We describe how to generate large primes using the primality proving algorithm of Atkin. Figure 1: The Titanic . 1. Introduction. During the last ten years, primality testing evolved at great speed. Motivated by the RSA cryptosystem [3], the first deterministic primality proving algorithm was designed by Adleman, Pomerance and Rumely [2] and made practical by Cohen, H. W. Lenstra and A. K. Lenstra (see [9, 10] and more recently [5]). It was then proved that the time needed to test an arbitrary integer N for primality is O((log N) c log log log N ) for some positive constant c ? 0. When implemented on a huge computer, the algorithm was able to test 200 digit numbers in about 10 minutes of CPU time. A few years ago, Goldwasser and Kilian [11], used the theory of elliptic curves over finite fields to give the first primality proving algorithm whose running time is polynomial in log N (assuming a plausible conjecture in number theory). Atkin [4] used the theory of complex multiplicat...

One of the major threats to the security of cryptosystems nowadays is the information leaked through side channels. For instance, power analysis attacks have been successfully mounted on cryptosystems embedded into small devices such as smart cards.

and their applications. SMC is sponsored by the Netherlands Organization for Scientific Research (NWO). CWI is a member of

We make an attempt to compare the speed of eeme primality testing algorithms for certifying loo-digit prime numbers. 1. Introduction. The

We explain how the Elliptic Curve Primality Proving algorithm can be implemented in a distributed way. Applications are given to the certification of large primes (more than 500 digits). As a result, we describe the successful attempt at proving the primality of the lO65-digit (2^3539+ l)/3, the first ordinary Titanic prime.

The purpose of this paper is to examine the two domains of the integers and the polynomials, in an attempt to understand the nature of complexity in these very basic situations. Can we formalize the integer algorithms which shed light on the polynomial domain, and vice versa? When will the casting of one in the other speed up an existing algorithm? Why do some problems not lend themselves to this kind of speed-up? We give several simple and natural theorems that show how problems in one domain can be embedded in the other, and we examine the complexity-theoretic consequences of these embeddings. We also prove several results on the impossibility of solving integer problems by mimicking their polynomial counterparts. 1 Introduction It is a fact frequently remarked upon that polynomials and integers share a number of characteristics. Usually the Fast Fourier Transform is then Supported by NSF grants DMS-8807202 and CCR-9204630. y Supported by NSF grant CCR-9207797. 1 giv...

These notes informally review the most common methods from computational number theory that have applications in public key cryptology.

Introduction The prototype of pseudoprime tests is Fermat's theorem: If p is a prime and a an integer prime to p, then a p\Gamma1 j 1 mod p: A pseudoprime to base a (psp-a) is a composite number N such that a N \Gamma1 j 1 mod N: For all a, there exists an infinite number of psp-a. Moreover, there are numbers N such that N is a psp-a for all a. (These numbers are called Carmichael numbers.) A refinement of this test consists in writing N = 1 +N 0 2 t with N 0 odd and a N \Gamma1 \Gamma 1 = (a N 0<F12.96

25> f(a=b) and of a=b\Gammam are both smooth, meaning that only small prime factors divide these numerators. These are more likely to be smooth when 1 We assume the reader to be familiar with this factoring method, although no expert knowledge is required to understand the spirit of this announcement. 2 NFSNET is a collaborative effort to factor numbers by the Number Field Sieve. It relies on volunteers from around the world who contribute the "spare time" of a large number of workstations to perform the sieving. In addition to completing work on other numbers, their 75 workstations sieved (3 349 \Gamma 1)=2 during the months of December 1996 and January 1997. The organizers and principal researchers of NFSNET are: Marije ElkenbrachtHuizing, Peter Montgomery, Bob Silverman, Richard Wackerbarth, and Sam Wagstaff, Jr. 1. the polynomial values themselves are

this paper, we aim at presenting the most recent results achieved in the theory of pseudoprime numbers. First of all, we make a list of all pseudoprime varieties existing so far. This includes Lucas-pseudoprimes and the generalization to sequences generated by integer polynomials modulo N , elliptic pseudoprimes. We discuss the making of tables and the consequences on the design of very fast primality algorithms for small numbers. Then, we describe the recent work of Alford, Granville and Pomerance, in which they prove that there