Strong prime

In mathematics, a strong prime is a prime number with certain special properties. The definitions of strong primes are different in cryptography and number theory.

YouTube Encyclopedic

1/5
Views:
915 794
216 622
648 079
538 973
41 026

Transcription

DR. JAMES GRIME: So I've got a very big number to show you today used by NatWest Bank so that you can send them your secret bank details. It starts 2 3 4 5 3 6 7 6 2 8-- [MULTIPLE CLIPS OF NUMBERS BEING COUNTED AT THE SAME TIME] --7. Did you get that, or do you want me to repeat it? So this number that we are reading out is 617 digits long. All banks have similar numbers when you want to send them your credit card details. This is not a secret number. In fact, your computer will download this number when it wants to send your credit card details. It's there to find. This is public. So this code that they use on the internet is called RSA. It's named after the three people who came up with it, who were Rivest, Shamir, Adleman. Should I show you how it works? BRADY HARAN: Please. DR. JAMES GRIME: All right. Imagine if you had a secret that you wanted to send to the bank. So the bank provides you with a box, and it provides you with a key to lock the box. So you can put your secret inside and you can lock it, and then you can send the secret to the bank. That's good, isn't it? But the problem is that the bank is giving everyone one of these boxes and a key that goes with it, and that means that, well, one person could steal someone else's box and use the key to unlock it and read their secrets. That would be terrible. We can't do that. So what the banks do, same sort of idea but instead of giving out keys, they give out padlocks. So they give everyone a box. You've got a secret. Put it inside the box. Lock it not with a key but with a padlock. It goes click. It's snapped shut. Once it's locked and snapped shut, you don't have the padlock key, so you can't reverse it. You can't open it up. So if someone steals your box, they don't have the key either. They've got padlock, but they don't have the key to open the padlock. The only person that does is the bank themselves. And it's a way to send secret messages without having to send out the keys. It's easy to lock the code, but it's hard to unlock the code. First of all, I have to explain this with the smallest example I can, and then I'll show you why we use that massive number. Let's say you're the bank and you give out two numbers. They're public, so everyone can know them. They're not secret numbers. I'm going to choose the number 3 and the number 10. The bank also has a secret number. The bank secret number, for now, you don't know what it is. No one knows what it is. Only the bank knows what that secret number is. I had a very bad breakfast this morning, so I'm going to send the message BAD CHEF. The first thing you do if you have a message like that is to turn the letters into numbers. That's quite simple. A is 1, B is 2, and Z is 26. Simple stuff. C is 3, D is 4. Now I'm going to turn it into a code, and I'm going to use the number 3. Now there are some codes that would just add 3, or there are some codes that would multiply by 3. What we're going to do is raise to the power 3, so we're going to cube these numbers here. Let's do that. So I get 2 cubed, which is 8. 1 cubed, which is 1. 5 cubed is 125. And 6 cubed, 216. The final step is to use the second number, the number 10. I'm going to divide by 10, and I'm going to look at the remainder. So if I take something like 512, when I divide by 10, it would be 51 10's and 2 leftover. So that's just 2. 5 here, 1 and 4. And that's your code. And that's what you would send. The bank, or the person who is going to decode this message, has a secret number. Now the secret number in this example is going to be 3. There's a formula to work out the secret number. I'm going to gloss over that for a second, but I'm going to show you what to do next to decode the message. This is my code. I'll write it out again. I'm going to do the same thing I did before. This time I'm going to use my secret number. It doesn't have to be the same as 3, but it just happens to be the same as the 3 we used before. But nevermind, it doesn't have to be. But I'm going to cube again. So I cube these numbers. We do like we did before. We divide by 10, and find the remainder. And then the decoder will turn that into letters, which is B, and he gets the message back again, BAD CHEF. Now that's just a taste of how it works. That's the process that your computer does every time you buy something on Amazon or eBay. One of the important numbers in this code was this 10. Now this 10 was made by multiplying two prime numbers together-- 2 times 5 are prime numbers. Multiply them together and you get 10. Now that massive number that I showed you that NatWest uses is the same idea. It's two massive prime numbers multiplied together. That's what it is. If you want work out the decode key, the secret key, you need to know the original prime numbers. Now the only way a spy, someone who wants to break the code, could work out the original prime numbers is to take that massive number and factorize it-- turn it back, break it up into the original two prime numbers. This is really hard. So hard that it's impractical to break with modern technology. The massive number I showed you was a 2,048-bit number. That means it's about 2 to the power 2,048. Now about a decade ago, we did manage to break 512-bit numbers. We were able to take that number and factorize it into its original primes. A few years ago, a team of academics managed to break the 768-bit number. It took this team of academics with all their resources two years to break at 768-bit key. And they said that to break what we use now, which is about 1,024, would take thousands of times longer. But given the speed of technology, they reckon that this sort of code, 1,024-bit, could be broken within a few years, they said. They said that a few years ago. So this should now start to be replaced. Gmail still uses this, but this should be replaced. And as you can see, NatWest have done that. All the banks have done that. They are now using 2,048-bit number, which again would take computers-- and I mean even with a proper attack-- big computers, it would still take them thousands of years to factorize that number into its original prime number. Now hidden in the details for this code is a mathematical fact that was worked out in the 17th century by Pierre de Fermat. He's famous for Fermat's Last Theorem. Well, this was Fermat's Little Theorem. If I take a number, a whole number, an integer, any number-- call it x. I'm going to raise it to a power. And it's going to be a prime number, so p for prime. I'm going to raise it to a power, and I'm going to takeaway x. This is a multiple of p, the prime number. Let me do an example. What I mean is if you took a number like 4, and then I took a prime number like 5, and then I takeaway 4, I would get 4 to the power 5, which is 1,024, takeaway 4, which is 1,020. And that is a multiple of 5, but that would be guaranteed. You're guaranteed to have a multiple of 5. Now you can imagine that in the 17th century when Fermat came up with this factor, people said, well, very nice mathematical fact, but that's pretty useless. What use are you going to have for that? And then suddenly the internet comes along, and it's massively useful. In fact, our whole modern world depends on this fact. So to use this code, the public key has two numbers. I've shown you the massively long one that NatWest uses. The other number that we need, which is the power that you have to raise, that is not as big. That is 65,537. Quite a big number. When you compare it to the second number, it's small. BRADY HARAN: If you're in the mood for even more about banks and really big numbers, then check out my latest video from the Chemistry Channel Periodic Videos, where we've been inside the Bank of England gold bullion vault, where they have a couple hundred billion pounds worth of gold lying around. That's not something you see every day. The link is here on the screen and below the video.

