Results 1 
3 of
3
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomia ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
Finding Four Million Large Random Primes
 In Crypto '90, LNCS 537
"... e theory also suggests that pseudoprimes are rare. On the basis of extensive experience and analysis, Pomerance [5, 8] conjectures that the number of pseudoprimes less than n is at most n=L(n) 1+o(1) (2) where L(n) = exp log n log log log n log log n ! : Supported by NSF grant CCR8914428 ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
e theory also suggests that pseudoprimes are rare. On the basis of extensive experience and analysis, Pomerance [5, 8] conjectures that the number of pseudoprimes less than n is at most n=L(n) 1+o(1) (2) where L(n) = exp log n log log log n log log n ! : Supported by NSF grant CCR8914428, and RSA Data Security. email address: rivest@theory.lcs.mit.edu If this conjecture is correct, and we make the (unjustied) additional assumption that the o(1) in conjecture (2) can be ignored, then the number of pseudoprimes less than 2 256 is conjectured to be at most 4 10 52 whereas the number of 256bit primes is approximately 6:5 10 74 : Thus, if Pomerance's conjecture
Uniform distribution of fractional parts related to pseudoprimes
, 2005
"... We estimate exponential sums with the Fermatlike quotients fg(n) = gn−1 − 1 n and hg(n) = gn−1 − 1 P(n) where g and n are positive integers, n is composite, and P(n) is the largest prime factor of n. Clearly, both fg(n) and hg(n) are integers if n is a Fermat pseudoprime to base g, and if n is a ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
We estimate exponential sums with the Fermatlike quotients fg(n) = gn−1 − 1 n and hg(n) = gn−1 − 1 P(n) where g and n are positive integers, n is composite, and P(n) is the largest prime factor of n. Clearly, both fg(n) and hg(n) are integers if n is a Fermat pseudoprime to base g, and if n is a Carmichael number this is true for all g coprime to n. Nevertheless, our bounds imply that the fractional parts {fg(n)} and {hg(n)} are uniformly distributed, on average over g for fg(n), and individually for hg(n). We also obtain similar results with the functions ˜ fg(n) = gfg(n) and ˜ hg(n) = ghg(n). AMS Subject Classification: 11L07, 11N37, 11N60 1