DOCSLIB.ORG

Computationally Efficient Search for Large Primes

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Computationally Efficient Search for Large Primes New Jersey Institute of Technology Digital Commons @ NJIT Theses Electronic Theses and Dissertations Summer 8-31-2001 Computationally efficient search for large primes Wieslawa E. Amber New Jersey Institute of Technology Follow this and additional works at: https://digitalcommons.njit.edu/theses Part of the Computer Sciences Commons Recommended Citation Amber, Wieslawa E., "Computationally efficient search for large primes" (2001). Theses. 749. https://digitalcommons.njit.edu/theses/749 This Thesis is brought to you for free and open access by the Electronic Theses and Dissertations at Digital Commons @ NJIT. It has been accepted for inclusion in Theses by an authorized administrator of Digital Commons @ NJIT. For more information, please contact [email protected]. Copyright Warning & Restrictions The copyright law of the United States (Title 17, United States Code) governs the making of photocopies or other reproductions of copyrighted material. Under certain conditions specified in the law, libraries and archives are authorized to furnish a photocopy or other reproduction. One of these specified conditions is that the photocopy or reproduction is not to be “used for any purpose other than private study, scholarship, or research.” If a, user makes a request for, or later uses, a photocopy or reproduction for purposes in excess of “fair use” that user may be liable for copyright infringement, This institution reserves the right to refuse to accept a copying order if, in its judgment, fulfillment of the order would involve violation of copyright law. Please Note: The author retains the copyright while the New Jersey Institute of Technology reserves the right to distribute this thesis or dissertation Printing note: If you do not wish to print this page, then select “Pages from: first page # to: last page #” on the print dialog screen The Van Houten library has removed some of the personal information and all signatures from the approval page and biographical sketches of theses and dissertations in order to protect the identity of NJIT graduates and faculty. ABSTRACT COMPUTATIONALLY EFFICIENT SEARCH FOR PRIME NUMBERS by Wieslawa E Amber To satisfy the speed of communication and to meet the demand for the continuously larger prime numbers, the primality testing and prime numbers generating algorithms require continuous advancement. To find the most efficient algorithm, a need for a survey of methods arises. Concurrently, an urge for the analysis of algorithms' performances emanates. The critical criteria in the analysis of the prime numbers generation are the number of probes, number of generated primes, and an average time required in producing one prime. Hence, the purpose of this thesis is to indicate the best performing algorithm. The survey the methods, establishment of the comparison criteria, and comparison of approaches are the required steps to find the best performing algorithm. In the first step of this research paper the methods were surveyed and classified using the approach described in Menezes [66]. While chapter 2 sorted, described, compared, and summarized primality testing methods, chapter 3 sorted, described, compared, and summarized prime numbers generating methods. In the next step applying a uniform technique, the computer programs were written to the selected algorithms. The programs were installed on the Unix operating system, running on the Sun 5.8 server to perform the computer experiments. The computer experiments' results pertaining to the selected algorithms, provided required parameters to compare the algorithms' performances. The results from the computer experiments were tabulated to compare the parameters and to indicate the best performing algorithm. Survey of methods indicated that the deterministic and randomized are the main approaches in prime numbers generation. Random number generation found application in the cryptographic keys generation. Contemporaneously, a need for deterministically generated provable primes emerged in the code encryption, decryption, and in the other cryptographic areas. The analysis of algorithms' performances indicated that the