Definition in number theory

In number theory, a strong prime is a prime number that is greater than the arithmetic mean of the nearest prime above and below (in other words, it's closer to the following than to the preceding prime). Or to put it algebraically, writing the sequence of prime numbers as (p₁, p₂, p₃, ...) = (2, 3, 5, ...), p_n is a strong prime if $pn > .mw-parser-output .sfrac{white-space:nowrap}.mw-parser-output .sfrac.tion,.mw-parser-output .sfrac .tion{display:inline-block;vertical-align:-0.5em;font-size:85%;text-align:center}.mw-parser-output .sfrac .num{display:block;line-height:1em;margin:0.0em 0.1em;border-bottom:1px solid}.mw-parser-output .sfrac .den{display:block;line-height:1em;margin:0.1em 0.1em}.mw-parser-output .sr-only{border:0;clip:rect(0,0,0,0);clip-path:polygon(0px 0px,0px 0px,0px 0px);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}pn − 1 + pn + 1/2$ . For example, 17 is the seventh prime: the sixth and eighth primes, 13 and 19, add up to 32, and half that is 16; 17 is greater than 16, so 17 is a strong prime.

The first few strong primes are

11, 17, 29, 37, 41, 59, 67, 71, 79, 97, 101, 107, 127, 137, 149, 163, 179, 191, 197, 223, 227, 239, 251, 269, 277, 281, 307, 311, 331, 347, 367, 379, 397, 419, 431, 439, 457, 461, 479, 487, 499 (sequence A051634 in the OEIS).

In a twin prime pair (p, p + 2) with p > 5, p is always a strong prime, since 3 must divide p − 2, which cannot be prime.

Definition in cryptography

In cryptography, a prime number p is said to be "strong" if the following conditions are satisfied.^[1]

p is sufficiently large to be useful in cryptography; typically this requires p to be too large for plausible computational resources to enable a cryptanalyst to factorise products of p with other strong primes.
p − 1 has large prime factors. That is, p = a₁q₁ + 1 for some integer a₁ and large prime q₁.
q₁ − 1 has large prime factors. That is, q₁ = a₂q₂ + 1 for some integer a₂ and large prime q₂.
p + 1 has large prime factors. That is, p = a₃q₃ − 1 for some integer a₃ and large prime q₃.

It is possible for a prime to be a strong prime both in the cryptographic sense and the number theoretic sense. For the sake of illustration, 439351292910452432574786963588089477522344331 is a strong prime in the number theoretic sense because the arithmetic mean of its two neighboring primes is 62 less. Without the aid of a computer, this number would be a strong prime in the cryptographic sense because 439351292910452432574786963588089477522344330 has the large prime factor 1747822896920092227343 (and in turn the number one less than that has the large prime factor 1683837087591611009), 439351292910452432574786963588089477522344332 has the large prime factor 864608136454559457049 (and in turn the number one less than that has the large prime factor 105646155480762397). Even using algorithms more advanced than trial division, these numbers would be difficult to factor by hand. For a modern computer algebra system, these numbers can be factored almost instantaneously. A cryptographically strong prime has to be much larger than this example.

