Results 1  10
of
15
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomia ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
A Probable Prime Test With High Confidence
"... . Monier and Rabin proved that an odd composite can pass the Strong Probable Prime Test for at most 1 4 of the possible bases. In this paper, a probable prime test is developed using quadratic polynomials and the Frobenius automorphism. The test, along with a fixed number of trial divisions, ensure ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
. Monier and Rabin proved that an odd composite can pass the Strong Probable Prime Test for at most 1 4 of the possible bases. In this paper, a probable prime test is developed using quadratic polynomials and the Frobenius automorphism. The test, along with a fixed number of trial divisions, ensures that a composite n will pass for less than 1 7710 of the polynomials x 2 \Gamma bx \Gamma c with i b 2 +4c n j = \Gamma1 and \Gamma \Gammac n \Delta = 1. The running time of the test is asymptotically 3 times that of the Strong Probable Prime Test. x1 Background Perhaps the most common method for determining whether or not a number is prime is the Strong Probable Prime Test. Given an odd integer n, let n = 2 r s + 1 with s odd. Choose a random integer a with 1 a n \Gamma 1. If a s j 1 mod n or a 2 j s j \Gamma1 mod n for some 0 j r \Gamma 1, then n passes the test. An odd prime will pass the test for all a. The test is very fast; it requires no more than (1 +...
Implementation Of The AtkinGoldwasserKilian Primality Testing Algorithm
 Rapport de Recherche 911, INRIA, Octobre
, 1988
"... . We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual impl ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
. We describe a primality testing algorithm, due essentially to Atkin, that uses elliptic curves over finite fields and the theory of complex multiplication. In particular, we explain how the use of class fields and genus fields can speed up certain phases of the algorithm. We sketch the actual implementation of this test and its use on testing large primes, the records being two numbers of more than 550 decimal digits. Finally, we give a precise answer to the question of the reliability of our computations, providing a certificate of primality for a prime number. IMPLEMENTATION DU TEST DE PRIMALITE D' ATKIN, GOLDWASSER, ET KILIAN R'esum'e. Nous d'ecrivons un algorithme de primalit'e, principalement du `a Atkin, qui utilise les propri'et'es des courbes elliptiques sur les corps finis et la th'eorie de la multiplication complexe. En particulier, nous expliquons comment l'utilisation du corps de classe et du corps de genre permet d'acc'el'erer les calculs. Nous esquissons l'impl'ementati...
Primality testing
, 1992
"... Abstract For many years mathematicians have searched for a fast and reliable primality test. This is especially relevant nowadays, because the RSA publickey cryptosystem requires very large primes in order to generate secure keys. I will describe some efficient randomised algorithms that are useful ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract For many years mathematicians have searched for a fast and reliable primality test. This is especially relevant nowadays, because the RSA publickey cryptosystem requires very large primes in order to generate secure keys. I will describe some efficient randomised algorithms that are useful in practice, but have the defect of occasionally giving the wrong answer, or taking a very long time to give an answer. Recently Agrawal, Kayal and Saxena found a deterministic polynomialtime primality test. I will describe their algorithm, mention some improvements by Bernstein and Lenstra, and explain why this is not the end of the story.
Two Observations on Probabilistic Primality Testing
, 1987
"... In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's test so good. It turns out that a single iteration fails with a nonnegligible probability on a composite number of the ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's test so good. It turns out that a single iteration fails with a nonnegligible probability on a composite number of the form 4j +3 only if this number happens to be easy to split. The second observation is much more fundamental because is it not restricted to primality testing: it has profound consequences for the entire field of probabilistic algorithms. There we ask the question: how good is Rabin's algorithm? Whenever one wishes to produce a uniformly distributed random probabilistic prime with a given bound on the error probability, it turns out that the size of the desired prime must be taken into account. 1. Introduction In this note, we make two loosely related observations on Rabin's probabilistic primality test. The first remark gives a rather strange and provocative reason as to why is Rabin's te...
Further investigations with the strong probable prime test
 Math. Comp
, 1996
"... Abstract. Recently, Damg˚ard, Landrock and Pomerance described a procedure in which a kbit odd number is chosen at random and subjected to t random strong probable prime tests. If the chosen number passes all t tests, then the procedure will return that number; otherwise, another kbit odd integer ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. Recently, Damg˚ard, Landrock and Pomerance described a procedure in which a kbit odd number is chosen at random and subjected to t random strong probable prime tests. If the chosen number passes all t tests, then the procedure will return that number; otherwise, another kbit odd integer is selected and then tested. The procedure ends when a number that passes all t tests is found. Let pk,t denote the probability that such a number is composite. The authors above have shown that pk,t ≤ 4 −t when k ≥ 51 and t ≥ 1. In this paper we will show that this is in fact valid for all k ≥ 2 and t ≥ 1. 1.
