generating random primes faster the standard algorithm to
play

Generating random primes faster The standard algorithm to generate - PowerPoint PPT Presentation

Dec 22, 2023 •680 likes •826 views

1 2 Generating random primes faster The standard algorithm to generate random primes: D. J. Bernstein proof.arithmetic(False) while True: pqRSA project team: p = randrange(2^(n-1),2^n) Daniel J. Bernstein p = ZZ(p) Josh Fried if

  1. 1 2 Generating random primes faster The standard algorithm to generate random primes: D. J. Bernstein proof.arithmetic(False) while True: pqRSA project team: p = randrange(2^(n-1),2^n) Daniel J. Bernstein p = ZZ(p) Josh Fried if p.is_prime(): print p Nadia Heninger n 1+ o (1) iterations per prime. Paul Lou Luke Valenta cr.yp.to/papers.html#pqrsa

  2. 1 2 Generating random primes faster The standard algorithm to generate random primes: D. J. Bernstein proof.arithmetic(False) while True: pqRSA project team: p = randrange(2^(n-1),2^n) Daniel J. Bernstein p = ZZ(p) Josh Fried if p.is_prime(): print p Nadia Heninger n 1+ o (1) iterations per prime. Paul Lou Luke Valenta Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . cr.yp.to/papers.html#pqrsa Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  3. 1 2 Generating random primes faster The standard algorithm 2007 Mihailescu: n 3+ o (1) bit to generate random primes: Bernstein proof.arithmetic(False) while True: project team: p = randrange(2^(n-1),2^n) J. Bernstein p = ZZ(p) ried if p.is_prime(): print p Heninger n 1+ o (1) iterations per prime. Lou alenta Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . cr.yp.to/papers.html#pqrsa Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  4. 1 2 random primes faster The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to to generate random primes: proof.arithmetic(False) while True: team: p = randrange(2^(n-1),2^n) Bernstein p = ZZ(p) if p.is_prime(): print p n 1+ o (1) iterations per prime. Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . cr.yp.to/papers.html#pqrsa Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  5. 1 2 faster The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. to generate random primes: proof.arithmetic(False) while True: p = randrange(2^(n-1),2^n) p = ZZ(p) if p.is_prime(): print p n 1+ o (1) iterations per prime. Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . cr.yp.to/papers.html#pqrsa Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  6. 2 3 The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. to generate random primes: proof.arithmetic(False) while True: p = randrange(2^(n-1),2^n) p = ZZ(p) if p.is_prime(): print p n 1+ o (1) iterations per prime. Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  7. 2 3 The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. to generate random primes: 2010 Bernstein conjecture: proof.arithmetic(False) correctly recognize primality using while True: n o (1) tests, total n 2+ o (1) bit ops. p = randrange(2^(n-1),2^n) Fermat test, then Lucas test p = ZZ(p) (as in 1980 Baillie–Wagstaff, 1980 if p.is_prime(): print p Pomerance–Selfridge–Wagstaff), n 1+ o (1) iterations per prime. then cubic test (1995 Atkin), etc.; Standard speedup using wheels: or some elliptic-curve tests. e.g., force p mod 6 ∈ { 1 ; 5 } . Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  8. 2 3 The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. to generate random primes: 2010 Bernstein conjecture: proof.arithmetic(False) correctly recognize primality using while True: n o (1) tests, total n 2+ o (1) bit ops. p = randrange(2^(n-1),2^n) Fermat test, then Lucas test p = ZZ(p) (as in 1980 Baillie–Wagstaff, 1980 if p.is_prime(): print p Pomerance–Selfridge–Wagstaff), n 1+ o (1) iterations per prime. then cubic test (1995 Atkin), etc.; Standard speedup using wheels: or some elliptic-curve tests. e.g., force p mod 6 ∈ { 1 ; 5 } . Most iterations are much simpler: Wheel using all primes q ≤ n O (1) : Fermat test rejects p . n 1+ o (1) iterations per prime. Fast reject by trial division/ECM? 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y Still n 3+ o (1) bit ops per prime. log y q

  9. 2 3 New: n 2 standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. generate random primes: to generate 2010 Bernstein conjecture: proof.arithmetic(False) correctly recognize primality using True: n o (1) tests, total n 2+ o (1) bit ops. randrange(2^(n-1),2^n) Fermat test, then Lucas test ZZ(p) (as in 1980 Baillie–Wagstaff, 1980 p.is_prime(): print p Pomerance–Selfridge–Wagstaff), (1) iterations per prime. then cubic test (1995 Atkin), etc.; Standard speedup using wheels: or some elliptic-curve tests. rce p mod 6 ∈ { 1 ; 5 } . Most iterations are much simpler: using all primes q ≤ n O (1) : Fermat test rejects p . (1) iterations per prime. Fast reject by trial division/ECM? 1 − 1 1 ` ´ ` ´ Q ∈ Θ . q ≤ y Still n 3+ o (1) bit ops per prime. log y q