Application of strong primes in cryptography

Factoring-based cryptosystems

Some people suggest that in the key generation process in RSA cryptosystems, the modulus n should be chosen as the product of two strong primes. This makes the factorization of n = pq using Pollard's p − 1 algorithm computationally infeasible. For this reason, strong primes are required by the ANSI X9.31 standard for use in generating RSA keys for digital signatures. However, strong primes do not protect against modulus factorisation using newer algorithms such as Lenstra elliptic curve factorization and Number Field Sieve algorithm. Given the additional cost of generating strong primes RSA Security do not currently recommend their use in key generation. Similar (and more technical) argument is also given by Rivest and Silverman.^[1]

Discrete-logarithm-based cryptosystems

It is shown by Stephen Pohlig and Martin Hellman in 1978 that if all the factors of p − 1 are less than log^c p, then the problem of solving discrete logarithm modulo p is in P. Therefore, for cryptosystems based on discrete logarithm, such as DSA, it is required that p − 1 have at least one large prime factor.

Miscellaneous facts

A computationally large safe prime is likely to be a cryptographically strong prime.

Note that the criteria for determining if a pseudoprime is a strong pseudoprime is by congruences to powers of a base, not by inequality to the arithmetic mean of neighboring pseudoprimes.

When a prime is equal to the mean of its neighboring primes, it's called a balanced prime. When it's less, it's called a weak prime (not to be confused with a weakly prime number).

References

^ ^a ^b Ron Rivest and Robert Silverman, Are 'Strong' Primes Needed for RSA?, Cryptology ePrint Archive: Report 2001/007. http://eprint.iacr.org/2001/007

External links

Guide to Cryptography and Standards
3.1.4 What are Strong Primes and are they Necessary for the RSA System? - RSA Lab's explanation on strong vs weak primes

v t e Prime number classes
By formula	Fermat ( $2 2 n + 1$ ) Mersenne ( $2 p - 1$ ) Double Mersenne ( $2 2 p -1 - 1$ ) Wagstaff $(2 p + 1)/3$ Proth ( $k \cdot2 n + 1$ ) Factorial ( $n! \pm 1$ ) Primorial ( $p n # \pm 1$ ) Euclid ( $p n # + 1$ ) Pythagorean ( $4 n + 1$ ) Pierpont ( $2 m \cdot3 n + 1$ ) Quartan ( $x 4 + y 4$ ) Solinas ( $2 m \pm 2 n \pm 1$ ) Cullen ( $n \cdot2 n + 1$ ) Woodall ( $n \cdot2 n - 1$ ) Cuban ( $x 3 - y 3)/(x - y$ ) Leyland ( $x y + y x$ ) Thabit ( $3\cdot2 n - 1$ ) Williams ( $(b -1)\cdot b n - 1$ ) Mills ( $⌊ A 3 n ⌋$ )
By integer sequence	Fibonacci Lucas Pell Newman–Shanks–Williams Perrin
By property	Wieferich (pair) Wall–Sun–Sun Wolstenholme Wilson Lucky Fortunate Ramanujan Pillai Regular Strong Stern Supersingular (elliptic curve) Supersingular (moonshine theory) Good Super Higgs Highly cototient Unique
Base-dependent	Palindromic Emirp Repunit $(10 n - 1)/9$ Permutable Circular Truncatable Minimal Delicate Primeval Full reptend Unique Happy Self Smarandache–Wellin Strobogrammatic Dihedral Tetradic
Patterns	Twin ( $p, p + 2$ ) Bi-twin chain ( $n \pm 1, 2 n \pm 1, 4 n \pm 1, \dots$ ) Triplet ( $p, p + 2 or p + 4, p + 6$ ) Quadruplet ( $p, p + 2, p + 6, p + 8$ ) k-tuple Cousin ( $p, p + 4$ ) Sexy ( $p, p + 6$ ) Chen Sophie Germain/Safe ( $p, 2 p + 1$ ) Cunningham ( $p, 2 p \pm 1, 4 p \pm 3, 8 p \pm 7, ...$ ) Arithmetic progression ( $p + a\cdotn, n = 0, 1, 2, 3, ...$ ) Balanced ( $consecutive p - n, p, p + n$ )
By size	Mega (1,000,000+ digits) Largest known list
Complex numbers	Eisenstein prime Gaussian prime
Composite numbers	Pseudoprime Catalan Elliptic Euler Euler–Jacobi Fermat Frobenius Lucas Perrin Somer–Lucas Strong Carmichael number Almost prime Semiprime Sphenic number Interprime Pernicious
Related topics	Probable prime Industrial-grade prime Illegal prime Formula for primes Prime gap
First 60 primes	2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 211 223 227 229 233 239 241 251 257 263 269 271 277 281
List of prime numbers

This page was last edited on 22 May 2024, at 04:58

From Wikipedia, the free encyclopedia