[QUOTE=jinydu]Isn't someone going to come to defend the current system? Seriously, there must be some safeguard against this, right?[/QUOTE]1) The security code (not really a checksum) is the principal safeguard. But the security code can be faked.

2) Behind the scenes, there is triple-checking (of all "verified" [matching first-time and doublecheck] results) going on by one or more folks, but its current progress is way behind the trailing edge of doublechecking, and it'll be several years before a current double-fake is detected. But real mathematicians are patient. :-)

But all verified exponents are ultimately triple-checked by trusted people, right?

At least its only possible to fake a composite. A prime is checked several times immediately, so any attempt to fake it would be caught immediately. Still, it would be sad if someone faked an exponent as composite, but it was in fact prime, and that went undiscovered for years.

The triple-checking effort is only done on exponents that were tested and double-checked by the same userid.

Then what safeguard is there against the potential problem I mentioned above?

There are only 2 safeguards against reporting a false composite and matching double-check.

1) The security code or checksum is hard to forge. This is the only source code that is not published. However, anyone handy with a disassembler could fake it.

2) There is no glory in pulling off the stunt. You won't get famous. You can't really climb the stats chart because you have to use different userids for the two tests -- and if tens or hundreds of tests and doublechecks came in from the same user that would be suspicious too.

Any ideas for improving security are, of course, welcome

[QUOTE=cheesehead]Behind the scenes, there is triple-checking (of all "verified" [matching first-time and doublecheck] results) going on by one or more folks,[/QUOTE][quote=Prime95]The triple-checking effort is only done on exponents that were tested and double-checked by the same userid.[/quote]Oh, rats. That's what I get for not going back to check the Mersenne Digest postings I recalled. I still can't find my copy right now, but I think what I referred to above was a triple-checking of all exponents for which GIMPS had only one 64-bit residue recorded. That is, folks [Brian Beesley and others?] were running another GIMPSian LL test on all the low exponents that had been tested before GIMPS then doublechecked by GIMPS, but for which all pre-GIMPS tests had recorded residues of fewer than 64 bits (and the GIMPS doublechecks had matched as many residue bits as were recorded for the earlier tests).

Unfortunately, I can't think of a surefire way of catching someone who tried such a strategy. The best method I can think of is for trusted people to do regular, random triple-checks of double-checked exponents. Then, if any discrepancies are confirmed, put extra scrutiny on the two offending user accounts. If you find consistently incorrect residues in a small group of accounts that are always checking each other, that could be cause for suspicion.

[QUOTE=cheesehead]Oh, rats. That's what I get for not going back to check the Mersenne Digest postings I recalled. I still can't find my copy right now, but I think what I referred to above was a triple-checking of all exponents for which GIMPS had only one 64-bit residue recorded.[/QUOTE]

You're right. Brian makes sure all exponents have two 64-bit residues returned. He may have completed that project by now. He also does the triple-checking I mentioned.

Yes, the project for making sure every exponent had matching 64-bit residues was completed almost two years ago. The project for triple-checking exponents with results returned by the same userID is ongoing but is keeping pace with the doublechecking effort.