Results 1 
8 of
8
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomia ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
Implementation Of The AtkinGoldwasserKilian Primality Testing Algorithm
 Rapport de Recherche 911, INRIA, Octobre
, 1988
"... . We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual impl ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
. We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implementation of this test and its use on testing large primes, the records being two numbers of more than 550 decimal digits. Finally, we give a precise answer to the question of the reliability of our computations, providing a certificate of primality for a prime number. IMPLEMENTATION DU TEST DE PRIMALITE D' ATKIN, GOLDWASSER, ET KILIAN R'esum'e. Nous d'ecrivons un algorithme de primalit'e, principalement du `a Atkin, qui utilise les propri'et'es des courbes elliptiques sur les corps finis et la th'eorie de la multiplication complexe. En particulier, nous expliquons comment l'utilisation du corps de classe et du corps de genre permet d'acc'el'erer les calculs. Nous esquissons l'impl'ementati...
Fast Generation Of Random, Strong RSA Primes
, 1997
"... A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
A number of cryptographic standards currently under development call for the use of strong primes in the generation of an RSA key. This paper suggests a fast way of generating random strong primes that also satisfy a number of other cryptographic requirements. The method requires no more time to generate strong primes than it takes to generate random primes.
Two Observations on Probabilistic Primality Testing
, 1987
"... In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's test so good. It turns out that a single iteration fails with a nonnegligible probability on a composite number of the ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's test so good. It turns out that a single iteration fails with a nonnegligible probability on a composite number of the form 4j +3 only if this number happens to be easy to split. The second observation is much more fundamental because is it not restricted to primality testing: it has profound consequences for the entire field of probabilistic algorithms. There we ask the question: how good is Rabin's algorithm? Whenever one wishes to produce a uniformly distributed random probabilistic prime with a given bound on the error probability, it turns out that the size of the desired prime must be taken into account. 1. Introduction In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's te...
Building Pseudoprimes With A Large Number Of Prime Factors
, 1995
"... We extend the method due originally to Loh and Niebuhr for the generation of Carmichael numbers with a large number of prime factors to other classes of pseudoprimes, such as Williams's pseudoprimes and elliptic pseudoprimes. We exhibit also some new Dickson pseudoprimes as well as superstrong Dicks ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We extend the method due originally to Loh and Niebuhr for the generation of Carmichael numbers with a large number of prime factors to other classes of pseudoprimes, such as Williams's pseudoprimes and elliptic pseudoprimes. We exhibit also some new Dickson pseudoprimes as well as superstrong Dickson pseudoprimes.
Pseudoprimes: A Survey Of Recent Results
, 1992
"... this paper, we aim at presenting the most recent results achieved in the theory of pseudoprime numbers. First of all, we make a list of all pseudoprime varieties existing so far. This includes Lucaspseudoprimes and the generalization to sequences generated by integer polynomials modulo N , elliptic ..."
Abstract
 Add to MetaCart
this paper, we aim at presenting the most recent results achieved in the theory of pseudoprime numbers. First of all, we make a list of all pseudoprime varieties existing so far. This includes Lucaspseudoprimes and the generalization to sequences generated by integer polynomials modulo N , elliptic pseudoprimes. We discuss the making of tables and the consequences on the design of very fast primality algorithms for small numbers. Then, we describe the recent work of Alford, Granville and Pomerance, in which they prove that there
Notes by G.J.O. Jameson
"... Recall that Fermat’s “little theorem ” says that if p is prime and a is not a multiple of p, then ap−1 ≡ 1 mod p. This theorem gives a possible way to detect primes, or more exactly, nonprimes: if for some positive a ≤ n − 1, an−1 is not congruent to 1 mod n, then, by the theorem, n is ..."
Abstract
 Add to MetaCart
Recall that Fermat’s “little theorem ” says that if p is prime and a is not a multiple of p, then ap−1 ≡ 1 mod p. This theorem gives a possible way to detect primes, or more exactly, nonprimes: if for some positive a ≤ n − 1, an−1 is not congruent to 1 mod n, then, by the theorem, n is
Notes by G.J.O. Jameson
"... Recall that Fermat’s “little theorem ” says that if p is prime and a is not a multiple of p, then ap−1 ≡ 1 mod p. This theorem gives a possible way to detect primes, or more exactly, nonprimes: if for a certain a coprime to n, an−1 is not congruent to 1 mod n, then, by the theorem, n is not ..."
Abstract
 Add to MetaCart
Recall that Fermat’s “little theorem ” says that if p is prime and a is not a multiple of p, then ap−1 ≡ 1 mod p. This theorem gives a possible way to detect primes, or more exactly, nonprimes: if for a certain a coprime to n, an−1 is not congruent to 1 mod n, then, by the theorem, n is not