Strong prime: Difference between revisions
split |
|||
| (13 intermediate revisions by 9 users not shown) | |||
| Line 1: | Line 1: | ||
{{More citations needed|date=October 2018}} |
|||
| ⚫ | |||
{{split|date=May 2024}} |
|||
| ⚫ | |||
== Definition in number theory == |
== Definition in number theory == |
||
In [[number theory]], a '''strong prime''' is a prime number that is greater than the [[arithmetic mean]] of the nearest prime above and below (in other words, it's closer to the following than to the preceding prime). Or to put it algebraically, |
In [[number theory]], a '''strong prime''' is a prime number that is greater than the [[arithmetic mean]] of the nearest prime above and below (in other words, it's closer to the following than to the preceding prime). Or to put it algebraically, writing the [[integer sequence|sequence]] of prime numbers as (''p''{{sub|1}}, ''p''{{sub|2}}, ''p''{{sub|3}}, ...) = (2, 3, 5, ...), ''p{{sub|n}}'' is a strong prime if {{math|''p{{sub|n}}'' > {{sfrac|''p''{{sub|''n'' − 1}} + ''p''{{sub|''n'' + 1}}|2}}}}. For example, 17 is the seventh prime: the sixth and eighth primes, 13 and 19, add up to 32, and half that is 16; 17 is greater than 16, so 17 is a strong prime. |
||
The first few strong primes are |
The first few strong primes are |
||
:[[11 (number)|11]], [[17 (number)|17]], [[29 (number)|29]], [[37 (number)|37]], [[41 (number)|41]], [[59 (number)|59]], [[67 (number)|67]], [[71 (number)|71]], [[79 (number)|79]], [[97 (number)|97]], [[101 (number)|101]], [[107 (number)|107]], [[127 (number)|127]], [[137 (number)|137]], [[149 (number)|149]], [[163 (number)|163]], [[179 (number)|179]], [[191 (number)|191]], [[197 (number)|197]], [[223 (number)|223]], [[227 (number)|227]], [[239 (number)|239]], [[251 (number)|251]], [[269 (number)|269]], [[277 (number)|277]], 281, 307, 311, 331, 347, 367, 379, 397, 419, 431, 439, 457, 461, 479, 487, 499 {{OEIS|id=A051634}}. |
:[[11 (number)|11]], [[17 (number)|17]], [[29 (number)|29]], [[37 (number)|37]], [[41 (number)|41]], [[59 (number)|59]], [[67 (number)|67]], [[71 (number)|71]], [[79 (number)|79]], [[97 (number)|97]], [[101 (number)|101]], [[107 (number)|107]], [[127 (number)|127]], [[137 (number)|137]], [[149 (number)|149]], [[163 (number)|163]], [[179 (number)|179]], [[191 (number)|191]], [[197 (number)|197]], [[223 (number)|223]], [[227 (number)|227]], [[239 (number)|239]], [[251 (number)|251]], [[269 (number)|269]], [[277 (number)|277]], 281, 307, 311, 331, 347, 367, 379, 397, 419, 431, 439, 457, 461, 479, 487, 499 {{OEIS|id=A051634}}. |
||
In a [[twin prime]] pair (''p'', ''p'' + 2) with ''p'' > 5, ''p'' is always a strong prime, since 3 must divide ''p'' |
In a [[twin prime]] pair (''p'', ''p'' + 2) with ''p'' > 5, ''p'' is always a strong prime, since 3 must divide ''p'' − 2, which cannot be prime. |
||
| ⚫ | It |
||
== Definition in cryptography == |
== Definition in cryptography == |
||
| ⚫ | |||
'''Corollary''' |
|||
* ''p'' is sufficiently large to be useful in cryptography; typically this requires ''p'' to be too large for plausible computational resources to enable a [[cryptanalyst]] to [[factorisation|factorise]] products of ''p'' with other strong primes. |
* ''p'' is sufficiently large to be useful in cryptography; typically this requires ''p'' to be too large for plausible computational resources to enable a [[cryptanalyst]] to [[factorisation|factorise]] products of ''p'' with other strong primes. |