  10. 2 3 New: n 2 : 5+ o (1) bit algorithm 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o n 3+ o (1) bit ops to prove p prime. random primes: 2010 Bernstein conjecture: proof.arithmetic(False) correctly recognize primality using n o (1) tests, total n 2+ o (1) bit ops. randrange(2^(n-1),2^n) Fermat test, then Lucas test (as in 1980 Baillie–Wagstaff, 1980 p.is_prime(): print p Pomerance–Selfridge–Wagstaff), iterations per prime. then cubic test (1995 Atkin), etc.; eedup using wheels: or some elliptic-curve tests. d 6 ∈ { 1 ; 5 } . Most iterations are much simpler: primes q ≤ n O (1) : Fermat test rejects p . iterations per prime. Fast reject by trial division/ECM? − 1 1 ´ ` ´ ∈ Θ . Still n 3+ o (1) bit ops per prime. log y q

  11. 2 3 New: n 2 : 5+ o (1) bit ops per p 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o (1) primes. n 3+ o (1) bit ops to prove p prime. rimes: 2010 Bernstein conjecture: correctly recognize primality using n o (1) tests, total n 2+ o (1) bit ops. randrange(2^(n-1),2^n) Fermat test, then Lucas test (as in 1980 Baillie–Wagstaff, 1980 p Pomerance–Selfridge–Wagstaff), e. then cubic test (1995 Atkin), etc.; wheels: or some elliptic-curve tests. } . Most iterations are much simpler: n O (1) : Fermat test rejects p . e. Fast reject by trial division/ECM? 1 ` ´ . Still n 3+ o (1) bit ops per prime. log y

  12. 3 4 New: n 2 : 5+ o (1) bit ops per prime 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o (1) primes. n 3+ o (1) bit ops to prove p prime. 2010 Bernstein conjecture: correctly recognize primality using n o (1) tests, total n 2+ o (1) bit ops. Fermat test, then Lucas test (as in 1980 Baillie–Wagstaff, 1980 Pomerance–Selfridge–Wagstaff), then cubic test (1995 Atkin), etc.; or some elliptic-curve tests. Most iterations are much simpler: Fermat test rejects p . Fast reject by trial division/ECM? Still n 3+ o (1) bit ops per prime.

  13. � 3 4 New: n 2 : 5+ o (1) bit ops per prime 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o (1) primes. n 3+ o (1) bit ops to prove p prime. 2010 Bernstein conjecture: Recall: correctly recognize primality using many n -bit integers, n o (1) tests, total n 2+ o (1) bit ops. total ≥ y bits Fermat test, then Lucas test batch (as in 1980 Baillie–Wagstaff, 1980 smoothness detection: n (lg y ) 2+ o (1) bit ops Pomerance–Selfridge–Wagstaff), per integer then cubic test (1995 Atkin), etc.; or some elliptic-curve tests. largest y -smooth divisor of each integer Most iterations are much simpler: Fermat test rejects p . Fast reject by trial division/ECM? Still n 3+ o (1) bit ops per prime.

  14. � 3 4 New: n 2 : 5+ o (1) bit ops per prime 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o (1) primes. n 3+ o (1) bit ops to prove p prime. 2010 Bernstein conjecture: Recall: correctly recognize primality using many n -bit integers, n o (1) tests, total n 2+ o (1) bit ops. total ≥ y bits Fermat test, then Lucas test batch (as in 1980 Baillie–Wagstaff, 1980 smoothness detection: n (lg y ) 2+ o (1) bit ops Pomerance–Selfridge–Wagstaff), per integer then cubic test (1995 Atkin), etc.; or some elliptic-curve tests. largest y -smooth divisor of each integer Most iterations are much simpler: Fermat test rejects p . Apply batch smoothness detection for y = 2 2 0 , then y = 2 2 1 , then Fast reject by trial division/ECM? Still n 3+ o (1) bit ops per prime. y = 2 2 2 , : : : , then y ≈ 2 n 0 : 5+ o (1) .