prime numbers generated through the randomized techniques required smaller number of probes. This is due to the method that eliminates the non-primes in the initial step, that pre-tests randomly generated primes for possible divisibility factors. Analysis indicated that the smaller number of probes increases algorithm's efficiency. Further analysis indicated that a ratio of randomly generated primes to the expected number of primes, generated in the specific interval is smaller than the deterministically generated primes. In this comparison the Miller-Rabin's and the Gordon's algorithms that randomly generate primes were compared versus the SFA and the Sequences Containing Primes. The name Sequences Containing Primes algorithm is abbreviated in this thesis as 6kseq. In the interval [99000,100000] the Miller Rabin method generated 57 out of 87 expected primes, the SFA algorithm generated 83 out of 87 approximated primes. The expected number of primes was computed using the approximation n/ln(n) presented by Menezes [66]. The average consumed time of originating one prime in the [99000,100000] interval recorded 0.056 [s] for Miller-Rabin test, 0.0001 [s] for SFA, and 0.0003 [s] for 6kseq. The Gordon's algorithm in the interval [1,100000] required 100578 probes and generated 32 out of 8686 expected number of primes. Algorithm Parametric Representation of Composite Twins and Generation of Prime and Quasi Prime Numbers invented by Doctor Verkhovsky [108] verifies and generates primes and quasi primes using special mathematical constructs. This algorithm indicated best performance in the interval [1,1000] generating and verifying 3585 variances of provable primes or quasi primes. The Parametric Representation of Composite Twins algorithm consumed an average time per prime, or quasi prime of 0.0022315 [s]. The Parametric Representation of Composite Twins and Generation of Prime and Quasi Prime Numbers algorithm implements very unique method of testing both primes and quasi-primes. Because of the uniqueness of the method that verifies both primes and quasi-primes, this algorithm cannot be compared with the other primality testing or prime numbers generating algorithms. The ((a!)^2)*((-1)^b) Function In Generating Primes algorithm [105] developed by Doctor Verkhovsky was compared versus extended Fermat algorithm. In the range of [1,1000] the [105] algorithm exhausted an average 0.00001 [s] per prime, originated 167 primes, while the extended Fermat algorithm also produced 167 primes, but consumed an average 0.00599 [s] per prime. Thus, the computer experiments and comparison of methods proved that the SFA algorithm is deterministic, that originates provable primes. The survey of methods and analysis of selected approaches indicated that the SFA sieve algorithm that sequentially generates primes is computationally efficient, indicated better performance considering the computational speed, the simplicity of method, and the number of generated primes in the specified intervals. COMPUTATIONALLY EFFICIENT SEARCH FOR LARGE PRIMES by Wieslawa E. Amber A Thesis Submitted to the Faculty of New Jersey Institute of Technology In Partial Fulfillment of the Requirements for the Degree of Master of Science in Computer Science Computer Science Department August 2001 APPROVAL PAGE COMPUTATIONALLY EFFICIENT SEARCH FOR LARGE PRIMES Wieslawa E. Amber Dr. Boris S. Verkhovsky, Thesis Advisor Date Professor of Computer Science Department, NJIT Dr. James A. M. McHugh, Graduate Chairman Date Chairman of Computer Science Department, NJIT Dr. Fadi P. Deek, Associate Professor of Information Systems Date Associate Dean of Computer Science Systems, NJIT BIOGRAPHICAL SKETCH Author: Wieslawa E. Amber Degree: Master of Science Date: August 2001 Undergraduate and Graduate Education: Master of Science in Computer Science New Jersey Institute of Technology, Newark, NJ, 2001 Bachelor of Science in Mechanical Engineering New Jersey Institute of Technology, Newark, NJ, 1995 Major: Computer Science ACKNOWLEDGEMENT I am very grateful for having Professor Boris S. Verkhovsky, Ph.D. as the thesis advisor and for being his student. I have been gratified for the valuable and countless advice, encouragement, information, support, and suggestions I received from Professor Verkhovsky, that helped bring to life this project. My sincere words of appreciation are addressed to Dr. James A. M. McHugh, Graduate Chairman and to Dr. Fadi P. Deek, Associate Dean of Computer Science Systems for actively participating in my committee. I wish to thank the Professors and Faculty Members who taught me fundamentals to make this thesis possible. I appreciate the assistance and help I received from the CIS department staff over the years. I would like to thank Ms. Clarisa Gonzalez-Lenahan for her assistance. vi TABLE OF CONTENTS Chapter Page 1 INTRODUCTION... 