Re: Primes algorithm
mm_at_nospam.net
Date: 04/21/05
- Next message: David Eather: "Re: JSH: Surrogate Factoring Fails Completely, What Next?"
- Previous message: David C. Ullrich: "Re: SF: Explaining away, how long?"
- In reply to: Lasse: "Re: Primes algorithm"
- Next in thread: Sebastian Gottschalk: "Re: Primes algorithm"
- Reply:(deleted message) Sebastian Gottschalk: "Re: Primes algorithm"
- Reply: Carlos Moreno: "Re: Primes algorithm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Apr 2005 13:38:29 +0200
Lasse wrote:
>>>But that's a testing method, not synthesis. How does the
>>>encryption program (RSA implementation, I assume) find
>>>80-bit primes? I can't believe it just generates a random
>>>sequence until a pair turns up.
>>>
>>That's pretty much the way to do it.
>>Up where the 80-bit numbers live, roughly one number
>>in every 55 is prime. So pick some large N and test
>>N, N + 1, N + 2, ..., and you'll be quite unlucky if
>>you have to test more than 100 numbers before you find
>>one that's prime. Each test is fast, doing 100 doesn't
>>really take all that much time. And of course you can
>>save time by throwing out all the even numbers, multiples
>>of 3, etc., before you begin.
>>
>>
>
> Actually, there is no reason to try N, N+1, N+2 etc.
The poster was answering to someone who seems to be a total
beginner. Taking this in account, the way he answered is a
good way of doing it.
> Just pick a large number at random, test whether it is prime. If it's
> not, take another random number, and so on.
>
> It is known (by the *prime number theorem*) that the number of primes
> smaller than n is about n/log n, and it follows by a simple calculation
> that the expected time to find a prime is
> O(log n), so it won't take you too long.
>
> By the way, the algorithm of Agrawal, Kayal and Saxena is not, at the
> moment, the most efficient way to test for primality. The classical
> method which is generally used, as far as I know, is the Miller-Rabin
> algorithm, which is a randomized algorithm. If this algorithm tells you
> that a given number is composite, then it is definitely composite; when
> it outputs 'prime', it is prime with very high probability.
Here, you are confusing the OP. Yes, Miller-Rabin is a 'randomized'
test (assuming you use randomly chosen bases) but, overall, it is
a probabilistic test. And to nitpick a little more, it is not a
primality test but a compositeness test ;-)
> If your number is prime with probability 1 - 10^{-10},
A number is prime with a probability equal to either 0 or to 1.
And the fact that we don't know its status doesn't change this
probability. (Yes, I know what you wanted to say ;-)
> this is usually
> good enough. If you want to be sure, you can always run the
> AKS-algorithm (or some of the randomized primality provers which were
> previously known)
Are you saying that, before AKS, there were no deterministic
primality tests?
> to make sure that this is correct --- i.e., use the
> more efficiennt Miller-Rabin test to throw away all the composites you
> come across, and then double-check using another algorithm to know
> you've definitely got a prime.
If you want to check crypto-primes with a probabilistic
compositeness test, use the BPSW (Baillie-Pomerance-Selfridge-
Wagstaff) test. It is faster than Miller-Rabin used with more than
three bases, and, overall, it is more reliable.
mm
- Next message: David Eather: "Re: JSH: Surrogate Factoring Fails Completely, What Next?"
- Previous message: David C. Ullrich: "Re: SF: Explaining away, how long?"
- In reply to: Lasse: "Re: Primes algorithm"
- Next in thread: Sebastian Gottschalk: "Re: Primes algorithm"
- Reply:(deleted message) Sebastian Gottschalk: "Re: Primes algorithm"
- Reply: Carlos Moreno: "Re: Primes algorithm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
