generating random primes faster the standard algorithm to
play

Generating random primes faster The standard algorithm to generate - PowerPoint PPT Presentation

Dec 22, 2023 •680 likes •826 views

1 2 Generating random primes faster The standard algorithm to generate random primes: D. J. Bernstein proof.arithmetic(False) while True: pqRSA project team: p = randrange(2^(n-1),2^n) Daniel J. Bernstein p = ZZ(p) Josh Fried if

  1. 1 2 Generating random primes faster The standard algorithm to generate random primes: D. J. Bernstein proof.arithmetic(False) while True: pqRSA project team: p = randrange(2^(n-1),2^n) Daniel J. Bernstein p = ZZ(p) Josh Fried if p.is_prime(): print p Nadia Heninger n 1+ o (1) iterations per prime. Paul Lou Luke Valenta cr.yp.to/papers.html#pqrsa

  2. 1 2 Generating random primes faster The standard algorithm to generate random primes: D. J. Bernstein proof.arithmetic(False) while True: pqRSA project team: p = randrange(2^(n-1),2^n) Daniel J. Bernstein p = ZZ(p) Josh Fried if p.is_prime(): print p Nadia Heninger n 1+ o (1) iterations per prime. Paul Lou Luke Valenta Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . cr.yp.to/papers.html#pqrsa Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  3. 1 2 Generating random primes faster The standard algorithm 2007 Mihailescu: n 3+ o (1) bit to generate random primes: Bernstein proof.arithmetic(False) while True: project team: p = randrange(2^(n-1),2^n) J. Bernstein p = ZZ(p) ried if p.is_prime(): print p Heninger n 1+ o (1) iterations per prime. Lou alenta Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . cr.yp.to/papers.html#pqrsa Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  4. 1 2 random primes faster The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to to generate random primes: proof.arithmetic(False) while True: team: p = randrange(2^(n-1),2^n) Bernstein p = ZZ(p) if p.is_prime(): print p n 1+ o (1) iterations per prime. Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . cr.yp.to/papers.html#pqrsa Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  5. 1 2 faster The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. to generate random primes: proof.arithmetic(False) while True: p = randrange(2^(n-1),2^n) p = ZZ(p) if p.is_prime(): print p n 1+ o (1) iterations per prime. Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . cr.yp.to/papers.html#pqrsa Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  6. 2 3 The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. to generate random primes: proof.arithmetic(False) while True: p = randrange(2^(n-1),2^n) p = ZZ(p) if p.is_prime(): print p n 1+ o (1) iterations per prime. Standard speedup using wheels: e.g., force p mod 6 ∈ { 1 ; 5 } . Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  7. 2 3 The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. to generate random primes: 2010 Bernstein conjecture: proof.arithmetic(False) correctly recognize primality using while True: n o (1) tests, total n 2+ o (1) bit ops. p = randrange(2^(n-1),2^n) Fermat test, then Lucas test p = ZZ(p) (as in 1980 Baillie–Wagstaff, 1980 if p.is_prime(): print p Pomerance–Selfridge–Wagstaff), n 1+ o (1) iterations per prime. then cubic test (1995 Atkin), etc.; Standard speedup using wheels: or some elliptic-curve tests. e.g., force p mod 6 ∈ { 1 ; 5 } . Wheel using all primes q ≤ n O (1) : n 1+ o (1) iterations per prime. 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y log y q

  8. 2 3 The standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. to generate random primes: 2010 Bernstein conjecture: proof.arithmetic(False) correctly recognize primality using while True: n o (1) tests, total n 2+ o (1) bit ops. p = randrange(2^(n-1),2^n) Fermat test, then Lucas test p = ZZ(p) (as in 1980 Baillie–Wagstaff, 1980 if p.is_prime(): print p Pomerance–Selfridge–Wagstaff), n 1+ o (1) iterations per prime. then cubic test (1995 Atkin), etc.; Standard speedup using wheels: or some elliptic-curve tests. e.g., force p mod 6 ∈ { 1 ; 5 } . Most iterations are much simpler: Wheel using all primes q ≤ n O (1) : Fermat test rejects p . n 1+ o (1) iterations per prime. Fast reject by trial division/ECM? 1 − 1 1 ` ´ ` ´ Recall Q ∈ Θ . q ≤ y Still n 3+ o (1) bit ops per prime. log y q

