Results 1  10
of
12
FloatingPoint Arithmetic And Message Authentication
, 2000
"... There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed  much more quickly than previous systems at the same securi ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed  much more quickly than previous systems at the same security level  using IEEE floatingpoint arithmetic. This paper also presents a survey of the literature in a unified mathematical framework.
A Probable Prime Test With High Confidence
"... . Monier and Rabin proved that an odd composite can pass the Strong Probable Prime Test for at most 1 4 of the possible bases. In this paper, a probable prime test is developed using quadratic polynomials and the Frobenius automorphism. The test, along with a fixed number of trial divisions, ensure ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
. Monier and Rabin proved that an odd composite can pass the Strong Probable Prime Test for at most 1 4 of the possible bases. In this paper, a probable prime test is developed using quadratic polynomials and the Frobenius automorphism. The test, along with a fixed number of trial divisions, ensures that a composite n will pass for less than 1 7710 of the polynomials x 2 \Gamma bx \Gamma c with i b 2 +4c n j = \Gamma1 and \Gamma \Gammac n \Delta = 1. The running time of the test is asymptotically 3 times that of the Strong Probable Prime Test. x1 Background Perhaps the most common method for determining whether or not a number is prime is the Strong Probable Prime Test. Given an odd integer n, let n = 2 r s + 1 with s odd. Choose a random integer a with 1 a n \Gamma 1. If a s j 1 mod n or a 2 j s j \Gamma1 mod n for some 0 j r \Gamma 1, then n passes the test. An odd prime will pass the test for all a. The test is very fast; it requires no more than (1 +...
Nagaraj, Density of Carmichael numbers with three prime factors
 Math.Comp.66 (1997), 1705–1708. MR 98d:11110
"... Abstract. We get an upper bound of O(x 5/14+o(1) ) on the number of Carmichael numbers ≤ x with exactly three prime factors. 1. ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. We get an upper bound of O(x 5/14+o(1) ) on the number of Carmichael numbers ≤ x with exactly three prime factors. 1.
A Secure PublicKey Signature System With Extremely Fast Verification
, 2000
"... . This paper presents a variant of the RabinWilliams publickey signature system. The new system oers the same security and signing speed but much faster verication. Generic attacks against this system are provably as dicult as factorization. 1. ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
. This paper presents a variant of the RabinWilliams publickey signature system. The new system oers the same security and signing speed but much faster verication. Generic attacks against this system are provably as dicult as factorization. 1.
Finding Four Million Large Random Primes
 In Crypto '90, LNCS 537
"... e theory also suggests that pseudoprimes are rare. On the basis of extensive experience and analysis, Pomerance [5, 8] conjectures that the number of pseudoprimes less than n is at most n=L(n) 1+o(1) (2) where L(n) = exp log n log log log n log log n ! : Supported by NSF grant CCR8914428 ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
e theory also suggests that pseudoprimes are rare. On the basis of extensive experience and analysis, Pomerance [5, 8] conjectures that the number of pseudoprimes less than n is at most n=L(n) 1+o(1) (2) where L(n) = exp log n log log log n log log n ! : Supported by NSF grant CCR8914428, and RSA Data Security. email address: rivest@theory.lcs.mit.edu If this conjecture is correct, and we make the (unjustied) additional assumption that the o(1) in conjecture (2) can be ignored, then the number of pseudoprimes less than 2 256 is conjectured to be at most 4 10 52 whereas the number of 256bit primes is approximately 6:5 10 74 : Thus, if Pomerance's conjecture
Efficient computation of full Lucas sequences
, 1996
"... odd, then the computation of Uk does not require the computation of U l j (j 1). Proof : Since k is odd (i.e. k0 = 1), Uk(= U l 0 ) = Uh 1 V l 1 l 1 . Thus, only the value of Uh 1 is needed. We only need to show that the value of Uh j1 can be derived from Uh j . By Eq. (5) and depending on ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
