[18330] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Fwd: Tor security advisory: DH handshake flaw

daemon@ATHENA.MIT.EDU (astiglic@okiok.com)
Mon Aug 29 12:24:00 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <iluslws21y8.fsf@latte.josefsson.org>
Date: Mon, 29 Aug 2005 12:08:48 -0400 (EDT)
From: astiglic@okiok.com
To: "Simon Josefsson" <jas@extundo.com>
Cc: "Ben Laurie" <ben@algroup.co.uk>, cryptography@metzdowd.com,
	astiglic@okiok.com


> One algorithm that results in a polynomially verifiable witness is:
>
> Almost All Primes Can be Quickly Certified
> http://theory.lcs.mit.edu/~cis/pubs/shafi/1986-stoc-gk.pdf

That's a very old algorithm.  It was an intersting result at the time
(1986) because it is a primality proving algorithm that is not based on
any hypothesis and runs in *expected polynomial time* on almost all inputs
(note the *expected*).  It uses elliptic curves.  However, the algorithm
is not efficient in practice, and we have better theoretical results today
(Agrawal-Kayal-Saxena that is a true primality test that works in
polynomial time on all inputs.  Note that such a deterministic
polynomial-time primality testing algorithm implicitly provides a trivial
certificate of primality, which simply consists of the prime number
itself).

Goldwasser and Kilian's result was extended by ADleman and Huang, later
Atkin developed a simialr algorithm known as the Elliptic Curves for
Primality Proving (ECPP), which I also referred to in my initial post.
Morain worked on implementing Atkin's algorithm.  This is efficient. 
Morain has a web page with lot's of info and nice working code:
http://www.lix.polytechnique.fr/~morain/Prgms/ecpp.english.html

The advantage of Maurer's construction, however, is that it is much
simpler to code.

--Anton


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post