LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

Similar documents
p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

The RSA cryptosystem and primality tests

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Primality Proofs. Geoffrey Exoo Department of Mathematics and Computer Science Indiana State University Terre Haute, IN

Applied Cryptography and Computer Security CSE 664 Spring 2018

Ma/CS 6a Class 4: Primality Testing

1. Algebra 1.7. Prime numbers

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

Discrete Structures Lecture Primes and Greatest Common Divisor

ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Ma/CS 6a Class 4: Primality Testing

CPSC 467b: Cryptography and Computer Security

Primality Testing- Is Randomization worth Practicing?

Senior Math Circles Cryptography and Number Theory Week 2

God may not play dice with the universe, but something strange is going on with the prime numbers.

CSC 373: Algorithm Design and Analysis Lecture 30

CPSC 467b: Cryptography and Computer Security

Part II. Number Theory. Year

Primality testing: then and now

Primality testing: then and now

A Guide to Arithmetic

Pseudoprimes and Carmichael Numbers

Factorization & Primality Testing

FERMAT S TEST KEITH CONRAD

CS 491 CAP Mathematics

Exam 2 Solutions. In class questions

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

The running time of Euclid s algorithm

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

IRREDUCIBILITY TESTS IN F p [T ]

Chapter 8. Introduction to Number Theory

CSE 521: Design and Analysis of Algorithms I

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

CRC Press has granted the following specific permissions for the electronic version of this book:

1 Overview and revision

Public Key Encryption

A SURVEY OF PRIMALITY TESTS

ORDERS OF ELEMENTS IN A GROUP

Entry Number:2007 mcs Lecture Date: 18/2/08. Scribe: Nimrita Koul. Professor: Prof. Kavitha.

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

A Few Primality Testing Algorithms

THE SOLOVAY STRASSEN TEST

Elliptic curves: Theory and Applications. Day 3: Counting points.

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

PRIMALITY TEST FOR FERMAT NUMBERS USING QUARTIC RECURRENCE EQUATION. Predrag Terzic Podgorica, Montenegro

MATH 25 CLASS 8 NOTES, OCT

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

THE MILLER RABIN TEST

Lucas Lehmer primality test - Wikipedia, the free encyclopedia

Intermediate Math Circles February 29, 2012 Linear Diophantine Equations I

MATH 2200 Final Review

Introduction to Public-Key Cryptosystems:

Postmodern Primality Proving

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Chapter 5.1: Induction

Mathematical Induction

D. J. Bernstein University of Illinois at Chicago

Primality testing: variations on a theme of Lucas. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

3 The fundamentals: Algorithms, the integers, and matrices

NOTES ON SOME NEW KINDS OF PSEUDOPRIMES

Attempt QUESTIONS 1 and 2, and THREE other questions. penalised if you attempt additional questions.

Lecture 11 - Basic Number Theory.

ABSTRACT 1. INTRODUCTION

Fibonacci Pseudoprimes and their Place in Primality Testing

On the Composite Terms in Sequence Generated from Mersenne-type Recurrence Relations

Advanced Algorithms and Complexity Course Project Report

Lecture 31: Miller Rabin Test. Miller Rabin Test

Cryptography. Number Theory with AN INTRODUCTION TO. James S. Kraft. Lawrence C. Washington. CRC Press

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Private Key Cryptography. Fermat s Little Theorem. One Time Pads. Public Key Cryptography

Lecture # 12. Agenda: I. Vector Program Relaxation for Max Cut problem. Consider the vectors are in a sphere. Lecturer: Prof.

Table of Contents. 2013, Pearson Education, Inc.

4 Number Theory and Cryptography

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

RSA: Genesis, Security, Implementation & Key Generation

ECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation

Disproof MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Disproof Fall / 16

Some Facts from Number Theory

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Factoring and RSA Codes using DERIVE Johann Wiesenbauer, Technical Univ. of Vienna,

Introduction to Number Theory. The study of the integers

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

CSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal

Primality Testing SURFACE. Syracuse University. Per Brinch Hansen Syracuse University, School of Computer and Information Science,

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

MATH 145 Algebra, Solutions to Assignment 4

Lecture 7: Number Theory Steven Skiena. skiena

KTH, NADA , and D1449 Kryptografins grunder. Lecture 6: RSA. Johan Håstad, transcribed by Martin Lindkvist

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Transcription:

