## Efficient Generation of Prime Numbers (2000)

### Cached

### Download Links

- [www.gemplus.com]
- [www.gemplus.com]
- [www.gemplus.com]
- [www.geocities.com]
- [www.gemplus.com]
- DBLP

### Other Repositories/Bibliography

Citations: | 12 - 4 self |

### BibTeX

@MISC{Joye00efficientgeneration,

author = {Marc Joye and Pascal Paillier and Serge Vaudenay},

title = {Efficient Generation of Prime Numbers},

year = {2000}

}

### OpenURL

### Abstract

The generation of prime numbers underlies the use of most public-key schemes, essentially as a major primitive needed for the creation of key pairs or as a computation stage appearing during various cryptographic setups. Surprisingly, despite decades of intense mathematical studies on primality testing and an observed progressive intensification of cryptographic usages, prime number generation algorithms remain scarcely investigated and most real-life implementations are of rather poor performance. Common generators typically output a n-bit prime in heuristic average complexity O(n^4) or O(n^4/log n) and these figures, according to experience, seem impossible to improve significantly: this paper rather shows a simple way to substantially reduce the value of hidden constants to provide much more efficient prime generation algorithms. We apply our...

### Citations

2925 | A method for obtaining digital signatures and public-key cryptosystems
- Rivest, Shamir, et al.
- 1983
(Show Context)
Citation Context ...uce the number of rounds of Boneh and Franklin’s [3] shared RSA keys protocol by a factor of nearly 10. Finally, our techniques allow fast implementations on cryptographic smartcards for on-board RS=-=A [15]-=- (or other schemes) key generation. Our motivation here is to help transferring this task from terminals to smart-cards themselves in the near future for more confidence, security, and compliance with... |

2477 | Handbook of Applied Cryptography - Menezes, Oorschot, et al. - 1996 |

2202 | The Art of Computer Programming - Knuth - 1973 |

162 | Elliptic curves and primality proving
- Atkin, Morain
(Show Context)
Citation Context ... test [16], and Miller-Rabin test [10, p. 379]. There also exist (true) primality tests, which declare a number prime with probability 1 (e.g., Pocklington’s test [12] and its elliptic curve analogu=-=e [2]-=-, the Jacobi sum test [4]). However, these tests are generally more expensive or intricate. To motivate further analysis, we hereafter assume that we are given some compositeness test T provided as a ... |

135 |
A Fast Monte-Carlo Test for Primality
- Solovay, Strassen
- 1977
(Show Context)
Citation Context ...probability < 1. Hence repeatedly running the test gives more and more confidence in the generated (probable) prime. Typical examples of compositeness tests include Fermat test, Solovay-Strassen test =-=[16], -=-and Miller-Rabin test [10, p. 379]. There also exist (true) primality tests, which declare a number prime with probability 1 (e.g., Pocklington’s test [12] and its elliptic curve analogue [2], the J... |

124 | Efficient generation of shared rsa keys
- Boneh, Franklin
- 1997
(Show Context)
Citation Context ...s [9], strong primes [14] and ANSI X9.31-compliant primes [1], that is, real-life scenarios of well-recognized utility. As an illustration, we also reduce the number of rounds of Boneh and Franklin’=-=s [3]-=- shared RSA keys protocol by a factor of nearly 10. Finally, our techniques allow fast implementations on cryptographic smartcards for on-board RSA [15] (or other schemes) key generation. Our motivati... |

30 | Prime Numbers and Computer Methods for Factorization, Birkhäuser - Riesel - 1994 |

19 | E#cient generation of shared RSA keys - Boneh, Franklin - 1997 |

14 | On generation of probable primes by incremental search
- Brandt, Damg˚ard
- 1993
(Show Context)
Citation Context ...n-bit odd number q 2. while T(q) = false do q ← q + 2 3. output q Fig. 2. Naive incremental prime number generator. It should be outlined that this second algorithm has not the same proven complexit=-=y [5]. -=-A proper analysis actually has to exploit the properties of the distribution of prime numbers, in connection with Riemann’s Hypothesis. The incremental generator is however commonly used and we reca... |