1 1 1.2 Background Information... ... ......................................... 1 2 PRIMALITY TESTING METHODS... ... ............ ............ ........ 5 2.1 Problem Statement... ......... ......... ......... 5 2.2 Previous Works... ... ......... .................. ............ ......... 5 2.2.1 Probabilistic Primality Tests... ... ............... ............... 6 2.2.2 True Primality Tests 11 2.3 Algorithms' Performance Evaluation 20 2.4 Summary__ ......... ............ ..................... ............ ........... 20 3 PRIME NUMBERS GENERATING
Load more

Recommended publications
  • Fast Tabulation of Challenge Pseudoprimes Andrew Shallue and Jonathan Webster
    THE OPEN BOOK SERIES 2 ANTS XIII Proceedings of the Thirteenth Algorithmic Number Theory Symposium Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster msp THE OPEN BOOK SERIES 2 (2019) Thirteenth Algorithmic Number Theory Symposium msp dx.doi.org/10.2140/obs.2019.2.411 Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster We provide a new algorithm for tabulating composite numbers which are pseudoprimes to both a Fermat test and a Lucas test. Our algorithm is optimized for parameter choices that minimize the occurrence of pseudoprimes, and for pseudoprimes with a fixed number of prime factors. Using this, we have confirmed that there are no PSW-challenge pseudoprimes with two or three prime factors up to 280. In the case where one is tabulating challenge pseudoprimes with a fixed number of prime factors, we prove our algorithm gives an unconditional asymptotic improvement over previous methods. 1. Introduction Pomerance, Selfridge, and Wagstaff famously offered $620 for a composite n that satisfies (1) 2n 1 1 .mod n/ so n is a base-2 Fermat pseudoprime, Á (2) .5 n/ 1 so n is not a square modulo 5, and j D (3) Fn 1 0 .mod n/ so n is a Fibonacci pseudoprime, C Á or to prove that no such n exists. We call composites that satisfy these conditions PSW-challenge pseudo- primes. In[PSW80] they credit R. Baillie with the discovery that combining a Fermat test with a Lucas test (with a certain specific parameter choice) makes for an especially effective primality test[BW80].
    [Show full text]
  • Abstract in This Paper, D-Strong and Almost D-Strong Near-Rings Ha
    Periodica Mathematica Hungarlca Vol. 17 (1), (1986), pp. 13--20 D-STRONG AND ALMOST D-STRONG NEAR-RINGS A. K. GOYAL (Udaipur) Abstract In this paper, D-strong and almost D-strong near-rings have been defined. It has been proved that if R is a D-strong S-near ring, then prime ideals, strictly prime ideals and completely prime ideals coincide. Also if R is a D-strong near-ring with iden- tity, then every maximal right ideal becomes a maximal ideal and moreover every 2- primitive near-ring becomes a near-field. Several properties, chain conditions and structure theorems have also been discussed. Introduction In this paper, we have generalized some of the results obtained for rings by Wong [12]. Corresponding to the prime and strictly prime ideals in near-rings, we have defined D-strong and almost D-strong near-rings. It has been shown that a regular near-ring having all idempotents central in R is a D-strong and hence almost D-strong near-ring. If R is a D-strong S-near ring, then it has been shown that prime ideals, strictly prime ideals and com- pletely prime ideals coincide and g(R) = H(R) ~ ~(R), where H(R) is the intersection of all strictly prime ideals of R. Also if R is a D-strong near-ring with identity, then every maximal right ideal becomes a maximal ideal and moreover every 2-primitive near-ring becomes a near-field. Some structure theorems have also been discussed. Preliminaries Throughout R will denote a zero-symmetric left near-ring, i.e., R -- Ro in the sense of Pilz [10].