odd, then the computation of Uk does not require the computation of U l j (j 1). Proof : Since k is odd (i.e. k0 = 1), Uk(= U l 0 ) = Uh 1 V l 1 l 1 . Thus, only the value of Uh 1 is needed. We only need to show that the value of Uh j1 can be derived from Uh j . By Eq. (5) and depending on the value of k j1 , we have the following cases: . if k j1 = 0, then (l j1 , h j1 ) = (2l j , l j + h j ); . if k j1 = 1, then (l j1 , h j1 ) = (l j + h j , 2h j ). Hence, if k j1 = 0, then h j1(= h j + l j = 2l j + 1) is odd and Uh j1 = Uh j V l j l j ; otherwise, h j1(= 2h j ) is even and Uh j1 = Uh j Vh j . We now are ready to give the algorithm that we shall extend to the case where k is even. Inputs: k = 2 s i=s k i 2 is , (ks = 1) P, Q Outputs: (Uk , Vk ) Uh = 1; V l = 2; Vh = P ; Q l = 1; Qh = 1; for j from n 1 to s + 1 by 1 if k[j] == 1 then Qh = Q l Vh ; Vh Qh else Qh = Q l ; Q l fi Qh ; Qh =
The pseudoprimes below 2 64
"... pseudoprime n. A backgammon prime (six consecutive occupied points) with one point missing. This term is an esoteric pun derived from number theory: a number that passes a certain kind of “primality test ” may be called a ‘pseudoprime ’ (all primes pass any such test, but so do some composite number ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
pseudoprime n. A backgammon prime (six consecutive occupied points) with one point missing. This term is an esoteric pun derived from number theory: a number that passes a certain kind of “primality test ” may be called a ‘pseudoprime ’ (all primes pass any such test, but so do some composite numbers), and any number that passes several is, in some sense, almost certainly prime. The hacker backgammon usage stems from the idea that a pseudoprime is almost as good as a prime: it will do the same job unless you are unlucky. The definition above includes primes as pseudoprimes. We do not: Definition. We write prp(n) to denote 2 n−1 ≡ 1 mod n (n is a probable prime). We write psp(n) (n is a pseudoprime) if n is also composite. � 1 A simple algorithm Algorithm 1 Enumerate all pseudoprimes below x (with repetition). 1 f o r (q ← 3; q ≤ x; q ← q + 2) { 2 f o r (q ′ ← 3; q ′ ≤ min(q, x/q) ; q ′ ← q ′ + 2) { 3 i f (2 qq ′ −1 ≡ 1 (mod qq ′)) { 4 enumerate qq ′}}} Algorithm 1 requires O(x ln 2 (x)) modular multiplications. 2 The goals • Develop better algorithms for enumerating pseudoprimes. • Extend Richard Pinch’s table: The pseudoprimes up to 10 13 [Pin00, Pin]—compiled circa 1994. • Check a conjecture on the density of pseudoprimes with two prime factors [Gal]. 3 The rank function Definition. Given odd q ∈ N, ρ(q) denotes the order of 2 in the multiplicative group modulo q. Equivalently, ρ(q) is the least r such that q  2 r − 1 (sometimes called the “rank of appearance ” of q). � Note: prp(n) ⇐ ⇒ ρ(n)  n − 1 ⇐ ⇒ n ≡ 1 mod ρ(n)
A oneparameter quadraticbase version of the Baillie–PSW probable prime test
 Math. Comp
"... Abstract. The wellknown BailliePSW probable prime test is a combination of a RabinMiller test and a “true ” (i.e., with (D/n) =−1) Lucas test. Arnault mentioned in a recent paper that no precise result is known about its probability of error. Grantham recently provided a probable prime test (RQFT ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. The wellknown BailliePSW probable prime test is a combination of a RabinMiller test and a “true ” (i.e., with (D/n) =−1) Lucas test. Arnault mentioned in a recent paper that no precise result is known about its probability of error. Grantham recently provided a probable prime test (RQFT) with probability of error less than 1/7710, and pointed out that the lack of counterexamples to the BailliePSW test indicates that the true probability of error may be much lower. In this paper we first define pseudoprimes and strong pseudoprimes to quadratic bases with one parameter: Tu = T mod (T 2 − uT + 1), and define the basecounting functions: B(n) =#{u:0 ≤ u<n, nis a psp(Tu)} and SB(n) =#{u:0 ≤ u<n, nis an spsp(Tu)}. Then we give explicit formulas to compute B(n) and SB(n), and prove that, for odd composites n, B(n) <n/2 and SB(n) <n/8, and point out that these are best possible. Finally, based on oneparameter quadraticbase pseudoprimes, we provide a probable prime test, called the OneParameter QuadraticBase Test (OPQBT), which passed by all primes ≥ 5 andpassedbyanoddcompositen = p r1 1 pr2 2 ···prs s (p1 <p2 < ·· · <ps odd primes) with probability of error τ(n). We give explicit formulas to compute τ(n), and prove that