  9. 2 3 New: n 2 standard algorithm 2007 Mihailescu: conjecturally n 3+ o (1) bit ops to prove p prime. generate random primes: to generate 2010 Bernstein conjecture: proof.arithmetic(False) correctly recognize primality using True: n o (1) tests, total n 2+ o (1) bit ops. randrange(2^(n-1),2^n) Fermat test, then Lucas test ZZ(p) (as in 1980 Baillie–Wagstaff, 1980 p.is_prime(): print p Pomerance–Selfridge–Wagstaff), (1) iterations per prime. then cubic test (1995 Atkin), etc.; Standard speedup using wheels: or some elliptic-curve tests. rce p mod 6 ∈ { 1 ; 5 } . Most iterations are much simpler: using all primes q ≤ n O (1) : Fermat test rejects p . (1) iterations per prime. Fast reject by trial division/ECM? 1 − 1 1 ` ´ ` ´ Q ∈ Θ . q ≤ y Still n 3+ o (1) bit ops per prime. log y q

  10. 2 3 New: n 2 : 5+ o (1) bit algorithm 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o n 3+ o (1) bit ops to prove p prime. random primes: 2010 Bernstein conjecture: proof.arithmetic(False) correctly recognize primality using n o (1) tests, total n 2+ o (1) bit ops. randrange(2^(n-1),2^n) Fermat test, then Lucas test (as in 1980 Baillie–Wagstaff, 1980 p.is_prime(): print p Pomerance–Selfridge–Wagstaff), iterations per prime. then cubic test (1995 Atkin), etc.; eedup using wheels: or some elliptic-curve tests. d 6 ∈ { 1 ; 5 } . Most iterations are much simpler: primes q ≤ n O (1) : Fermat test rejects p . iterations per prime. Fast reject by trial division/ECM? − 1 1 ´ ` ´ ∈ Θ . Still n 3+ o (1) bit ops per prime. log y q

  11. 2 3 New: n 2 : 5+ o (1) bit ops per p 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o (1) primes. n 3+ o (1) bit ops to prove p prime. rimes: 2010 Bernstein conjecture: correctly recognize primality using n o (1) tests, total n 2+ o (1) bit ops. randrange(2^(n-1),2^n) Fermat test, then Lucas test (as in 1980 Baillie–Wagstaff, 1980 p Pomerance–Selfridge–Wagstaff), e. then cubic test (1995 Atkin), etc.; wheels: or some elliptic-curve tests. } . Most iterations are much simpler: n O (1) : Fermat test rejects p . e. Fast reject by trial division/ECM? 1 ` ´ . Still n 3+ o (1) bit ops per prime. log y

  12. 3 4 New: n 2 : 5+ o (1) bit ops per prime 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o (1) primes. n 3+ o (1) bit ops to prove p prime. 2010 Bernstein conjecture: correctly recognize primality using n o (1) tests, total n 2+ o (1) bit ops. Fermat test, then Lucas test (as in 1980 Baillie–Wagstaff, 1980 Pomerance–Selfridge–Wagstaff), then cubic test (1995 Atkin), etc.; or some elliptic-curve tests. Most iterations are much simpler: Fermat test rejects p . Fast reject by trial division/ECM? Still n 3+ o (1) bit ops per prime.

  13. � 3 4 New: n 2 : 5+ o (1) bit ops per prime 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o (1) primes. n 3+ o (1) bit ops to prove p prime. 2010 Bernstein conjecture: Recall: correctly recognize primality using many n -bit integers, n o (1) tests, total n 2+ o (1) bit ops. total ≥ y bits Fermat test, then Lucas test batch (as in 1980 Baillie–Wagstaff, 1980 smoothness detection: n (lg y ) 2+ o (1) bit ops Pomerance–Selfridge–Wagstaff), per integer then cubic test (1995 Atkin), etc.; or some elliptic-curve tests. largest y -smooth divisor of each integer Most iterations are much simpler: Fermat test rejects p . Fast reject by trial division/ECM? Still n 3+ o (1) bit ops per prime.

  14. � 3 4 New: n 2 : 5+ o (1) bit ops per prime 2007 Mihailescu: conjecturally to generate 2 n 0 : 5+ o (1) primes. n 3+ o (1) bit ops to prove p prime. 2010 Bernstein conjecture: Recall: correctly recognize primality using many n -bit integers, n o (1) tests, total n 2+ o (1) bit ops. total ≥ y bits Fermat test, then Lucas test batch (as in 1980 Baillie–Wagstaff, 1980 smoothness detection: n (lg y ) 2+ o (1) bit ops Pomerance–Selfridge–Wagstaff), per integer then cubic test (1995 Atkin), etc.; or some elliptic-curve tests. largest y -smooth divisor of each integer Most iterations are much simpler: Fermat test rejects p . Apply batch smoothness detection for y = 2 2 0 , then y = 2 2 1 , then Fast reject by trial division/ECM? Still n 3+ o (1) bit ops per prime. y = 2 2 2 , : : : , then y ≈ 2 n 0 : 5+ o (1) .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using

Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using

Generating Massive Amount of Generating Massive Amount of High- -Quality Random Numbers using GPU Quality Random Numbers using GPU High Wai-Man Pang, Tien-Tsin Wong, Pheng-Ann Heng The Computer Science and Engineering Department The Chinese