Recommend

Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using

Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using

Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using GPU Quality Random Numbers using GPU High Wai-Man Pang, Tien-Tsin Wong, Pheng-Ann Heng The Computer Science and Engineering Department The Chinese

590 views • 20 slides
Generating Random Variables Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Generating Random Variables Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Generating Random Variables Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay March 27, 2015 1 / 13 Generating Random Variables Applications where random variables need

175 views • 13 slides
MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05

MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05

MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05 Student Questions One more proof by strong induction List of review topics I dont plan to cover in class Continue Arithmetic Algorithms

286 views • 12 slides
MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05 HW 2

MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05 HW 2

MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05 HW 2 due tonight, 3 is due Monday Student Questions Asymptotic Analysis example: summation Review topics I dont plan to cover in class

520 views • 22 slides
STA 326 2.0 Programming and Data Analysis with R Generating Random Numbers Using the Inverse

STA 326 2.0 Programming and Data Analysis with R Generating Random Numbers Using the Inverse

STA 326 2.0 Programming and Data Analysis with R Generating Random Numbers Using the Inverse Transform Method Prepared by Dr Thiyanga Talagala 1. Probability distribution functions in R to generate random num- bers rbeta beta

281 views • 12 slides
RSA lect 2.oo3 CS 70, March 10, 2005 review from Tuesday RSA algorithm proof observation:

RSA lect 2.oo3 CS 70, March 10, 2005 review from Tuesday RSA algorithm proof observation:

RSA lect 2.oo3 CS 70, March 10, 2005 review from Tuesday RSA algorithm proof observation: there are enough primes to make it relatively easy to find two of them; there are approximately x/(ln x) primes between 1 and x 1 in 20 SIDs are prime

57 views • 3 slides
Opening Exercise Use a Random object to create an object that simulates a standard six-sided die.

Opening Exercise Use a Random object to create an object that simulates a standard six-sided die.

Opening Exercise Use a Random object to create an object that simulates a standard six-sided die. A Die should have a roll() method. import java.util.Random; public class Die { private static Random generator = new Random(); // FILL IN THE

266 views • 15 slides
Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm

Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm

1 Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm Chinese remainder theorem Eulers totient function Eulers theorem 2 Modular Arithmetic m; n integers, n > 0

2.23k views • 15 slides
RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1 Good news: - primes are fairly common: there are about N/ln N primes N Exercise: If looking for a 512-bit prime, how many randomly generated

358 views • 10 slides
Dependency Parsing Lecture 2 Overview Nivre's Arc-Eager / Arc-Standard Algorithm

Dependency Parsing Lecture 2 Overview Nivre's Arc-Eager / Arc-Standard Algorithm

Dependency Parsing Lecture 2 Overview Nivre's Arc-Eager / Arc-Standard Algorithm Covington's Parsing Strategy Pseudo-projective Parsing Java ML Libraries - OpenNLP MaxEnt - Mallet - Liblinear Arc-Standard Algorithm Two

1.21k views • 92 slides
Towards Faster Nonnegative Tensor Factorization: A New Active-Set type Algorithm and Comparisons

Towards Faster Nonnegative Tensor Factorization: A New Active-Set type Algorithm and Comparisons

Towards Faster Nonnegative Tensor Factorization: A New Active-Set type Algorithm and Comparisons Haesun Park hpark@cc.gatech.edu College of Computing Georgia Institute of Technology Atlanta, GA 30332, USA Joint work with Krishnakumar

502 views • 24 slides
algorithm of Savage and JaJa [SJ81] uses O(log n) (resp. O((log - Implementation 2 is faster

algorithm of Savage and JaJa [SJ81] uses O(log n) (resp. O((log - Implementation 2 is faster

SIAM J. COMPUT. 1985 Society for Industrial and Applied Mathematics Vol. 14, No. 4, November 1985 007 AN EFFICIENT PARALLEL BICONNECTIVITY ALGORITHM* ROBERT E. TARJAN AND UZI VISHKIN:I: Abstract. In this paper we propose a new algorithm for

701 views • 13 slides
Mechanisms for Generating Random Walks Power-Law Distributions The First Return Problem

Mechanisms for Generating Random Walks Power-Law Distributions The First Return Problem

Power-Law Mechanisms Mechanisms for Generating Random Walks Power-Law Distributions The First Return Problem Examples Principles of Complex Systems Variable transformation Course 300, Fall, 2008 Basics Holtsmarks Distribution PLIPLO

841 views • 80 slides
Mechanisms for Generating Power-Law Distributions Random Walks The First Return Problem

Mechanisms for Generating Power-Law Distributions Random Walks The First Return Problem

Power-Law Mechanisms Mechanisms for Generating Power-Law Distributions Random Walks The First Return Problem Examples Principles of Complex Systems Variable Course CSYS/MATH 300, Fall, 2009 transformation Basics Holtsmarks

852 views • 81 slides
Bigger, Faster, Random(ized): Computing in the Era of Big Data Ioana Dumitriu Department of

Bigger, Faster, Random(ized): Computing in the Era of Big Data Ioana Dumitriu Department of

