This preview shows page 1. Sign up to view the full content.
Unformatted text preview: s is to generate random numbers and then try to factor them. The right way is to generate random numbers and test if they are prime. There are several probabilistic primality tests; tests that determine whether a number is prime with a given degree of confidence. Assuming this “degree of confidence” is large enough, these sorts of tests are good enough. I’ve heard primes generated in this manner called “industrialgrade primes”: These are numbers that are probably prime with a controllably small chance of error. Assume a test is set to fail once in 250 tries. This means that there is a 1 in 1015 chance that the test falsely indicates that a composite number is prime. (The test will never falsely indicate that a prime number is composite.) If for some reason you need more confidence that the number is prime, you can set the failure level even lower. On the other hand, if you consider that the odds of the number being composite are 300 million times less than the odds of winning top prize in a state lottery, you might not worry about it so much. Overviews of recent developments in the field can be found in [1256, 206]. Other important papers are [1490, 384, 11, 19, 626, 651, 911]. SolovayStrassen
Robert Solovay and Volker Strassen developed a probabilistic primality testing algorithm [1490]. Their algorithm uses the Jacobi symbol to test if p is prime: (1) Choose a random number, a, less than p. (2) If the gcd(a,p) ` 1, then p fails the test and is composite. (3) Calculate j = a(p 1)/2 mod p. (4) Calculate the Jacobi symbol J(a,p). (5) If j ` J(a,p), then p is definitely not prime. (6) If j = J(a,p), then the likelihood that p is not prime is no more than 50 percent. A number a that does not indicate that p is definitely not prime is called a witness. If p is composite, the odds of a random a being a witness is no less than 50 percent. Repeat this test t times, with t different random values for a. The odds of a composite number passing all t tests is no more than one in 2t. Lehmann
Another, simpler, test was developed independently by Lehmann...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details