590 views • 20 slides
Generating Random Variables Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Generating Random Variables Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Generating Random Variables Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay March 27, 2015 1 / 13 Generating Random Variables Applications where random variables need

175 views • 13 slides
MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05

MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05

MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05 Student Questions One more proof by strong induction List of review topics I dont plan to cover in class Continue Arithmetic Algorithms

286 views • 12 slides
MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05 HW 2

MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05 HW 2

MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm MA/CSSE 473 Day 05 HW 2 due tonight, 3 is due Monday Student Questions Asymptotic Analysis example: summation Review topics I dont plan to cover in class

520 views • 22 slides
STA 326 2.0 Programming and Data Analysis with R Generating Random Numbers Using the Inverse

STA 326 2.0 Programming and Data Analysis with R Generating Random Numbers Using the Inverse

STA 326 2.0 Programming and Data Analysis with R Generating Random Numbers Using the Inverse Transform Method Prepared by Dr Thiyanga Talagala 1. Probability distribution functions in R to generate random num- bers rbeta beta

281 views • 12 slides
RSA lect 2.oo3 CS 70, March 10, 2005 review from Tuesday RSA algorithm proof observation:

RSA lect 2.oo3 CS 70, March 10, 2005 review from Tuesday RSA algorithm proof observation:

RSA lect 2.oo3 CS 70, March 10, 2005 review from Tuesday RSA algorithm proof observation: there are enough primes to make it relatively easy to find two of them; there are approximately x/(ln x) primes between 1 and x 1 in 20 SIDs are prime

57 views • 3 slides
Opening Exercise Use a Random object to create an object that simulates a standard six-sided die.

Opening Exercise Use a Random object to create an object that simulates a standard six-sided die.

Opening Exercise Use a Random object to create an object that simulates a standard six-sided die. A Die should have a roll() method. import java.util.Random; public class Die { private static Random generator = new Random(); // FILL IN THE

266 views • 15 slides
Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm

Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm

1 Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm Chinese remainder theorem Eulers totient function Eulers theorem 2 Modular Arithmetic m; n integers, n > 0

2.23k views • 15 slides
RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1 Good news: - primes are fairly common: there are about N/ln N primes N Exercise: If looking for a 512-bit prime, how many randomly generated

358 views • 10 slides
Dependency Parsing Lecture 2 Overview Nivre's Arc-Eager / Arc-Standard Algorithm

Dependency Parsing Lecture 2 Overview Nivre's Arc-Eager / Arc-Standard Algorithm

Dependency Parsing Lecture 2 Overview Nivre's Arc-Eager / Arc-Standard Algorithm Covington's Parsing Strategy Pseudo-projective Parsing Java ML Libraries - OpenNLP MaxEnt - Mallet - Liblinear Arc-Standard Algorithm Two

1.21k views • 92 slides
Towards Faster Nonnegative Tensor Factorization: A New Active-Set type Algorithm and Comparisons

Towards Faster Nonnegative Tensor Factorization: A New Active-Set type Algorithm and Comparisons

Towards Faster Nonnegative Tensor Factorization: A New Active-Set type Algorithm and Comparisons Haesun Park hpark@cc.gatech.edu College of Computing Georgia Institute of Technology Atlanta, GA 30332, USA Joint work with Krishnakumar

502 views • 24 slides
algorithm of Savage and JaJa [SJ81] uses O(log n) (resp. O((log - Implementation 2 is faster

algorithm of Savage and JaJa [SJ81] uses O(log n) (resp. O((log - Implementation 2 is faster

SIAM J. COMPUT. 1985 Society for Industrial and Applied Mathematics Vol. 14, No. 4, November 1985 007 AN EFFICIENT PARALLEL BICONNECTIVITY ALGORITHM* ROBERT E. TARJAN AND UZI VISHKIN:I: Abstract. In this paper we propose a new algorithm for

701 views • 13 slides
Mechanisms for Generating Random Walks Power-Law Distributions The First Return Problem

Mechanisms for Generating Random Walks Power-Law Distributions The First Return Problem

Power-Law Mechanisms Mechanisms for Generating Random Walks Power-Law Distributions The First Return Problem Examples Principles of Complex Systems Variable transformation Course 300, Fall, 2008 Basics Holtsmarks Distribution PLIPLO

841 views • 80 slides
Mechanisms for Generating Power-Law Distributions Random Walks The First Return Problem

Mechanisms for Generating Power-Law Distributions Random Walks The First Return Problem

Power-Law Mechanisms Mechanisms for Generating Power-Law Distributions Random Walks The First Return Problem Examples Principles of Complex Systems Variable Course CSYS/MATH 300, Fall, 2009 transformation Basics Holtsmarks

