Results 11  20
of
24
A Simplified Quadratic Frobenius Primality Test
, 2005
"... The publication of the quadratic Frobenius primality test [6] has stimulated a lot of research, see e.g. [4, 10, 11]. In this test as well as in the MillerRabin test [13], a composite number may be declared as probably prime. Repeating several tests decreases that error probability. While most of t ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The publication of the quadratic Frobenius primality test [6] has stimulated a lot of research, see e.g. [4, 10, 11]. In this test as well as in the MillerRabin test [13], a composite number may be declared as probably prime. Repeating several tests decreases that error probability. While most of the above research papers focus on minimising the error probability as a function of the number of tests (or, more generally, of the computational e ort) asymptotically, we present a simplified variant SQFT of the quadratic Frobenius test. This test is so simple that it can easily be implemented on a smart card. During prime number generation, a large number of composite numbers must be tested before a (probable) prime is found. Therefore we need a fast test, such as the MillerRabin test with a small basis, to rule out most prime candidates quickly before a promising candidate will be tested with a more sophisticated variant of the QFT. Our test SQFT makes optimum use of the information gathered by a previous MillerRabin test. It has run time equivalent to two MillerRabin tests; and it achieves a worstcase error probability of 2 −12t with t tests. Most cryptographic standards require an averagecase error probability of at most 2 −80 or 2 −100, see e.g. [7], when prime numbers are generated in public key systems. Our test SQFT achieves an averagecase error probability of 2 −134 with two test rounds for 500−bit primes. We also present a more sophisticated version SQFT3 of our test that has run time and worstcase error probability comparable to the test EQFTwc presented in [4] in all cases. The test SQFT3 avoids the computation of cubic residuosity symbols, as required in the test EQFTwc.
TWO KINDS OF STRONG PSEUDOPRIMES UP TO 10 36
"... Abstract. Let n>1 be an odd composite integer. Write n − 1=2sd with d odd. If either bd ≡ 1modnor b2rd ≡−1modnfor some r =0, 1,...,s − 1, then we say that n isastrongpseudoprimetobaseb, or spsp(b) forshort. Define ψt to be the smallest strong pseudoprime to all the first t prime bases. If we know ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Let n>1 be an odd composite integer. Write n − 1=2sd with d odd. If either bd ≡ 1modnor b2rd ≡−1modnfor some r =0, 1,...,s − 1, then we say that n isastrongpseudoprimetobaseb, or spsp(b) forshort. Define ψt to be the smallest strong pseudoprime to all the first t prime bases. If we know the exact value of ψt, we will have, for integers n<ψt, a deterministic efficient primality testing algorithm which is easy to implement. Thanks to Pomerance et al. and Jaeschke, the ψt are known for 1 ≤ t ≤ 8. Conjectured values of ψ9,...,ψ12 were given by us in our previous papers (Math. Comp. 72 (2003), 2085–2097; 74 (2005), 1009–1024). The main purpose of this paper is to give exact values of ψ ′ t for 13 ≤ t ≤ 19; to give a lower bound of ψ ′ 20: ψ ′ 20> 1036; and to give reasons and numerical evidence of K2 and C3spsp’s < 1036 to support the following conjecture: ψt = ψ ′ t <ψ′ ′ t for any t ≥ 12, where ψ ′ t (resp. ψ′ ′ t) is the smallest K2 (resp. C3) strong pseudoprime to all the first t prime bases. For this purpose we describe procedures for computing and enumerating the two kinds of spsp’s < 1036 to the first 9 prime bases. The entire calculation took about 4000 hours on a PC Pentium IV/1.8GHz. (Recall that a K2spsp is an spsp of the form: n = pq with p, q primes and q − 1=2(p−1); and that a C3spsp is an spsp and a Carmichael number of the form: n = q1q2q3 with each prime factor qi ≡ 3mod4.) 1.
Uses of Randomness in Computation
, 1994
"... Random number generators are widely used in practical algorithms. Examples include simulation, number theory (primality testing and integer factorization), fault tolerance, routing, cryptography, optimization by simulated annealing, and perfect hashing. Complexity theory usually considers the worst ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Random number generators are widely used in practical algorithms. Examples include simulation, number theory (primality testing and integer factorization), fault tolerance, routing, cryptography, optimization by simulated annealing, and perfect hashing. Complexity theory usually considers the worstcase behaviour of deterministic algorithms, but it can also consider averagecase behaviour if it is assumed that the input data is drawn randomly from a given distribution. Rabin popularised the idea of &quot;probabilistic &quot; algorithms, where randomness is incorporated into the algorithm instead of being assumed in the input data. Yao showed that there is a close connection between the complexity of probabilistic algorithms and the averagecase complexity of deterministic algorithms. We give examples of the uses of randomness in computation, discuss the contributions of Rabin, Yao and others, and mention some open questions.
