Wheel factorization: Efficient? - Page 14

CRGreathouse · 2010-07-20, 13:00

Quote:

Originally Posted by 3.14159

How about if you generate via PARI? Is it equally weak as the internet generator?

I don't know of an attack on that particular implementation, but it's a linear feedback shift register, which has known vulnerabilities (e.g., the Berlekamp-Massey algorithm).

retina · 2010-07-20, 13:21

Quote:

Originally Posted by 3.14159

How about if you generate via PARI? Is it equally weak as the internet generator?

LFSRs are not cryptographically secure. Simple as that. If you want the primes for crypto work then the entire generating chain must be cryptographically secure. No shortcuts allowed. But the devil is in the details. Making good crypto is very hard. I suggest you buy a few books, I recommend this one: Bruce Schneier's "Practical Cryptography".

3.14159 · 2010-07-20, 15:20

Quote:

But the devil is in the details. Making good crypto is very hard. I suggest you buy a few books, I recommend this one: Bruce Schneier's "Practical Cryptography".

.. Alternatively, an Internet search + Some reading on the subject via the internet.

CRGreathouse · 2010-07-20, 15:50

Quote:

Originally Posted by 3.14159

.. Alternatively, an Internet search + Some reading on the subject via the internet.

That will suffice to tell you the details, but I hope you don't write a cryptosystem on that basis!

R.D. Silverman · 2010-07-20, 16:25

Quote:

Originally Posted by CRGreathouse

I don't know of an attack on that particular implementation, but it's a linear feedback shift register, which has known vulnerabilities (e.g., the Berlekamp-Massey algorithm).

If speed is not a requirement, then use BBS.

CRGreathouse · 2010-07-20, 18:12

Quote:

Originally Posted by R.D. Silverman

If speed is not a requirement, then use BBS.

You mean instead of a LFSR? Yes, Blum Blum Shub is much more suitable to crypto (i.e., actually has value).

jasonp · 2010-07-21, 11:06

There are many ways to build a cryptographically secure random number generator, assuming you have a good cryptographic primitive and a source that can supply sufficient entropy to seed it every so often. See NIST Special Publication 800-90 here. There's also been a lot of research into building a good entropy source when all you have is software, this is an excellent introduction.

3.14159 · 2010-07-21, 19:04

Quote:

That will suffice to tell you the details, but I hope you don't write a cryptosystem on that basis!

Here's a bunny with a pancake on its head:

3.14159 · 2010-07-21, 20:23

Now that I know a bit of PARI, maybe I should attempt coding my test methods?

CRGreathouse · 2010-07-21, 23:37

Sure, go for it.

3.14159 · 2010-07-22, 00:49

Alright: Here we go:

It works:

Code:

isSPRP(n,b=2) = {
forprime(p=2, nextprime(10^6),
if(n%p==0,return(p))
);
my(s=valuation(n-1,2),d=n>>s);
n = Mod(b, n)^d;
if (n == 1, return(n));
while(s--,
if (n == -1, return(n));
n = n^2;
);
n == -1
};

Timings:
For a composite that passes the trial division: 16 ms.

2010-07-21, 20:23	#152
3.14159 May 2010 Prime hunting commission. 2⁴·3·5·7 Posts	Coding my test?? Now that I know a bit of PARI, maybe I should attempt coding my test methods?

2010-07-22, 00:49	#154
3.14159 May 2010 Prime hunting commission. 2⁴·3·5·7 Posts	Alright: Here we go: It works: Code: isSPRP(n,b=2) = { forprime(p=2, nextprime(10^6), if(n%p==0,return(p)) ); my(s=valuation(n-1,2),d=n>>s); n = Mod(b, n)^d; if (n == 1, return(n)); while(s--, if (n == -1, return(n)); n = n^2; ); n == -1 }; Timings: For a composite that passes the trial division: 16 ms. Last fiddled with by 3.14159 on 2010-07-22 at 00:51

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Wheel Factorization	a1call	Factoring	11	2017-06-19 14:04
Efficient Test	paulunderwood	Computer Science & Computational Number Theory	5	2017-06-09 14:02
LL tests more credit-efficient than P-1?	ixfd64	Software	3	2011-02-20 16:24
A Wheel	storm5510	Puzzles	7	2010-06-25 10:29
Most efficient way to LL	hj47	Software	11	2009-01-29 00:45

2010-07-21, 11:06	#150
jasonp Tribal Bullet Oct 2004 3·1,181 Posts	There are many ways to build a cryptographically secure random number generator, assuming you have a good cryptographic primitive and a source that can supply sufficient entropy to seed it every so often. See NIST Special Publication 800-90 here. There's also been a lot of research into building a good entropy source when all you have is software, this is an excellent introduction.

2010-07-21, 23:37	#153
CRGreathouse Aug 2006 175B₁₆ Posts	Sure, go for it.