Fast Generation of Prime Numbers of Portable Devices: An Update
 Proceedings of CHES 2006, LNCS 4249
, 2006
"... Abstract. The generation of prime numbers underlies the use of most publickey cryptosystems, essentially as a primitive needed for the creation of RSA key pairs. Surprisingly enough, despite decades of intense mathematical studies on primality testing and an observed progressive intensification of ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. The generation of prime numbers underlies the use of most publickey cryptosystems, essentially as a primitive needed for the creation of RSA key pairs. Surprisingly enough, despite decades of intense mathematical studies on primality testing and an observed progressive intensification of cryptography, prime number generation algorithms remain scarcely investigated and most reallife implementations are of dramatically poor performance. We show simple techniques that substantially improve all algorithms previously suggested or extend their capabilities. We derive fast implementations on appropriately equipped portable devices like smartcards embedding a cryptographic coprocessor. This allows onboard generation of RSA keys featuring a very attractive (average) processing time. Our motivation here is to help transferring this task from terminals where this operation usually took place so far, to portable devices themselves in near future for more confidence, security, and compliance with networkscaled distributed protocols such as electronic cash or mobile commerce.
Integer Factoring
, 2000
"... Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Using simple examples and informal discussions this article surveys the key ideas and major advances of the last quarter century in integer factorization.
A oneparameter quadraticbase version of the Baillie–PSW probable prime test
 Math. Comp
"... Abstract. The wellknown BailliePSW probable prime test is a combination of a RabinMiller test and a “true ” (i.e., with (D/n) =−1) Lucas test. Arnault mentioned in a recent paper that no precise result is known about its probability of error. Grantham recently provided a probable prime test (RQFT ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. The wellknown BailliePSW probable prime test is a combination of a RabinMiller test and a “true ” (i.e., with (D/n) =−1) Lucas test. Arnault mentioned in a recent paper that no precise result is known about its probability of error. Grantham recently provided a probable prime test (RQFT) with probability of error less than 1/7710, and pointed out that the lack of counterexamples to the BailliePSW test indicates that the true probability of error may be much lower. In this paper we first define pseudoprimes and strong pseudoprimes to quadratic bases with one parameter: Tu = T mod (T 2 − uT + 1), and define the basecounting functions: B(n) =#{u:0 ≤ u<n, nis a psp(Tu)} and SB(n) =#{u:0 ≤ u<n, nis an spsp(Tu)}. Then we give explicit formulas to compute B(n) and SB(n), and prove that, for odd composites n, B(n) <n/2 and SB(n) <n/8, and point out that these are best possible. Finally, based on oneparameter quadraticbase pseudoprimes, we provide a probable prime test, called the OneParameter QuadraticBase Test (OPQBT), which passed by all primes ≥ 5 andpassedbyanoddcompositen = p r1 1 pr2 2 ···prs s (p1 <p2 < ·· · <ps odd primes) with probability of error τ(n). We give explicit formulas to compute τ(n), and prove that
Finding strong pseudoprimes to several bases. II,Math
 Department of Mathematics, Anhui Normal University
"... Abstract. Define ψm to be the smallest strong pseudoprime to all the first m prime bases. If we know the exact value of ψm, we will have, for integers n<ψm, a deterministic efficient primality testing algorithm which is easy to implement. Thanks to Pomerance et al. and Jaeschke, the ψm are known for ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Define ψm to be the smallest strong pseudoprime to all the first m prime bases. If we know the exact value of ψm, we will have, for integers n<ψm, a deterministic efficient primality testing algorithm which is easy to implement. Thanks to Pomerance et al. and Jaeschke, the ψm are known for 1 ≤ m ≤ 8. Upper bounds for ψ9,ψ10 and ψ11 were first given by Jaeschke, and those for ψ10 and ψ11 were then sharpened by the first author in his previous paper (Math. Comp. 70 (2001), 863–872). In this paper, we first follow the first author’s previous work to use biquadratic residue characters and cubic residue characters as main tools to tabulate all strong pseudoprimes (spsp’s) n < 1024 to the first five or six prime bases, which have the form n = pq with p, q odd primes and q − 1= k(p−1),k =4/3, 5/2, 3/2, 6; then we tabulate all Carmichael numbers < 1020, to the first six prime bases up to 13, which have the form n = q1q2q3 with each prime factor qi ≡ 3 mod 4. There are in total 36 such Carmichael numbers, 12 numbers of which are also spsp’s to base 17; 5 numbers are spsp’s to bases 17 and 19; one number is an spsp to the first 11 prime bases up to 31. As a result the upper bounds for ψ9,ψ10 and ψ11 are lowered from 20 and 22decimaldigit numbers to a 19decimaldigit number: ψ9 ≤ ψ10 ≤ ψ11 ≤ Q11 = 3825 12305 65464 13051 (19 digits) = 149491 · 747451 · 34233211. We conjecture that ψ9 = ψ10 = ψ11 = 3825 12305 65464 13051, and give reasons to support this conjecture. The main idea for finding these Carmichael numbers is that we loop on the largest prime factor q3 and propose necessary conditions on n to be a strong pseudoprime to the first 5 prime bases. Comparisons of effectiveness with Arnault’s, Bleichenbacher’s, Jaeschke’s, and Pinch’s methods for finding (Carmichael) numbers with three prime factors, which are strong pseudoprimes to the first several prime bases, are given. 1.