Pseudoprimes: A Survey Of Recent Results
, 1992
"... this paper, we aim at presenting the most recent results achieved in the theory of pseudoprime numbers. First of all, we make a list of all pseudoprime varieties existing so far. This includes Lucaspseudoprimes and the generalization to sequences generated by integer polynomials modulo N , elliptic ..."
Abstract
 Add to MetaCart
this paper, we aim at presenting the most recent results achieved in the theory of pseudoprime numbers. First of all, we make a list of all pseudoprime varieties existing so far. This includes Lucaspseudoprimes and the generalization to sequences generated by integer polynomials modulo N , elliptic pseudoprimes. We discuss the making of tables and the consequences on the design of very fast primality algorithms for small numbers. Then, we describe the recent work of Alford, Granville and Pomerance, in which they prove that there
Article electronically published on February 17, 2000 FINDING STRONG PSEUDOPRIMES TO SEVERAL BASES
"... Dedicated to the memory of P. Erdős (1913–1996) Abstract. Define ψm to be the smallest strong pseudoprime to all the first m prime bases. If we know the exact value of ψm, we will have, for integers n<ψm, a deterministic primality testing algorithm which is not only easier to implement but also f ..."
Abstract
 Add to MetaCart
Dedicated to the memory of P. Erdős (1913–1996) Abstract. Define ψm to be the smallest strong pseudoprime to all the first m prime bases. If we know the exact value of ψm, we will have, for integers n<ψm, a deterministic primality testing algorithm which is not only easier to implement but also faster than either the Jacobi sum test or the elliptic curve test. Thanks to Pomerance et al. and Jaeschke, ψm are known for 1 ≤ m ≤ 8. Upper bounds for ψ9,ψ10 and ψ11 were given by Jaeschke. In this paper we tabulate all strong pseudoprimes (spsp’s) n<1024 to the first ten prime bases 2, 3, ·· · , 29, which have the form n = pq with p, q odd primes and q −1 =k(p −1),k=2, 3, 4. There are in total 44 such numbers, six of which are also spsp(31), and three numbers are spsp’s to both bases 31 and 37. As a result the upper bounds for ψ10 and ψ11 are lowered from 28 and 29decimaldigit numbers to 22decimaldigit numbers, and a 24decimaldigit upper bound for ψ12 is obtained. The main tools used in our methods are the biquadratic residue characters and cubic residue characters. We propose necessary conditions for n to be a strong pseudoprime to one or to several prime bases. Comparisons of effectiveness with both Jaeschke’s and Arnault’s methods are given. 1.
A GENERALIZATION OF MILLER’S PRIMALITY THEOREM PEDRO BERRIZBEITIA AND AURORA OLIVIERI
"... Abstract. For any integer r we show that the notion of ωprime to base a introduced by Berrizbeitia and Berry, 2000, leads to a primality test for numbers n congruent to 1 modulo r, which runs in polynomial time assuming the Extended Riemann Hypothesis (ERH). For r = 2 we obtain Miller’s classical r ..."
Abstract
 Add to MetaCart
Abstract. For any integer r we show that the notion of ωprime to base a introduced by Berrizbeitia and Berry, 2000, leads to a primality test for numbers n congruent to 1 modulo r, which runs in polynomial time assuming the Extended Riemann Hypothesis (ERH). For r = 2 we obtain Miller’s classical result. 1.
Fast primality testing for integers that fit . . .
"... For large integers, the most efficient primality tests are probabilistic. However, for integers with a small fixed number of bits the best tests in practice are deterministic. Currently the best known tests of this type involve 3 rounds of the MillerRabin test for 32bit integers and 7 rounds for 6 ..."
Abstract
 Add to MetaCart
For large integers, the most efficient primality tests are probabilistic. However, for integers with a small fixed number of bits the best tests in practice are deterministic. Currently the best known tests of this type involve 3 rounds of the MillerRabin test for 32bit integers and 7 rounds for 64bit integers. Our main result in this paper: For 32bit integers we reduce this to a single computation of a simple hash function and a single round of MillerRabin. Similarly, for 64bit integers we can reduce the number of rounds to two (but with a significantly large precomputed table) or three. Up to our knowledge, our implementations are the fastest oneshot deterministic primality tests for 32bit and 64bit integers to date. We also provide empirical evidence that our algorithms are fast in practice and that the data segment is roughly as small as possible for an algorithm of this type.