||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | It is possible for a prime to be a strong prime both in the cryptographic sense and the number theoretic sense. For the sake of illustration, 439351292910452432574786963588089477522344331 is a strong prime in the number theoretic sense because the arithmetic mean of its two neighboring primes is 62 less. Without the aid of a computer, this number would be a strong prime in the cryptographic sense because 439351292910452432574786963588089477522344330 has the large prime factor 1747822896920092227343 (and in turn the number one less than that has the large prime factor 1683837087591611009), 439351292910452432574786963588089477522344332 has the large prime factor 864608136454559457049 (and in turn the number one less than that has the large prime factor 105646155480762397). Even using algorithms more advanced than [[trial division]], these numbers would be difficult to factor by hand. For a modern [[computer algebra system]], these numbers can be factored almost instantaneously. A [[cryptographically strong]] prime has to be much larger than this example. |
||
'''Conditions to meet''' |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
== Application of strong primes in cryptography == |
== Application of strong primes in cryptography == |
||
| Line 37: | Line 36: | ||
It is shown by Stephen Pohlig and [[Martin Hellman]] in 1978 that if all the factors of ''p'' − 1 are less than log{{sup|''c''}} ''p'', then the problem of solving [[discrete logarithm]] modulo ''p'' is in [[P = NP problem|P]]. Therefore, for cryptosystems based on discrete logarithm, such as [[Digital Signature Algorithm|DSA]], it is required that ''p'' − 1 have at least one large prime factor. |
It is shown by Stephen Pohlig and [[Martin Hellman]] in 1978 that if all the factors of ''p'' − 1 are less than log{{sup|''c''}} ''p'', then the problem of solving [[discrete logarithm]] modulo ''p'' is in [[P = NP problem|P]]. Therefore, for cryptosystems based on discrete logarithm, such as [[Digital Signature Algorithm|DSA]], it is required that ''p'' − 1 have at least one large prime factor. |
||
== Miscellaneous facts == |
|||
==See also== |
|||
A computationally large [[safe prime]] is likely to be a cryptographically strong prime. |
|||
Note that the criteria for determining if a pseudoprime is a [[strong pseudoprime]] is by congruences to powers of a base, not by inequality to the arithmetic mean of neighboring pseudoprimes. |
|||
When a prime is equal to the mean of its neighboring primes, it's called a [[balanced prime]]. When it's less, it's called a '''weak prime''' (not to be confused with a [[weakly prime number]]). |
|||
The usage of strong primes for RSA algorithm and the security itself of any transaction using RSA reccomandation could be under risk in case of proof of the [[Riemann Hypotesys]]. Infact the proof of this conjecture could disclose a way to locate prime numbers among the natural ones giving an indication of where to find specific prime numbers. |
|||
Riemann assumption about the zeros of Zeta function is strictly related to the precsion in the location of primes numbers in given ranges of natural numbers. This dependency was clear since Eulero time who proposed a new form for Riemann function based on primes factors instead of natural numbers. |
|||
== References == |
== References == |
||
| Line 48: | Line 50: | ||
==External links== |
==External links== |
||
* [http://www.isg.rhul.ac.uk/ugcs/Companion_v1.21.pdf Guide to Cryptography and Standards] |
* [http://www.isg.rhul.ac.uk/ugcs/Companion_v1.21.pdf Guide to Cryptography and Standards] |
||
* [http://numerentur.org/1-clases-de-primos/ Example of strong prime numbers in java] |
|||
* [http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/strong-primes.htm 3.1.4 What are Strong Primes and are they Necessary for the RSA System?] - RSA Lab's explanation on strong vs weak primes |
* [http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/strong-primes.htm 3.1.4 What are Strong Primes and are they Necessary for the RSA System?] - RSA Lab's explanation on strong vs weak primes |
||
Latest revision as of 04:58, 22 May 2024
 | This article needs additional citations for verification. (October 2018) |
 |
In mathematics, a strong prime is a prime number with certain special properties. The definitions of strong primes are different in cryptography and number theory.