    [Show full text]
  • FACTORING COMPOSITES TESTING PRIMES Amin Witno
    WON Series in Discrete Mathematics and Modern Algebra Volume 3 FACTORING COMPOSITES TESTING PRIMES Amin Witno Preface These notes were used for the lectures in Math 472 (Computational Number Theory) at Philadelphia University, Jordan.1 The module was aborted in 2012, and since then this last edition has been preserved and updated only for minor corrections. Outline notes are more like a revision. No student is expected to fully benefit from these notes unless they have regularly attended the lectures. 1 The RSA Cryptosystem Sensitive messages, when transferred over the internet, need to be encrypted, i.e., changed into a secret code in such a way that only the intended receiver who has the secret key is able to read it. It is common that alphabetical characters are converted to their numerical ASCII equivalents before they are encrypted, hence the coded message will look like integer strings. The RSA algorithm is an encryption-decryption process which is widely employed today. In practice, the encryption key can be made public, and doing so will not risk the security of the system. This feature is a characteristic of the so-called public-key cryptosystem. Ali selects two distinct primes p and q which are very large, over a hundred digits each. He computes n = pq, ϕ = (p − 1)(q − 1), and determines a rather small number e which will serve as the encryption key, making sure that e has no common factor with ϕ. He then chooses another integer d < n satisfying de % ϕ = 1; This d is his decryption key. When all is ready, Ali gives to Beth the pair (n; e) and keeps the rest secret.
    [Show full text]
  • Fast Generation of RSA Keys Using Smooth Integers
    1 Fast Generation of RSA Keys using Smooth Integers Vassil Dimitrov, Luigi Vigneri and Vidal Attias Abstract—Primality generation is the cornerstone of several essential cryptographic systems. The problem has been a subject of deep investigations, but there is still a substantial room for improvements. Typically, the algorithms used have two parts – trial divisions aimed at eliminating numbers with small prime factors and primality tests based on an easy-to-compute statement that is valid for primes and invalid for composites. In this paper, we will showcase a technique that will eliminate the first phase of the primality testing algorithms. The computational simulations show a reduction of the primality generation time by about 30% in the case of 1024-bit RSA key pairs. This can be particularly beneficial in the case of decentralized environments for shared RSA keys as the initial trial division part of the key generation algorithms can be avoided at no cost. This also significantly reduces the communication complexity. Another essential contribution of the paper is the introduction of a new one-way function that is computationally simpler than the existing ones used in public-key cryptography. This function can be used to create new random number generators, and it also could be potentially used for designing entirely new public-key encryption systems. Index Terms—Multiple-base Representations, Public-Key Cryptography, Primality Testing, Computational Number Theory, RSA ✦ 1 INTRODUCTION 1.1 Fast generation of prime numbers DDITIVE number theory is a fascinating area of The generation of prime numbers is a cornerstone of A mathematics. In it one can find problems with cryptographic systems such as the RSA cryptosystem.
    [Show full text]
  • The Pseudoprimes to 25 • 109
    MATHEMATICS OF COMPUTATION, VOLUME 35, NUMBER 151 JULY 1980, PAGES 1003-1026 The Pseudoprimes to 25 • 109 By Carl Pomerance, J. L. Selfridge and Samuel S. Wagstaff, Jr. Abstract. The odd composite n < 25 • 10 such that 2n_1 = 1 (mod n) have been determined and their distribution tabulated. We investigate the properties of three special types of pseudoprimes: Euler pseudoprimes, strong pseudoprimes, and Car- michael numbers. The theoretical upper bound and the heuristic lower bound due to Erdös for the counting function of the Carmichael numbers are both sharpened. Several new quick tests for primality are proposed, including some which combine pseudoprimes with Lucas sequences. 1. Introduction. According to Fermat's "Little Theorem", if p is prime and (a, p) = 1, then ap~1 = 1 (mod p). This theorem provides a "test" for primality which is very often correct: Given a large odd integer p, choose some a satisfying 1 <a <p - 1 and compute ap~1 (mod p). If ap~1 pi (mod p), then p is certainly composite. If ap~l = 1 (mod p), then p is probably prime. Odd composite numbers n for which (1) a"_1 = l (mod«) are called pseudoprimes to base a (psp(a)). (For simplicity, a can be any positive in- teger in this definition. We could let a be negative with little additional work. In the last 15 years, some authors have used pseudoprime (base a) to mean any number n > 1 satisfying (1), whether composite or prime.) It is well known that for each base a, there are infinitely many pseudoprimes to base a.
