The Miller-Rabin test with randomized exponents
نویسنده
چکیده
We analyze a variant of the well-known Miller-Rabin test, that may be useful in preventing side-channel attacks to the random prime generation on smart cards: In the well-known MillerRabin primality test for a positive integer n, one computes repeatedly the expression a (mod n) for random bases a ∈ N and exponents ω such that ω divides n − 1 and (n − 1)/ω is a power of 2. In each round one chooses, at random, a different base a, and uses binary exponentiation to compute a (mod n). ‘Listening’ to many rounds, it seems at least plausible that an outside spy could retrieve the integer n− 1. In the variant we consider, one chooses in each round two positive random integers a and ρ and applies the test with base a and exponents ωρ, ω as above. This increases the safety against side-channel attacks. However at the same time, it decreases the performance of the Miller-Rabin test. In this article we use elementary means to analyze this variant. We will not be able to obtain results as strong as those by Damgård, Landrock and Pomerance on prime generation using the original Miller-Rabin test. However by imposing restrictions on the random parameter ρ, we obtain satisfactory estimates on the variant described here which justify practical implementation.
منابع مشابه
A polytime proof of correctness of the Rabin-Miller algorithm from Fermat's little theorem
Although a deterministic polytime algorithm for primality testing is now known ([4]), the Rabin-Miller randomized test of primality continues being the most efficient and widely used algorithm. We prove the correctness of the Rabin-Miller algorithm in the theory V for polynomial time reasoning, from Fermat’s little theorem. This is interesting because the Rabin-Miller algorithm is a polytime ra...
متن کاملRandomness, Promise Problems, Randomized Complexity Classes
A big problem that motivates randomized algorithms is that of Primality testing: Given 0 ≤ p ≤ 2, determine if p is prime in poly(n) time. Algorithms such as Miller-Rabin and Solovay-Strassen are randomized algorithms that can solve this in polynomial time, though more recently Agrawal-Kayal-Saxena found a deterministic solution to primality testing. Remark When we say randomized, the goal is f...
متن کاملNotes on Public Key Cryptography And Primality Testing Part 1: Randomized Algorithms Miller–Rabin and Solovay–Strassen Tests
متن کامل
Improving the Speed and Accuracy of the Miller-Rabin Primality Test
Currently, even the fastest deterministic primality tests run slowly, with the AgrawalKayal-Saxena (AKS) Primality Test runtime Õ(log(n)), and probabilistic primality tests such as the Fermat and Miller-Rabin Primality Tests are still prone to false results. In this paper, we discuss the accuracy of the Miller-Rabin Primality Test and the number of nonwitnesses for a composite odd integer n. We...
متن کاملTwo Randomized Algorithms for Primality Testing
This algorithm was proposed in 70’s. Miller and Rabin gave two versions of the same algorithm to test whether a number n is prime or not. Whereas Rabin’s algorithm works with a randomly chosen a ∈ Zn, and is therefore a randomized one, Miller’s version tests deterministically for all a’s, where 1 ≤ a ≤ 4 log n. But correctness of Miller’s algorithm depends on correctness of Extended Riemann Hyp...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- J. Mathematical Cryptology
دوره 3 شماره
صفحات -
تاریخ انتشار 2009