Finding strong pseudoprimes to several bases. II,Math
 Department of Mathematics, Anhui Normal University
"... Abstract. Define ψm to be the smallest strong pseudoprime to all the first m prime bases. If we know the exact value of ψm, we will have, for integers n<ψm, a deterministic efficient primality testing algorithm which is easy to implement. Thanks to Pomerance et al. and Jaeschke, the ψm are known for ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Define ψm to be the smallest strong pseudoprime to all the first m prime bases. If we know the exact value of ψm, we will have, for integers n<ψm, a deterministic efficient primality testing algorithm which is easy to implement. Thanks to Pomerance et al. and Jaeschke, the ψm are known for 1 ≤ m ≤ 8. Upper bounds for ψ9,ψ10 and ψ11 were first given by Jaeschke, and those for ψ10 and ψ11 were then sharpened by the first author in his previous paper (Math. Comp. 70 (2001), 863–872). In this paper, we first follow the first author’s previous work to use biquadratic residue characters and cubic residue characters as main tools to tabulate all strong pseudoprimes (spsp’s) n < 1024 to the first five or six prime bases, which have the form n = pq with p, q odd primes and q − 1= k(p−1),k =4/3, 5/2, 3/2, 6; then we tabulate all Carmichael numbers < 1020, to the first six prime bases up to 13, which have the form n = q1q2q3 with each prime factor qi ≡ 3 mod 4. There are in total 36 such Carmichael numbers, 12 numbers of which are also spsp’s to base 17; 5 numbers are spsp’s to bases 17 and 19; one number is an spsp to the first 11 prime bases up to 31. As a result the upper bounds for ψ9,ψ10 and ψ11 are lowered from 20 and 22decimaldigit numbers to a 19decimaldigit number: ψ9 ≤ ψ10 ≤ ψ11 ≤ Q11 = 3825 12305 65464 13051 (19 digits) = 149491 · 747451 · 34233211. We conjecture that ψ9 = ψ10 = ψ11 = 3825 12305 65464 13051, and give reasons to support this conjecture. The main idea for finding these Carmichael numbers is that we loop on the largest prime factor q3 and propose necessary conditions on n to be a strong pseudoprime to the first 5 prime bases. Comparisons of effectiveness with Arnault’s, Bleichenbacher’s, Jaeschke’s, and Pinch’s methods for finding (Carmichael) numbers with three prime factors, which are strong pseudoprimes to the first several prime bases, are given. 1.
The Pseudosquares Prime Sieve
"... Abstract. We present the pseudosquares prime sieve, which finds all primes up to n. Define p to be the smallest prime such that the pseudosquare Lp>n/(π(p)(log n) 2); here π(x) is the prime counting function. Our algorithm requires only O(π(p)n) arithmetic operations and O(π(p)logn) space. It uses t ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We present the pseudosquares prime sieve, which finds all primes up to n. Define p to be the smallest prime such that the pseudosquare Lp>n/(π(p)(log n) 2); here π(x) is the prime counting function. Our algorithm requires only O(π(p)n) arithmetic operations and O(π(p)logn) space. It uses the pseudosquares primality test of Lukes, Patterson, and Williams. Under the assumption of the Extended Riemann Hypothesis, we have p ≤ 2(log n) 2, but it is conjectured that p ∼ 1 log nlog log n. Thus, log2 the conjectured complexity of our prime sieve is O(n log n) arithmetic operations in O((log n) 2) space. The primes generated by our algorithm are proven prime unconditionally. The best current unconditional bound known is p ≤ n 1/(4√e−ɛ) 1.132, implying a running time of roughly n using roughly n 0.132 space. Existing prime sieves are generally faster but take much more space, greatly limiting their range (O(n / log log n)operationswithn 1/3+ɛ space, or O(n) operationswithn 1/4 conjectured space). Our algorithm found all 13284 primes in the interval [10 33,10 33 +10 6] in about 4 minutes on a1.3GHzPentiumIV. We also present an algorithm to find all pseudosquares Lp up to n in sublinear time using very little space. Our innovation here is a new, spaceefficient implementation of the wheel datastructure. 1