852 views • 81 slides
Bigger, Faster, Random(ized): Computing in the Era of Big Data Ioana Dumitriu Department of

Bigger, Faster, Random(ized): Computing in the Era of Big Data Ioana Dumitriu Department of

Bigger, Faster, Random(ized): Computing in the Era of Big Data Ioana Dumitriu Department of Mathematics University of Washington (Seattle) Joint work with Grey Ballard, Gerandy Brito, James Demmel, Maryam Fazel, Roy Han, Kameron Harris, Amin

862 views • 75 slides
Generating random numbers Biostatistics 615/815 Lecture 15: . . . . . . Complex

Generating random numbers Biostatistics 615/815 Lecture 15: . . . . . . Complex

. . March 8th, 2011 Biostatistics 615/815 - Lecture 15 Hyun Min Kang March 8th, 2011 Hyun Min Kang Generating random numbers Biostatistics 615/815 Lecture 15: . . . . . . Complex Distribution . Random sampling Using PRG Random

943 views • 40 slides
Vectoring in Research CS 197 | Stanford University | Michael Bernstein Administrivia Next week:

Vectoring in Research CS 197 | Stanford University | Michael Bernstein Administrivia Next week:

Vectoring in Research CS 197 | Stanford University | Michael Bernstein Administrivia Next week: how to give a talk, by Prof. Kayvon Fatahalian Time to dig in to your projects? 2 What problem are we solving? But how do we start?

571 views • 35 slides
Algorithms R OBERT S EDGEWICK | K EVIN W AYNE 5.4 R EGULAR E XPRESSIONS regular expressions

Algorithms R OBERT S EDGEWICK | K EVIN W AYNE 5.4 R EGULAR E XPRESSIONS regular expressions

Algorithms R OBERT S EDGEWICK | K EVIN W AYNE 5.4 R EGULAR E XPRESSIONS regular expressions REs and NFAs NFA simulation Algorithms NFA construction F O U R T H E D I T I O N applications R OBERT S EDGEWICK | K EVIN W AYNE

797 views • 56 slides
Aquaculture needs you! How solid science is needed by the aquaculture industry Tuna farming in

Aquaculture needs you! How solid science is needed by the aquaculture industry Tuna farming in

Aquaculture needs you! How solid science is needed by the aquaculture industry Tuna farming in Mexico example of poor aquaculture practice Ronald W. Hardy, Director Aquaculture Research Institute Topics to be covered Global

1.31k views • 82 slides
TODAY Regular Expressions REs and NFAs NFA simulation NFA construction

TODAY Regular Expressions REs and NFAs NFA simulation NFA construction

BBM 202 - ALGORITHMS D EPT . OF C OMPUTER E NGINEERING R EGULAR E XPRESSIONS Acknowledgement: The course slides are adapted from the slides prepared by R. Sedgewick and K. Wayne of Princeton University. TODAY Regular Expressions

1.09k views • 86 slides
Factorization myths D. J. Bernstein Thanks to: University of Illinois at Chicago NSF

Factorization myths D. J. Bernstein Thanks to: University of Illinois at Chicago NSF

Factorization myths D. J. Bernstein Thanks to: University of Illinois at Chicago NSF DMS0140542 Alfred P. Sloan Foundation and 611 + for small : Sieving 1 612 2 2 3 3 2 2 613 3 3 614 2 4 2 2 615 3 5 5 5 616 2 2 2

676 views • 32 slides
Predicting NFS time D. J. Bernstein University of Illinois at Chicago Thanks to: NSF

Predicting NFS time D. J. Bernstein University of Illinois at Chicago Thanks to: NSF

Predicting NFS time D. J. Bernstein University of Illinois at Chicago Thanks to: NSF DMS9600083 NSF DMS9970409 NSF DMS0140542 Alfred P. Sloan Foundation NSF ITR0716498 T as the time Define n . used by NFS to factor T depends on

433 views • 31 slides
The first 10 years of Curve25519 Daniel J. Bernstein University of Illinois at Chicago &

The first 10 years of Curve25519 Daniel J. Bernstein University of Illinois at Chicago &

1 The first 10 years of Curve25519 Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven 2005.05.19: Seminar talk; design+software close to done. 2005.09.15: Software online. 2005.09.20: Invited talk

869 views • 73 slides
Lecture 10: Heckscher-Ohlin Empirics (I) 14.581 14.581 Spring 2013 Spring

Lecture 10: Heckscher-Ohlin Empirics (I) 14.581 14.581 Spring 2013 Spring

14.581 International Trade Lecture 10: Heckscher-Ohlin Empirics (I) 14.581 14.581 Spring 2013 Spring 2013 14.581 RV and HO Empirics (I) Spring 2013 1 / 55 Plan of Todays Lecture Empirical work on Ricardo-Viner model: 1

888 views • 56 slides

More recommend