Bigger, Faster, Random(ized): Computing in the Era of Big Data Ioana Dumitriu Department of Mathematics University of Washington (Seattle) Joint work with Grey Ballard, Gerandy Brito, James Demmel, Maryam Fazel, Roy Han, Kameron Harris, Amin

862 views • 75 slides
Generating random numbers Biostatistics 615/815 Lecture 15: . . . . . . Complex

Generating random numbers Biostatistics 615/815 Lecture 15: . . . . . . Complex

. . March 8th, 2011 Biostatistics 615/815 - Lecture 15 Hyun Min Kang March 8th, 2011 Hyun Min Kang Generating random numbers Biostatistics 615/815 Lecture 15: . . . . . . Complex Distribution . Random sampling Using PRG Random

943 views • 40 slides
Decentralize and Randomize: Faster Algorithm for Wasserstein Barycenters Pavel Dvurechensky,

Decentralize and Randomize: Faster Algorithm for Wasserstein Barycenters Pavel Dvurechensky,

Decentralize and Randomize: Faster Algorithm for Wasserstein Barycenters Pavel Dvurechensky, Darina Dvinskikh, Alexander Gasnikov, Csar A. Uribe, Angelia Nedi c Conference on Neural Information Processing Systems 2018 Wasserstein

391 views • 9 slides
Pseudo-Random Generators Computer programming (e.g. randomized algorithm) Elementary and

Pseudo-Random Generators Computer programming (e.g. randomized algorithm) Elementary and

Why do we need random numbers? Simulation Sampling Numerical analysis Pseudo-Random Generators Computer programming (e.g. randomized algorithm) Elementary and critical element in many cryptographic protocols Usually:

157 views • 5 slides
RSA Question 2 Bob thinks that p and q are primes but p isnt. Then, Bob thinks Bob

RSA Question 2 Bob thinks that p and q are primes but p isnt. Then, Bob thinks Bob

RSA Question 2 Bob thinks that p and q are primes but p isnt. Then, Bob thinks Bob :=(p-1)(q-1) = (n). Is this true ? Bob chooses a random e (1 < e < Bob ) such that gcd(e, Bob )=1. Then, d = e -1 mod Bob . Example: p = 9,

187 views • 16 slides
Yet a Faster Motion Estimation Algorithm with Directional Search Strategies Speaker: Prof. W.C.

Yet a Faster Motion Estimation Algorithm with Directional Search Strategies Speaker: Prof. W.C.

15 th International Conference on Digital Signal Processing (DSP2007), July 2007, Cardiff, UK. Yet a Faster Motion Estimation Algorithm with Directional Search Strategies Speaker: Prof. W.C. Siu Ying Zhang+*, Wan-Chi Siu* and Tingzhi Shen+*

348 views • 12 slides
Optimising the SHA256 Hashing Algorithm for Faster and More Efficient Bitcoin Mining Presented

Optimising the SHA256 Hashing Algorithm for Faster and More Efficient Bitcoin Mining Presented

Optimising the SHA256 Hashing Algorithm for Faster and More Efficient Bitcoin Mining Presented by: Rahul P. Naik (12026189) Supervisor: Dr. Nicolas T. Courtois MSc Information Security DEPARTMENT OF COMPUTER SCIENCE September 17, 2013

579 views • 33 slides
2015 Difference set of primes and related problems Wen Huang Difference set of primes and

2015 Difference set of primes and related problems Wen Huang Difference set of primes and

2015 Difference set of primes and related problems Wen Huang Difference set of primes and related problems 1.Background 2.A conjecture 3. Higher order Bohr Wen Huang problem 1).Furstenberg Joint work with Xiaosheng Wu correspondence

679 views • 41 slides
A New Algorithm for Generating Quadrilateral Meshes and Its Application to FE-Based Image

A New Algorithm for Generating Quadrilateral Meshes and Its Application to FE-Based Image

A New Algorithm for Generating Quadrilateral Meshes and Its Application to FE-Based Image Registration Suneeta Ramaswami Marcelo Siqueira Rutgers University, USA University of Pennsylvania, USA rsuneeta@camden.rutgers.edu

1.42k views • 103 slides
An Efficient Algorithm for Generating Symmetric Ice Piles Roberto Mantaci 1 Paolo Massazza 2

An Efficient Algorithm for Generating Symmetric Ice Piles Roberto Mantaci 1 Paolo Massazza 2

An Efficient Algorithm for Generating Symmetric Ice Piles Roberto Mantaci 1 Paolo Massazza 2 Jean-Baptiste Yuns 1 1 LIAFA, Universit Paris Diderot 2 Dipartimento di Scienze Teoriche e Applicate Universit degli Studi dellInsubria-Varese

902 views • 37 slides

More recommend