14 |
An Introduction to Fast Generation of Large Prime Numbers
- Couvreur, Quisquater
- 1983
(Show Context)
Citation Context ...b a � b a ≈ b and a ≤ b 2 Primality and Compositeness Tests A lot of studies on primality testing have been carried out for years, and can be found in the literature devoted to the subject (e.g.=-=, see [7]-=-). Computationally, we may distinguish true primes and probable primes: the difference being the way these are generated. A probable prime is usually obtained through a compositeness test. Such a test... |

13 |
Digital Signature Standard. Federal Information Processing Standards Publication 186-3
- FIPS
- 2006
(Show Context)
Citation Context ...h as Karatsuba in O((|q| log 2 3 ) or Schönhage-Strassen in O(|q| log |q| log log |q|).s2 Marc Joye, Pascal Paillier, and Serge Vaudenay We apply our techniques to various contexts such as DSA primes=-= [9], -=-strong primes [14] and ANSI X9.31-compliant primes [1], that is, real-life scenarios of well-recognized utility. As an illustration, we also reduce the number of rounds of Boneh and Franklin’s [3] s... |

12 |
The Determination of the Prime or Composite Nature of Large Numbers by Fermat’s Theorem
- Pocklington
- 1914
(Show Context)
Citation Context ...include Fermat test, Solovay-Strassen test [16], and Miller-Rabin test [10, p. 379]. There also exist (true) primality tests, which declare a number prime with probability 1 (e.g., Pocklington’s tes=-=t [12]-=- and its elliptic curve analogue [2], the Jacobi sum test [4]). However, these tests are generally more expensive or intricate. To motivate further analysis, we hereafter assume that we are given some... |

8 |
Speeding up prime number generation
- Brandt, Damg˚ard, et al.
- 1991
(Show Context)
Citation Context ...generate r so that p automatically fulfills this condition. It suffices that p �≡ 0 (mod pi) ⇐⇒ r �≡ − 1 q 5 Again, we consider the bias of Section 4 to be negligible. (mod pi) for i = 1=-=, . . . , k . (6)s10 Marc Joye, Pa-=-scal Paillier, and Serge Vaudenay Choosing Π = p δ1 1 · · · pδk k with |Π| = |r| = n − 160, Eq. (6) can be rewritten as r = − 1 + c mod Π (7) q where c ∈ Z ∗ Π . Based on Fig. 5, we t... |

8 |
Remarks on a proposed cryptanalytic attack of the M.I.T. public-key cryptosystem
- Rivest
- 1978
(Show Context)
Citation Context ...((|q| log 2 3 ) or Schönhage-Strassen in O(|q| log |q| log log |q|).s2 Marc Joye, Pascal Paillier, and Serge Vaudenay We apply our techniques to various contexts such as DSA primes [9], strong primes=-= [14] a-=-nd ANSI X9.31-compliant primes [1], that is, real-life scenarios of well-recognized utility. As an illustration, we also reduce the number of rounds of Boneh and Franklin’s [3] shared RSA keys proto... |

7 |
Faster primality testing
- Bosma, Hulst
- 1990
(Show Context)
Citation Context ...bin test [10, p. 379]. There also exist (true) primality tests, which declare a number prime with probability 1 (e.g., Pocklington’s test [12] and its elliptic curve analogue [2], the Jacobi sum tes=-=t [4]-=-). However, these tests are generally more expensive or intricate. To motivate further analysis, we hereafter assume that we are given some compositeness test T provided as a primality oracle of compl... |

3 |
Public-key cryptography using RSA for the financial services industry. American National Standard for Financial Services
- 31
- 1995
(Show Context)
Citation Context ... in O(|q| log |q| log log |q|).s2 Marc Joye, Pascal Paillier, and Serge Vaudenay We apply our techniques to various contexts such as DSA primes [9], strong primes [14] and ANSI X9.31-compliant primes =-=[1], -=-that is, real-life scenarios of well-recognized utility. As an illustration, we also reduce the number of rounds of Boneh and Franklin’s [3] shared RSA keys protocol by a factor of nearly 10. Finall... |