Proven Primes
Ben Laurie
ben at algroup.co.uk
Thu Mar 6 12:01:44 EST 2003
Anton Stiglic wrote:
> ----- Original Message ----- From: "Ben Laurie" <ben at algroup.co.uk>
> To: "Cryptography" <cryptography at wasabisystems.com> Sent: Thursday,
> March 06, 2003 6:47 AM Subject: Proven Primes
>
>
>
>> I'm looking for a list or lists of sensibly sized proven primes -
>> all the lists I can find are more interested in records, which are
>> _way_ too big for cryptographic purposes.
>
>
>
> I'm not aware of such a list. If you can't find any you can generate
> the list yourself using ECPP (Elliptic Curve Primality Proving), an
> implementation of which is available here
> http://www.lix.polytechnique.fr/~morain/Prgms/ecpp.english.html The
> result of ECPP is guaranteed (no probability of error), and provides
> a certificate of primality for integers that are proven to be prime.
> A competing algorithm is the Jacobi Sums test, but it is much more
> complicated, so implementation errors are not to be disregarded, with
> ECPP the verification of a primality certificate is simple to
> implement, so you can make sure that there were no errors in the
> implementation of the proving algorithm.
I'm not convinced any of those binaries are going to run on my system
(which is FreeBSD), and anyway, if I'm going to use a binary to do ECPP
I may as well shove it through Mathematica - much prettier UI :-)
Is their no free implementation of ECPP? Is there at least a free verifier?
> There is also the new algorithm by Agrawal, Kayal and Saxena, but I
> don't believe that it is efficient in practice for the sizes of
> integers you are looking at. Also note that if you assume the
> Extended Riemann Hypothesis (ERH) to be true, you can use the
> Miller-Rabin algorithm in a deterministic fashion in polynomial time
> with no probability error.
Oh?
> The ECPP package is easy to use and fast. The site gives benchmarks
> for proving 512-bit primes: Pentium III (450MHz) 4.4
> sec Solaris 5.7 9.5 sec Alpha EV56 (500MHz)
> 4 sec
>
> I suggest you generate potential Sophie Germain primes q using your
> favorite library (I use OpenSSL for example) and then use the ECPP
> package to verify that in fact both q and 2q + 1 are really prime.
Sounds like a plan. Thanks very much for the info.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list