Definition in number theory
[edit]In number theory, a strong prime is a prime number that is greater than the arithmetic mean of the nearest prime above and below (in other words, it's closer to the following than to the preceding prime). Or to put it algebraically, writing the sequence of prime numbers as (p1, p2, p3, ...) = (2, 3, 5, ...), pn is a strong prime if pn > pn − 1 + pn + 1/2. For example, 17 is the seventh prime: the sixth and eighth primes, 13 and 19, add up to 32, and half that is 16; 17 is greater than 16, so 17 is a strong prime.
The first few strong primes are
- 11, 17, 29, 37, 41, 59, 67, 71, 79, 97, 101, 107, 127, 137, 149, 163, 179, 191, 197, 223, 227, 239, 251, 269, 277, 281, 307, 311, 331, 347, 367, 379, 397, 419, 431, 439, 457, 461, 479, 487, 499 (sequence A051634 in the OEIS).
In a twin prime pair (p, p + 2) with p > 5, p is always a strong prime, since 3 must divide p − 2, which cannot be prime.
Definition in cryptography
[edit]In cryptography, a prime number p is said to be "strong" if the following conditions are satisfied.[1]
- p is sufficiently large to be useful in cryptography; typically this requires p to be too large for plausible computational resources to enable a cryptanalyst to factorise products of p with other strong primes.
- p − 1 has large prime factors. That is, p = a1q1 + 1 for some integer a1 and large prime q1.
- q1 − 1 has large prime factors. That is, q1 = a2q2 + 1 for some integer a2 and large prime q2.
- p + 1 has large prime factors. That is, p = a3q3 − 1 for some integer a3 and large prime q3.
It is possible for a prime to be a strong prime both in the cryptographic sense and the number theoretic sense. For the sake of illustration, 439351292910452432574786963588089477522344331 is a strong prime in the number theoretic sense because the arithmetic mean of its two neighboring primes is 62 less. Without the aid of a computer, this number would be a strong prime in the cryptographic sense because 439351292910452432574786963588089477522344330 has the large prime factor 1747822896920092227343 (and in turn the number one less than that has the large prime factor 1683837087591611009), 439351292910452432574786963588089477522344332 has the large prime factor 864608136454559457049 (and in turn the number one less than that has the large prime factor 105646155480762397). Even using algorithms more advanced than trial division, these numbers would be difficult to factor by hand. For a modern computer algebra system, these numbers can be factored almost instantaneously. A cryptographically strong prime has to be much larger than this example.
Application of strong primes in cryptography
[edit]Factoring-based cryptosystems
[edit]Some people suggest that in the key generation process in RSA cryptosystems, the modulus n should be chosen as the product of two strong primes. This makes the factorization of n = pq using Pollard's p − 1 algorithm computationally infeasible. For this reason, strong primes are required by the ANSI X9.31 standard for use in generating RSA keys for digital signatures. However, strong primes do not protect against modulus factorisation using newer algorithms such as Lenstra elliptic curve factorization and Number Field Sieve algorithm. Given the additional cost of generating strong primes RSA Security do not currently recommend their use in key generation. Similar (and more technical) argument is also given by Rivest and Silverman.[1]
Discrete-logarithm-based cryptosystems
[edit]It is shown by Stephen Pohlig and Martin Hellman in 1978 that if all the factors of p − 1 are less than logc p, then the problem of solving discrete logarithm modulo p is in P. Therefore, for cryptosystems based on discrete logarithm, such as DSA, it is required that p − 1 have at least one large prime factor.
Miscellaneous facts
[edit]A computationally large safe prime is likely to be a cryptographically strong prime.
Note that the criteria for determining if a pseudoprime is a strong pseudoprime is by congruences to powers of a base, not by inequality to the arithmetic mean of neighboring pseudoprimes.
When a prime is equal to the mean of its neighboring primes, it's called a balanced prime. When it's less, it's called a weak prime (not to be confused with a weakly prime number).
References
[edit]- ^ a b Ron Rivest and Robert Silverman, Are 'Strong' Primes Needed for RSA?, Cryptology ePrint Archive: Report 2001/007. http://eprint.iacr.org/2001/007
External links
[edit]- Guide to Cryptography and Standards
- 3.1.4 What are Strong Primes and are they Necessary for the RSA System? - RSA Lab's explanation on strong vs weak primes