applied cryptography - protocols, algorithms, and source code in c

The best current article on the topic is 934 if p is

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: [945]. Here it tests if p is prime: (1) Choose a random number a less than p. (2) Calculate a(p- 1)/2 mod p. (3) If a(p- 1)/2 ` 1 or - 1 (mod p), then p is definitely not prime. (4) If a(p- 1)/2 a 1 or - 1 (mod p), then the likelihood that p is not prime is no more than 50 percent. Again, the odds of a random a being a witness to p ’s compositeness is no less than 50 percent. Repeat this test t times. If the calculation equals 1 or -1, but does not always equal 1, then p is probably prime with an error rate of 1 in 2t . Rabin-Miller The algorithm everyone uses—it’s easy—was developed by Michael Rabin, based in part on Gary Miller’s ideas [1093, 1284]. Actually, this is a simplified version of the algorithm recommended in the DSS proposal [1149, 1154]. Choose a random number, p, to test. Calculate b, where b is the number of times 2 divides p - 1 (i.e., 2b is the largest power of 2 that divides p - 1). Then calculate m, such that p = 1 + 2b *m. (1) Choose a random number, a, such that a is less than p. (2) Set j = 0 and set z = am mod p. (3) If z = 1, or if z = p - 1, then p passes the test and may be prime. (4) If j > 0 and z = 1, then p is not prime. (5) Set j = j + 1. If j < b and z ` p - 1, set z = z2 mod p and go back to step (4). If z = p - 1, then p passes the test and may be prime. (6) If j = b and z ` p - 1, then p is not prime. The odds of a composite passing decreases faster with this test than with previous ones. Three-quarters of the possible values of a are guaranteed to be witnesses. This means that a composite number will slip through t tests no more than ¼t of the time, where t is the number of iterations. Actually, these numbers are very pessimistic. For most random numbers, something like 99.9 percent of the possible a values are witnesses [96]. There are even better estimations [417]. For n- bit candidate primes (where n is more than 100), the odds of error in one test are less than 1 in 4n 2(k/2)(1/2). And for a 256-bit n, the odds of error in six tests are less than 1 in 251 . More theory is in [418]. Practical Conside...
View Full Document

Ask a homework question - tutors are online