of RSA Laboratories is that virtually all of these requirements are unnecessary [10,11]. In particular, we will show that the relevance of strong primes to the security of RSA is, at best, doubtful. However, given this position, we will outline in this article a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to generate strong primes than it takes to generate random primes.
ABSOLUTE QUADRATIC PSEUDOPRIMES
"... Abstract. We describe some primality tests based on quadratic rings and discuss the absolute pseudoprimes for these tests. 1. ..."
Abstract
 Add to MetaCart
Abstract. We describe some primality tests based on quadratic rings and discuss the absolute pseudoprimes for these tests. 1.