    [Show full text]
  • Neural Networks and the Search for a Quadratic Residue Detector
    Neural Networks and the Search for a Quadratic Residue Detector Michael Potter∗ Leon Reznik∗ Stanisław Radziszowski∗ [email protected] [email protected] [email protected] ∗ Department of Computer Science Rochester Institute of Technology Rochester, NY 14623 Abstract—This paper investigates the feasibility of employing This paper investigates the possibility of employing ANNs artificial neural network techniques for solving fundamental in the search for a solution to the quadratic residues (QR) cryptography problems, taking quadratic residue detection problem, which is defined as follows: as an example. The problem of quadratic residue detection Suppose that you have two integers a and b. Then a is is one which is well known in both number theory and a quadratic residue of b if and only if the following two cryptography. While it garners less attention than problems conditions hold: [1] such as factoring or discrete logarithms, it is similar in both 1) The greatest common divisor of a and b is 1, and difficulty and importance. No polynomial–time algorithm is 2) There exists an integer c such that c2 ≡ a (mod b). currently known to the public by which the quadratic residue status of one number modulo another may be determined. This The first condition is satisfied automatically so long as ∗ work leverages machine learning algorithms in an attempt to a 2 Zb . There is, however, no known polynomial–time (in create a detector capable of solving instances of the problem the number of bits of a and b) algorithm for determining more efficiently. A variety of neural networks, currently at the whether the second condition is satisfied.
    [Show full text]
  • A Clasification of Known Root Prime-Generating
    Special properties of the first absolute Fermat pseudoprime, the number 561 Marius Coman Bucuresti, Romania email: [email protected] Abstract. Though is the first Carmichael number, the number 561 doesn’t have the same fame as the third absolute Fermat pseudoprime, the Hardy-Ramanujan number, 1729. I try here to repair this injustice showing few special properties of the number 561. I will just list (not in the order that I value them, because there is not such an order, I value them all equally as a result of my more or less inspired work, though they may or not “open a path”) the interesting properties that I found regarding the number 561, in relation with other Carmichael numbers, other Fermat pseudoprimes to base 2, with primes or other integers. 1. The number 2*(3 + 1)*(11 + 1)*(17 + 1) + 1, where 3, 11 and 17 are the prime factors of the number 561, is equal to 1729. On the other side, the number 2*lcm((7 + 1),(13 + 1),(19 + 1)) + 1, where 7, 13 and 19 are the prime factors of the number 1729, is equal to 561. We have so a function on the prime factors of 561 from which we obtain 1729 and a function on the prime factors of 1729 from which we obtain 561. Note: The formula N = 2*(d1 + 1)*...*(dn + 1) + 1, where d1, d2, ...,dn are the prime divisors of a Carmichael number, leads to interesting results (see the sequence A216646 in OEIS); the formula M = 2*lcm((d1 + 1),...,(dn + 1)) + 1 also leads to interesting results (see the sequence A216404 in OEIS).