LARGE PRIME NUMBERS 1. Fermat Pseudoprimes Fermat s Little Theorem states that for any positive integer n, if n is prime then b n % n = b for b = 1,..., n 1. In the other direction, all we can say is that if b n % n = b for b = 1,..., n 1 then n might be prime. If b n % n = b where b {1,..., n 1} then n is called a Fermat pseudoprime base b. There are 669 primes under 5000, but only five values of n (561, 1105, 1729, 2465, and 2821) that are Fermat pseudoprimes base b for b = 2, 3, 5 without being prime. This is a false positive rate of less than 1%. The false positive rate under 500,000 just for b = 2, 3 is 0.118%. On the other hand, the bad news is that checking more bases b doesn t reduce the false positive rate much further. There are infinitely many Carmichael numbers, numbers n that are Fermat pseudoprimes base b for all b {1,..., n 1} but are not prime. In sum, Fermat pseudoprimes are reasonable candidates to be prime. 1

2 LARGE PRIME NUMBERS 2. Strong Pseudoprimes The Miller Rabin test on a positive integer n and a positive test base b in {1,..., n 1} proceeds as follows. (1) Factor n 1 = 2 s m where m is odd. (2) Replace b by b m % n. (3) If b = 1 or b = n 1, return the result that the test suggests that n is prime. Otherwise continue. (4) Set r = 0. (5) If r < s, proceed to step (6). Otherwise return the result that n is composite. (6) Replace b by b 2 % n. (7) If b = n 1, return the result that the test suggests that n is prime. Otherwise continue. (8) If b = 1, return the result that n is composite. Otherwise continue. (9) Increment r and return to step (5). The idea behind the test is that if n has distinct prime factors then the equation x 2 % n = 1 has at least four solutions. So if we find some b such that b % n is not 1 or n 1, and yet b 2 % n = 1, then n is composite. A positive integer n that passes the Miller-Rabin test for some b is a strong pseudoprime base b. For any n, at least 3/4 of the b-values in {1,..., n 1} have the property that if n is a strong pseudoprime base b then n is really prime. But according to the theory, up to 1/4 of the b-values have the property that n could be a strong pseudoprime base b but not be prime. In practice, the percentage of such b s is much lower. For n up to 500,000, if n is a strong pseudoprime base 2 and base 3 then n is prime.

LARGE PRIME NUMBERS 3 3. Generating Candidate Large Primes Given n, a simple approach to finding a candidate prime above 2n is as follows. Take the first of N = 2n + 1, N = 2n + 3, N = 2n + 5,... to pass the following test. (1) Try trial division for a few small primes. If N passes, continue. (2) Check whether N is a Fermat pseudoprime base 2. If N passes, continue. (3) Check whether N is a strong pseudoprime base b as b runs through the first 20 primes. Any N that passes the test is extremely likely to be prime. And such an N should appear quickly. Indeed, using only the first three primes in step (3) of the previous test finds the following correct candidate primes: The first candidate prime after 10 50 is 10 50 + 151. The first candidate prime after 10 100 is 10 100 + 267. The first candidate prime after 10 200 is 10 200 + 357. The first candidate prime after 10 500 is 10 500 + 331. The first candidate prime after 10 1000 is 10 1000 + 453.

4 LARGE PRIME NUMBERS 4. Certifiable Large Primes The Lucas Pocklington Lehmer Criterion is as follows. Suppose that N = p U + 1 where p is prime and p > U. Suppose also that there is a base b such that b N 1 % N = 1 but gcd(b U 1, N) = 1. Then N is prime. The proof is just Fermat s Little Theorem and some other basic number theory. As an example of using the result, start with p = 1000003. This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is N = p 1032 + 1 = 1032003097. And 2 N 1 % N = 1 and gcd(2 1032 1, N) = 1, so the LPL Criterion is satisfied, and N is prime. Rename A candidate prime above 10 9 p of the form p U + 1 is N = p (10 9 + 146) + 1 = 1032003247672452163. A candidate prime above 10 17 p of the form p U + 1 is N = p (10 17 + 24) + 1 = 103200324767245241068077944138851913. A candidate prime above 10 34 p of the form p U + 1 is N = p (10 34 + 224) + 1 =10320032476724524106807794413885422 46872747862933999249459487102828513. A candidate prime above 10 60 p of the form p U + 1 is N = p (10 60 + 1362) + 1 =10320032476724524106807794413885422 468727478629339992494608926912518428 801833472215991711945402406825893161 06977763821434052434707.

LARGE PRIME NUMBERS 5 A candidate prime above 10 120 p of the form p U + 1 is N = p (10 120 + 796) + 1 =10320032476724524106807794413885422 468727478629339992494608926912518428 801833472215991711945402406825893161 069777638222555270198542721189019004 353452796285107072988954634025708705 822364669326259443883929402708540315 83341095621154300001861505738026773. Again b = 2 works in the LPL Criterion, so N is prime.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback