Diese Präsentation wurde erfolgreich gemeldet.

# Generating random primes

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
×

1 von 17 Anzeige

# Generating random primes

Anzeige
Anzeige

## Weitere Verwandte Inhalte

Anzeige

### Generating random primes

1. 1. Generating random primes John-Andre Bjorkhaug Gjøvik University College February 2014 Abstract In public key ciphers like RSA there is a need for large random prime numbers, to make the cipher secure against an adversary. Gen- erating random numbers is a diﬃcult task on its own, but when these numbers also need to be prime numbers, there is a lot of mathematics in play. This paper will describe both how random numbers can be generated, and how to check if the numbers are prime. This paper is organized as follows. An introduction describing what prime num- bers is, and the importance of randomness. Then follows a discussion around works that are related to this paper. A part describing sources of random numbers, both true- and pseudorandom Then there is a part describing prime number theory. Then there will be a discussion on the need for primality test, and how this is done, with explanation on some of the best known primality test methods, Fermat, Solovay- Strassen and Rabin-Miller. Included in the paper there is also an Python implementation of a random prime number generator using the Rabin-Miller primality test. The paper ends with a conclusion. 1 Introduction A prime number is deﬁned to be any positive integer, which is greater than 1, and dividable only by itself and by 1, for example 2, 3, 5, 7, 11, 13 etc. [2]. Ancient Egyptian records show that they had some knowledge about prime numbers, but the ﬁrst real mention of prime numbers in history was by the Greek mathematician Euclid, from around 300 B.C. Euclid came up with two very important prime number theorems, that will be discussed later in this paper. After the Greeks, there where not much mention of prime numbers in history, before 1640. This year Fermat wrote that he was ”almost convinced” that numbers of a form 2n +1 were primes, if n was a power of 2. Euler later 1
2. 2. proved this wrong when he showed that this was false for n = 25 = 32, because 232 + 1 = 4294967297 is dividable by 641 4294967297 641 = 6700417 [2]. Euler also contributed with more theories about prime numbers in among others his paper ”Variae observationes circa series inﬁnitas” [5]. During the 17th, 18th and 19th century, other famous mathematicians like Legendre, Gauss, Mersenne, Chebyshev and Riemann, also made big contributions to the research of prime numbers. Legendre, Gauss, Fermat and Mersenne will be discussed later in this paper. Although prime numbers have been known for thousands of years, there was not much practical use for them, before the concept of public-key cryptography, which was invented in the 1970s. The use of prime numbers in cryptography will be discussed in section 4. This paper is organized as follows. Section 1 is the introduction you now are reading. Section 2 discusses works that are related to this paper. Section 3 describes random numbers, and sources of random numbers, both true- and pseudorandom. Section 4 gives a introduction to prime number theory, including its history, and its use within cryptography. Section 5 describes the need for primality test, and how this is done, with multiple primality test methods, Fermat, Solovay-Strassen and Miller-Rabin. Section 6 gives a conclusion of the paper. 2 Related work Many general cryptography books like for example ”Handbook of applied cryptography” by Menez et.al. [16] and ”Applied cryptography” by Schneier [22] have rather large parts discussing both random numbers and primes. These two books have been among the biggest resources for this paper. [16] have been an especially good resource for the mathematics used in this pa- per. The paper ”The Generation of Random Numbers That Are Probably Prime” by Beuchemin et.al. [1] is a more speciﬁc paper, similar to the paper you now are reading. Also, there is numerous books, covering only primes, like for example ”Prime numbers and computer methods for factorization” by Hans Riesel from 2012[20], and ”Primality and Cryptography” by Evan- gelos Kranakis from 1986 [13]. When it comes to random number genera- tion, books like ”Random number generation and Monte Carlo methods” by James E. Gentle from 2003 is a good source. Also, the paper ”Cryptographic Random Numbers” by Carl Ellison, which originally was an appendix to IEEE P1363: Standard Speciﬁcations For Public Key Cryptography, is a good introduction to random number generation. In addition, general en- cyclopaedias, like for example the Encyclopaedia Britannica [2] have quite a good description about prime numbers, and simple primality testing. The 2
3. 3. history of public key encryption is covered in in detail in Steven Levy’s book ”Crypto: How the Code Rebels Beat the Government–Saving Privacy in the Digital Age” from 2001 [15]. The ”bible” of cryptographic history ”Code- breakers” by David Kahn from 1974/1996 [12], also have a short version of the history of public-key encryption. 3 Generating random numbers A random number generator is a device or an algorithm which outputs sta- tistically independent and unbiased numbers [16]. The two biggest needs for random numbers is within the ﬁelds of gambling and cryptography. In gambling, the ﬁrst techniques for developing random numbers and random sequences were coin tosses, dices, card shuﬄing, and roulette wheels. Tech- niques like this was good enough, when you only needed few and short ran- dom sequences, but when it comes to cryptography and random numbers for use in digital games, other techniques are needed. Sources capable of generation large numbers of large random numbers is needed. To test if a random number generator really is generating random numbers, statistical tests must be performed to measure the quality of the generator. It is impos- sible to mathematically prove that a generator is a random number generator, but the statistical tests will help detect vulnerabilities in the generator [16]. 3.1 True random sources True random number generators can be split into to categories, hardware- based and software-based. Hardware-based random number generators uses the randomness that occur in physical phenomena, but the problem with these sources is that they may produce numbers that are biased or correlated. That a randomly generated bit is biased, means that the probability that the source generates a 1 is not equal to 1 2 . That the bit is correlated, means that the next bit might be depended on the previous one. Below are some examples of sources that can be used for a hardware-based true random number generator [4] [16] [22]: • Radioactive radiation • Thermal noise from a resistor • Sound from a microphone or video from a camera • Atmospheric noise 3
4. 4. • Frequency instability of a free running oscillator The website www.random.org oﬀers true random numbers, through the use of atmospheric noise received with a simple radio receiver [9]. Designing a software-based true random number generator is not a simple task. One of the reasons for this is that it can be diﬃcult to prevent an adversary to observe or tamper with the generation process. Below are some examples of sources that can be used for a software-based true random gen- erator [4] [16]: • The system clock • Time between keystrokes or mouse movements • Content of buﬀers • Values like system load and network activity The Full Disk Encryption software TrueCrypt for Windows uses among other methods keyboard and mouse movements, together with network interface statistics [25]. In Linux, Mac OS X, FreeBSD and some other ”Unixoid” op- erating system there is the /dev/random and /dev/urandom random number generators, which by some are considered good enough for cryptographic pur- pose, and by some not [3]. 3.2 Pseudorandom sources The output from pseudorandom sequence generators, looks like they are ran- dom, but they are not. The only part of generator like this which is random, is the key, or seed, which is the generators initial state. The generator takes this random key, and turns in to a much longer sequence, and making it impossible for an adversary to distinguish the pseudorandom sequence from a true random sequence [18]. A pseudorandom number generator is a de- terministic algorithm which outputs numbers that appears to be random, when given a true random initial state called a seed [16]. Example of pseu- dorandom number generators are the ANSI X9.17, which was approved by the US Federal Information Processing Standard (FIPS) for generation of DES keys, and the FIPS 186 generator which is approved by FIPS to gen- erate random numbers for the Digital Signature Algorithm (DSA). These two methods have not been proved to be cryptographically secure, but they appear suﬃcient for most applications [16]. Pseudorandom number gener- ators like the RSA pseudorandom bit generator and the Blum-Blum-Shub pseudorandom bit generator are proved to be cryptographically secure. For a 4
5. 5. Pseudorandom number generator to be cryptographically secure it must pass the next-bit test, and for that it also must pass the polynomial-time statistical test. For more information about these tests, the reader is recommended to take a look at [16, p. 171]. 4 Prime numbers As mentioned in the introduction there have been a big interest in the mys- teries of prime numbers for a very long time, and some of the theory that we still are using is from the early days of mathematics. The Greek mathemati- cian Euclid, wrote about prime numbers in his book ”Elements” around 300 B.C. Euclid´s two theorems about prime numbers are still today some of the fundamental theorems of number theory. Euclid´s ﬁrst theorem says that if p is a prime and p|ab, then p|a or p|b. Euclid´s second theorem is saying that there is an inﬁnite number of primes [2]. Also, another important theorem about prime numbers, simply called the Prime number theorem, gives the number of prime number ≤ n [16]: lim x→∞ π(n) n ln(n) = 1 Which for large values of n, gives: π(n) ≈ n ln(n) This was suggested by Carl Friedrich Gauss in 1792, when he was only 15 years old [24]. 4.1 Mersenne primes Today, the largest known prime number is 2257885161 −1, which is a Mersenne prime. A Mersenne prime is a subgroup of Mersenne numbers given by 2n −1. When n is a composite number, the result is also composite, but when n is prime, the result can also be a prime, but it does not need to [2]. To this day, there are only 48 Mersenne primes known, the ﬁrst ﬁve being 3, 7, 31, 127 and 8191. All new Mersenne primes found after 1996, is found by Great Internet Mersenne Prime Search using Lucas-Lehmer Primality Testing, which only works for Mersenne primes [6]. More information about Mersenne primes, and Lucas-Lehmer Primality Testing, can be found in [16] and [6]. 5
6. 6. 4.2 The use of prime numbers in cryptography In the year of 1874, William Stanley Jevons described the use of large prime numbers in one-way functions for use in cryptography. He explained the problem with factorization the product of two large prime numbers [11], and by this anticipated one of the key features of RSA, but he did not invent the public key cryptography [7]. Over 100 hundred years later, in 1976 Withﬁeld Diﬃe and Martin Hellman, invented the Diﬃe-Hellman key exchange, which could be used to secure the exchange of cryptographic keys. Just one year after, in 1977 Ron Rivest, Adi Shamir and Leonard Adleman, invented the public-key encryption technique, which was named RSA after the surnames of the inventors. In 1997, it became publicly known that asymmetric key algorithm were developed by James H. Ellis, Cliﬀord Cocks and Malcolm Williamson at the Government Communications Headquarters (GHCQ) in UK in 1973. Both Diﬃe-Hellman key exchange and a RSA like public key encryption technique was claimed to be invented in secrecy by these three GHCQ employees, calling it ”non-secret encryption” [15]. The security in RSA depend on the fact that it is diﬃcult to factorize large composite numbers. To generate the public key in RSA, you need a composite number n which is the product of p and q, where p and q is two large primes of approximately the same size. The security lies in that it is diﬃcult to ﬁnd p given n and the ciphertext, this is called the RSA problem. In RSA these are typically 1024 to 2048 bits long [18]. Today, using n with the size of for example 1024 and 2048 bits, there is no way of factor it, but there is a relative high probability that this will be possible in the future, with new factoring algorithms and faster computer equipment. The solution can then be to use larger numbers, for example 4096. If there ever will be and algorithm factorizing an arbitrary composite integer, the security of RSA is broken. This can also happen when and if there will be quantum computers, capable of handling very large numbers. The use of prime numbers in RSA, gives that there is a need for an extremely high number of prime numbers. Won’t we run out of them? The answer is no, the number of prime numbers is so extremely high, that it is hard to image. Bruce Schneier gives a very good illustration of this in his book ”Applied cryptography” [22]. ”.... there are approximately 10151 primes 512 bits in length or less. For numbers near n, the probability that a random number is prime is approximately one in ln(n). So the total number of primes less than n is n ln(n) . There are only 1077 atoms in the uni- verse. If every atom in the universe needed a billion new primes every microsecond from the beginning of time until now, you would only need 10109 primes; there would still be approximately 6
7. 7. 10151 512-bit primes left” As mentioned, in RSA a key length if 1024 and 2048 bits is very common. With a key length of 1024 bits, the number of prime numbers is shown in the calculation below: π(21025 − 1) − π(21024 − 1) ≈ 21025 − 1 ln(21025 − 1) − 21024 − 1 ln(21024 − 1) ≈ 2.53 ∗ 10305 Generating random prime numbers doesn’t sound so diﬃcult, and it isn’t either, when the numbers are relatively low. When the numbers get large, really large, as for example for use in RSA, they are diﬃcult to test if they are a prime prime. The test to make sure a number is a prime is called primality testing, and will be discussed in the next section. 5 Generating random primes To generate a random prime, there are basically four steps [18] [16]: 1. Generate a random integer n 2. If n is even, replace with n + 1 3. Perform primality test of n 4. If n is not prime, test if n + 2 is prime etc. . . . Generating random numbers are already discussed, so now follows diﬀer- ent methods of primality testing. 5.1 Primality test The simplest method for primality testing is trial division, testing if an n is dividable by any of the numbers which is less than the number itself. This test, together with tests like the Sieve of Eratosthenes from around 250 B.C., is called Naive primality tests [2]. The Sieve of Eratosthenes can be used on numbers up to approximately 10,000,000 [20]. When numbers are getting large tests like this is infeasible, it will simply take to much time. I will not dive any more into the simple Naive primality tests in this paper, readers interested in this can take a look in about every book covering prime numbers. To perform primality testing on large numbers, used in for example cryptography, one must seek to probabilistic primality testing. A probabilistic primality test takes a number n, and test if it is composite or prime, with a 7
8. 8. certain probability. The background for probabilistic primality testing, are as follows [16]. For every odd integer n, a set W (n) ⊂ Z is deﬁned after the following properties : 1. For an integer a ∈ Z , it can be checked if a ∈ W (n) in a deterministic polynomial time. 2. If n is prime W (n) = ∅. 3. If n is composite, #W (n) ≥ n 2 . In addition, if n is composite, all elements of the set W (n) are called witnesses to the composition of n. The elements of the inverse set L (n) = Z − W (n), are called liars. Probabilistic primality tests, exploits these properties of the set W (n) in the following way [16]. You start with an odd integer n which is the integer to be tested if it is prime. An integer a is then randomly chosen, such that 2 ≤ a ≤ n − 2. This a is then checked if it is an element of W (n). If a ∈ W (n), the test outputs ”composite”, and if a /∈ W (n), it outputs ”prime”. If the test outputs ”composite”, n is by sure a composite number, and it is said to fail the primality test for the base a . If the test outputs ”prime”, n is said to pass the primality test for the base a, but it can not be concluded by sure that n is indeed prime. Therefore, it is enough to run the test one time if the output is ”composite”, but if the output is ”prime”, it is necessary to perform the test multiple times, to get a higher probability that n really is a prime. The number of times to run the test is called the security parameter, and is in many cases notated with a t. If a test is repeated t times with a diﬀerent random value for a for each time, the probability that the test output ”prime” all t times is (frac12)t . This is the reason that an integer passing a probabilistic primality test as a prime is said to be probable prime. There exists a number of probabilistic primality tests, but this paper will focus on the three most known; Fermat primality test, Solovay-Strassen pri- mality test, and the Rabin-Miller primality test. 5.1.1 Fermat’s primality test Pierre de Fermat was a French mathematician living from 1601 to 1665, which came up with some important theorems about prime numbers [2]. Maybe the most important one is Fermat’s little theorem f, which is used by the Fermat’s primality test probabilistic primality test, and which many more advanced tests also are based on. This theorem says that if p is prime a is not a multiple of p, then [22]: ap−1 ≡ 1 mod p 8
9. 9. This means that the Fermat primality test can be performed with the following algorithm [16]: INPUT: An odd integer n ≥ 3 and a security parameter t ≥ 1. OUTPUT: An answer to the question “is n prime”: “prime” or “composite”. 1. For i from 1 to t, do: 1.1 Choose a random integer a, such that 2 ≤ a ≤ n − 2 1.2 Compute r = an−1 mod n 1.3 If r = 1 return ”composite” 2. Return ”prime” If the algorithm outputs ”composite” the result is by sure composite, but if the output is ”prime” there is no proof n actually is prime. A problem with Fermat’s primality test, is that it fails to to see the diﬀerence between prime numbers, and a special group of composite integer called Carmichael numbers, which full ﬁlls an−1 ≡ 1 mod n for any a which satisﬁes gdc(a, n) = 1. This is one of the reasons it is necessary with more complex primality tests. Today, the Fermat’s primality test is more of a historical interesting subject, than of any practical use. 5.1.2 Solovay-Strassen The Solovay-Strassen primality test was developed by Robert Solovay and Volker Strassen, and presented in the article ”A fast Monte-Carlo test for pri- mality” in 1977 [23] . As the name of their article says, the Solovay-Strassen test is a Monte-Carlo test, which opposite to a deterministic algorithm not always is correct. The reason the Solovay-Strassen test is relatively good known, is because of its use in early public-key cryptography. This algo- rithm uses the Jacobi symbol to test if a number is prime. The reader of this paper is expected to be familiar with the Jacobi and Legendre symbol, but for those with less knowledge, a short description will here follow. The Legendre symbol can be use to determine if an integer a is a quadratic residue modulo a prime p. An a ∈ Z∗ p is said to be quadratic residue modulo n if there exists and x ∈ Z∗ p , so x2 = a( mod n). If this is the case it is notated a ∈ Qp, if it is not a ∈ Qp. The quadratic residue comes into play when we now deﬁne the Legendre symbol, which according to [16] is deﬁned like: a p = 0 if p|a +1 if a ∈ Qp −1 if a ∈ Qp 9
10. 10. It can be shown that combining this with Euler’s criterion, you’ll get: a p = a p−1 2 mod p The Jacobi symbol is a generalization of the Legendre symbol, for use on integers n which is odd, but not necessarily prime. This means that for a odd n ≥ 3 and with prime factorization n = pe1 1 pe2 2 · · · pek k the Jacobi symbol a p is deﬁned like: a p = k i=1 a pi ei This implies that if n is a prime, the Jacobi symbol equals the Legendre symbol [16]. 0 n = 2 n = The algorithm for Solovay-Strassen primality test is as follows [16] [22]: INPUT: An odd integer n ≥ 3 and a security parameter t ≥ 1. OUTPUT: An answer to the question “is n prime”: “prime” or “composite”. 1. For i from 1 to t, do: 1.1 Choose a random integer a, such that 2 ≤ a ≤ n − 2 1.2 Compute r = a n−1 2 mod n (the Legendre symbol) 1.3 If r = 1 and r = n − 1 return “composite”. 1.4 Calculate the Jacobi symbol s = a n 1.5 If r = s mod n, return ”composite” 2. Return ”prime” Here follows an example with numbers: n = 83777 a = 4589 r = a n−1 2 mod n r = 4589 83777−1 2 mod 83777 = 83776 = n − 1 → PRIME) a = 63124 r = 63124 83777−1 2 mod 83777 = 1 = n − 1 → PRIME) 10
11. 11. Therefore, 83777 is prime. 5.1.3 Rabin-Miller The Rabin-Miller primality test, which also often is called the Miller-Rabin primality test, is another probabilistic primality Monte Carlo test. This test was developed by Michael Rabin, which based it on Gary Miller’s ideas [17]. The algorithm was ﬁrst published in the article ”Probabilistic algorithm for testing primality” in 1980 [19]. Today there is no reason to use the Solovay- Strassen test, the Rabin-Miller primality test is both more eﬃcient, and at least as accurate. Therefore this is the algorithm mostly used for primality testing today. The algorithm for Rabin-Miller primality test is as follows [16] [22]: INPUT: An odd integer n ≥ 3 and a security parameter t ≥ 1. OUTPUT: An answer to the question “is n prime”: “prime” or “composite”. 1. Find s and r in n − 1 = 2s ∗ r so, r is odd. 2. For i from 1 to t, do: 2.1 Choose a random integer a, such that 2 ≤ a ≤ n − 2 2.2 Calculate y = ar mod n 2.3 If n = 1 and n = n − 1, do: j ← 1 While j ≤ s − 1 and y = n − 1, do: Compute y = y2 mod n if y = 1 return “composite” j ← j+1 If y = n − 1 return “composite” 3. Return “prime” If the algorithm outputs ”composite” n is absolutely sure composite, also if n is prime, the algorithm always output ”prime”. But if the algorithm outputs ”prime”, there is a probability that n is composite. If this is the case, the a used, is called a strong liar for n. This is the reason for running the algorithm multiple times, as discussed earlier. According to [22] a rec- ommended security parameter, the number of times to run the algorithm, is t = 5. The security parameter t, deﬁnes the number of times the algorithm shall run with diﬀerent a. If n is an odd composite integer, at most 1 4 of all a, 1 ≤ a ≤ n − 1, are a strong liar for n [16]. An alternative to the last step, 2.3, is compute y = ar mod n, and for each j for 0 ≤ j ≤ s − 1 calculate y = a2∗j∗r mod n, which gives the same result. Many examples in books 11
12. 12. and articles uses this instead, like for example [10] and the Python script in [21]. An example with numbers using this algorithm where n is prime is shown below: n = 83777 n − 1 = 2s ∗ r 83777 − 1 = 26 ∗ 1309 s = 6 r = 1309 a = 4589 y = ar mod n y = 45891309 mod 83777 = 69263 j = 0 yj=0 = 692632 mod 83777 = 40818 yj=1 = 408182 mod 83777 = 35925 yj=2 = 359252 mod 83777 = 20940 yj=3 = 209402 mod 83777 = 78559 yj=4 = 785592 mod 83777 = 83776 = n − 1 → PRIME) a = 63124 y = 631241309 mod 83777 = 5218 yj=0 = 52182 mod 83777 = 83776 = n − 1 → PRIME) Therefore, 83777 is prime. Another example, showing the result when n is composite: n = 83781 n − 1 = 2s ∗ r 83781 − 1 = 22 ∗ 20945 s = 2 r = 20945 a = 4589 y = 458920945 mod 83781 = 50786 j = 0 yj=0 = 507862 mod 83781 = 19711 yj=1 = 197112 mod 83781 = 31024 = n − 1 → COMPOSITE) Therefore, 83781 is composite. Since it is composite, there is no reason to run the calculations with another random a. 12
13. 13. Below is the Rabin-Miller algorithm implemented together with a ran- dom number generator in Python, to produce random prime numbers. The Python script takes the length of the prime number to be generated in bits as input argument. #!/usr/bin/python # Usage: python randomprime.py <length of prime number in bits > from random import randint import sys def try_composite(a,r,n,s): y = pow(a, r, n) if y == 1: return False for j in range(s): y=pow(a, y^2, n) if pow(a, 2**j * r, n) == n-1: return False return True def is_probable_prime (n): if n == 2 or n == 3: return True if n % 2 == 0: return False s = 0 s = 0; r = n-1 while True: quotient , remainder = divmod(r, 2) if (remainder == 1): break s +=1 r = quotient t = 5 for i in range(t): a = randint (2,n-2) if try_composite(a,r,n,s): return False return True def rng(min , max): return randint(min ,max) def main(arg): b = int(arg) min = 2**b max = 2**(b+1)-1 while True: n = rng(min ,max) if is_probable_prime (n): print n break 13
14. 14. if __name__ == ’__main__ ’: main(sys.argv [1]) A run of the program with a timer on how much time it uses to produce a 1024 bit long random prime number is shown in Figure 1. The screenshot Figure 1: A run of the Random prime number generator using the Rabin- Miller primality test, with timing of how long time it uses is taken from a run on a Mac Book Pro from 2012 with 16GB RAM and a 2.6GHz quad core Intel Core i7 CPU, but running only as one thread, in other words, using only one core. As seen in the screenshot, the Python script uses 4.547 seconds to generate a 1024 bit long random prime number. The time used depends on other processes running on the computer at the same time, and how lucky the program is to ﬁnd a prime number when picking a random number. Under testing it was as low as 2.151 seconds, in generating a 1024 bit long prime number. In 1993 tests were done on a SPARC II computer, where it used approximately 5 minutes to generate a 1024 bit prime number [14] [22]. A lot have happened with the speed of computers in 20 years. 6 Conclusion Generating random prime number sounds, for the unknowingly, as a simple task. And it is, if the numbers are small. But when the numbers are getting large, really large, for us in for example cryptology, this is no easy task any more. In fact there are computers around the world trying to break records in ﬁnding the largest prime number. Like for example the ”Great Internet Mersenne Prime Search”, which ﬁnds new Mersenne prime numbers. The last one was found in January 2013, it had then been 5 years since the last one was found. For cryptography, we do not need the worlds largest prime numbers, but we need prime numbers that are large enough to keep our secrets secret. Today, with all of Edward Snowden’s leakages about the National Security Agency [8], this is maybe more important than ever. For the use in RSA, today a prime number of 2048 bits is considered secure, but who know how big 14
15. 15. numbers we will need in the future when better algorithms for factorization might be developed, or maybe cryptosystems based on other problems, like Ecliptic Curve Cryptography (ECC) or discrete logarithm, need to be more used. References [1] Beauchemin, P., Brassard, G., Cr´epeau, C., Goutier, C., and Pomerance, C. The generation of random numbers that are probably prime. Journal of Cryptology 1, 1 (1988), 53–64. [2] Britannica, E., et al. The New Encyclopædia Britannica. Ency- cloædia Britannica, 1988. [3] Dodis, Y., Pointcheval, D., Ruhault, S., Vergniaud, D., and Wichs, D. Security analysis of pseudo-random number generators with input: /dev/random is not robust. In Proceedings of the 2013 ACM SIGSAC Conference on Computer &#38; Communications Secu- rity (New York, NY, USA, 2013), CCS ’13, ACM, pp. 647–658. [4] Ellison, C. Cryptographic random numbers. http://world.std.com/ cme/P1363/ranno.html, 2004. Accessed : 14.feb.2014. [5] Euler, L. Variae observationes circa series inﬁnitas. http://eulerarchive.maa.org/docs/originals/E072.pdf, 1742. Accessed : 10.feb.2014. [6] GIMPS. Great internet mersenne prime search. http://www.mersenne.org/, 2013. Accessed : 05.feb.2014. [7] Golomb, S. W. On factoring jevons’number. Cryptologia 20, 3 (1996), 243–246. [8] Guardian. The nsa ﬁles. http://www.theguardian.com/world/the-nsa- ﬁles, 2014. Accessed : 17.feb.2014. [9] Haahr, D. M. Random.org. www.random.org. Accessed : 16.jan.2014. [10] Hoffoss, D. The rabin-miller primality test. http://home.sandiego.edu/ dhoﬀoss/teaching/cryptography/10-Rabin- Miller.pdf, 2013. Accessed : 15.feb.2014. 15
16. 16. [11] Jevons, W. S. The principles of science: A treatise on logic and scientiﬁc method, 1874. [12] Kahn, D. The Codebreakers: The comprehensive history of secret com- munication from ancient times to the internet. Simon and Schuster, 1996. [13] Kranakis, E. Primality and Cryptography. John Wiley & Sons, Inc., New York, NY, USA, 1986. [14] Lacy, J. B., Mitchell, D. P., and Schell, W. M. Cryptolib: Cryptography in software. In Proc. Fourth USENIX Security Workshop (1993), pp. 1–17. [15] Levy, S. Crypto: How the Code Rebels Beat the Government–Saving Privacy in the Digital Age. Penguin USA, 2001. [16] Menezes, A. J., Van Oorschot, P. C., and Vanstone, S. A. Handbook of applied cryptography. CRC press, 2010. [17] Miller, G. L. Riemann’s hypothesis and tests for primality. Journal of computer and system sciences 13, 3 (1976), 300–317. [18] Petrovic, S. Lecture slides imt4552 cryptology 2, 2014. [19] Rabin, M. O. Probabilistic algorithm for testing primality. Journal of number theory 12, 1 (1980), 128–138. [20] Riesel, H. Prime numbers and computer methods for factorization. Springer, 2012. [21] Rosettacode. Miller-rabin primality test. http://rosettacode.org/wiki/Miller-Rabin primality test#Python, 2014. Accessed : 14.feb.2014. [22] Schneier, B. Applied cryptography. Protocols, Algorithms, and Source Code in C. John Wiley & Sons, Inc, 1996. [23] Solovay, R., and Strassen, V. A fast monte-carlo test for primality. SIAM journal on Computing 6, 1 (1977), 84–85. [24] Storyofmathematics. 19th century mathematics - gauss. http://www.storyofmathematics.com/19th gauss.html, 2010. Accessed : 15.feb.2014. 16
17. 17. [25] TrueCrypt. Random number generator. http://www.truecrypt.org/docs/random-number-generator, 2004. Accessed : 14.feb.2014. 17