    [Show full text]
  • Arxiv:1412.5226V1 [Math.NT] 16 Dec 2014 Hoe 11
    q-PSEUDOPRIMALITY: A NATURAL GENERALIZATION OF STRONG PSEUDOPRIMALITY JOHN H. CASTILLO, GILBERTO GARC´IA-PULGAR´IN, AND JUAN MIGUEL VELASQUEZ-SOTO´ Abstract. In this work we present a natural generalization of strong pseudoprime to base b, which we have called q-pseudoprime to base b. It allows us to present another way to define a Midy’s number to base b (overpseudoprime to base b). Besides, we count the bases b such that N is a q-probable prime base b and those ones such that N is a Midy’s number to base b. Furthemore, we prove that there is not a concept analogous to Carmichael numbers to q-probable prime to base b as with the concept of strong pseudoprimes to base b. 1. Introduction Recently, Grau et al. [7] gave a generalization of Pocklignton’s Theorem (also known as Proth’s Theorem) and Miller-Rabin primality test, it takes as reference some works of Berrizbeitia, [1, 2], where it is presented an extension to the concept of strong pseudoprime, called ω-primes. As Grau et al. said it is right, but its application is not too good because it is needed m-th primitive roots of unity, see [7, 12]. In [7], it is defined when an integer N is a p-strong probable prime base a, for p a prime divisor of N −1 and gcd(a, N) = 1. In a reading of that paper, we discovered that if a number N is a p-strong probable prime to base 2 for each p prime divisor of N − 1, it is actually a Midy’s number or a overpseu- doprime number to base 2.
    [Show full text]
  • A Scalable System-On-A-Chip Architecture for Prime Number Validation
    A SCALABLE SYSTEM-ON-A-CHIP ARCHITECTURE FOR PRIME NUMBER VALIDATION Ray C.C. Cheung and Ashley Brown Department of Computing, Imperial College London, United Kingdom Abstract This paper presents a scalable SoC architecture for prime number validation which targets reconfigurable hardware This paper presents a scalable SoC architecture for prime such as FPGAs. In particular, users are allowed to se- number validation which targets reconfigurable hardware. lect predefined scalable or non-scalable modular opera- The primality test is crucial for security systems, especially tors for their designs [4]. Our main contributions in- for most public-key schemes. The Rabin-Miller Strong clude: (1) Parallel designs for Montgomery modular arith- Pseudoprime Test has been mapped into hardware, which metic operations (Section 3). (2) A scalable design method makes use of a circuit for computing Montgomery modu- for mapping the Rabin-Miller Strong Pseudoprime Test lar exponentiation to further speed up the validation and to into hardware (Section 4). (3) An architecture of RAM- reduce the hardware cost. A design generator has been de- based Radix-2 Scalable Montgomery multiplier (Section veloped to generate a variety of scalable and non-scalable 4). (4) A design generator for producing hardware prime Montgomery multipliers based on user-defined parameters. number validators based on user-specified parameters (Sec- The performance and resource usage of our designs, im- tion 5). (5) Implementation of the proposed hardware ar- plemented in Xilinx reconfigurable devices, have been ex- chitectures in FPGAs, with an evaluation of its effective- plored using the embedded PowerPC processor and the soft ness compared with different size and speed tradeoffs (Sec- MicroBlaze processor.
    [Show full text]
  • The Quadratic Sieve Factoring Algorithm
    The Quadratic Sieve Factoring Algorithm Eric Landquist MATH 488: Cryptographic Algorithms December 14, 2001 1 1 Introduction Mathematicians have been attempting to find better and faster ways to fac- tor composite numbers since the beginning of time. Initially this involved dividing a number by larger and larger primes until you had the factoriza- tion. This trial division was not improved upon until Fermat applied the factorization of the difference of two squares: a2 b2 = (a b)(a + b). In his method, we begin with the number to be factored:− n. We− find the smallest square larger than n, and test to see if the difference is square. If so, then we can apply the trick of factoring the difference of two squares to find the factors of n. If the difference is not a perfect square, then we find the next largest square, and repeat the process. While Fermat's method is much faster than trial division, when it comes to the real world of factoring, for example factoring an RSA modulus several hundred digits long, the purely iterative method of Fermat is too slow. Sev- eral other methods have been presented, such as the Elliptic Curve Method discovered by H. Lenstra in 1987 and a pair of probabilistic methods by Pollard in the mid 70's, the p 1 method and the ρ method. The fastest algorithms, however, utilize the− same trick as Fermat, examples of which are the Continued Fraction Method, the Quadratic Sieve (and it variants), and the Number Field Sieve (and its variants). The exception to this is the El- liptic Curve Method, which runs almost as fast as the Quadratic Sieve.
    [Show full text]
  • The RSA Algorithm Clifton Paul Robinson
    Bridgewater State University Virtual Commons - Bridgewater State University Honors Program Theses and Projects Undergraduate Honors Program 5-1-2018 The Key to Cryptography: The RSA Algorithm Clifton Paul Robinson Follow this and additional works at: http://vc.bridgew.edu/honors_proj Part of the Computer Sciences Commons Recommended Citation Robinson, Clifton Paul. (2018). The Key ot Cryptography: The RSA Algorithm. In BSU Honors Program Theses and Projects. Item 268. Available at: http://vc.bridgew.edu/honors_proj/268 Copyright © 2018 Clifton Paul Robinson This item is available as part of Virtual Commons, the open-access institutional repository of Bridgewater State University, Bridgewater, Massachusetts. The Key to Cryptography: The RSA Algorithm Clifton Paul Robinson Submitted in Partial Completion of the Requirements for Commonwealth Interdisciplinary Honors in Computer Science and Mathematics Bridgewater State University May 1, 2018 Dr. Jacqueline Anderson Thesis Co-Advisor Dr. Michael Black, Thesis Co-Advisor Dr. Ward Heilman, Committee Member Dr. Haleh Khojasteh, Committee Member BRIDGEWATER STATE UNIVERSITY UNDERGRADUATE THESIS The Key To Cryptography: The RSA Algorithm Author: Advisors: Clifton Paul ROBINSON Dr. Jackie ANDERSON Dr. Michael BLACK Submitted in Partial Completion of the Requirements for Commonwealth Honors in Computer Science and Mathematics Dr. Ward Heilman, Reading Committee Dr. Haleh Khojasteh, Reading Committee ii Dedicated to Mom, Dad, James, and Mimi iii Contents Abstractv 1 Introduction1 1.1 The Project Overview........................1 2 Theorems and Definitions2 2.1 Definitions..............................2 2.2 Theorems...............................5 3 The History of Cryptography6 3.1 Origins................................6 3.2 A Transition.............................6 3.3 Cryptography at War........................7 3.4 The Creation and Uses of RSA...................7 4 The Mathematics9 4.1 What is a Prime Number?.....................9 4.2 Factoring Numbers........................
    [Show full text]
  • Generating Provable Primes Efficiently on Embedded Devices
    Generating Provable Primes Efficiently on Embedded Devices Christophe Clavier1, Benoit Feix1;2, Lo¨ıc Thierry2;?, and Pascal Paillier3 1 XLIM, University of Limoges, [email protected] 2 INSIDE Secure [email protected],[email protected] 3 CryptoExperts [email protected] Abstract. This paper introduces new techniques to generate provable prime numbers efficiently on embedded devices such as smartcards, based on variants of Pocklington's and the Brillhart-Lehmer-Selfridge-Tuckerman- Wagstaff theorems. We introduce two new generators that, combined with cryptoprocessor-specific optimizations, open the way to efficient and tamper-resistant on-board generation of provable primes. We also report practical results from our implementations. Both our theoretical and ex- perimental results show that constructive methods can generate provable primes essentially as efficiently as state-of-the-art generators for probable primes based on Fermat and Miller-Rabin pseudo-tests. We evaluate the output entropy of our two generators and provide techniques to ensure a high level of resistance against physical attacks. This paper intends to provide practitioners with the first practical solutions for fast and secure generation of provable primes in embedded security devices. Keywords: Prime Numbers, Pocklington's theorem, Public Key Cryp- tography, Embedded Software, Modular Exponentiation, Cryptographic Accelerators, Primality Proving. 1 Introduction Large prime numbers are a basic ingredient of keys in several standardized primi- tives such as RSA [21], Digital Signature Algorithm (DSA) [12] or Diffie-Hellman key exchange (DH) [10]. This paper precisely addresses the generation of prov- able prime numbers in embedded, crypto-enabled devices. When it comes to RSA key generation, two approaches coexist: key pairs may be generated off-board (i.e.
    [Show full text]