• Programme
• Writing talks and theses
• Theses topics
• Teaching
  • Winter 2017
  • Summer 2017
  • IPEC Winter 2017
  • Winter 2016/2017
  • IPEC Summer 2016
  • Summer 2016
  • IPEC Winter 2016
  • Winter 2015/2016
  • IPEC Summer 2015
  • Summer 2015
  • IPEC Winter 2015
  • Winter 2014/2015
  • IPEC Summer 2014
  • Summer 2014
  • IPEC Winter 2014
  • Winter 2013/2014
  • IPEC Summer 2013
  • Summer 2013
  • IPEC Winter 2013
  • Winter 2012/2013
  • IPEC Summer 2012
  • Summer 2012
  • The art of cryptography: security, reductions, and group cryptography
  • Esecurity: secure internet & e-cash
  • Seminar Advanced Topics in Cryptography
  • Oberseminar Computer Security, Summer 2012
  • IPEC Winter 2012
  • Winter 2011/2012
  • IPEC Summer 2011
  • Summer 2011
  • IPEC Winter 2011
  • Winter 2010/2011
  • IPEC Summer 2010
  • Summer 2010
  • IPEC Winter 2010
  • Winter 2009/2010
  • IPEC Summer 2009
  • Summer 2009
  • IPEC Winter 2009
  • Winter 2008/2009
  • IPEC Summer 2008
  • Summer 2008
  • IPEC Winter 2008
  • Winter 2007/2008
  • IPEC Summer 2007
  • Summer 2007
  • IPEC Winter 2007
  • Winter 2006/2007
  • IPEC Summer 2006
  • Summer 2006
  • IPEC Winter 2006
  • Winter 2005/2006
• Special events
• crypt@b-it
• Schüler-Krypto

Generating safe primes

Joachim von zur Gathen (B-IT cosec)

Thursday 12 July 2012, 15.00, b-it 1.25 (cosec meeting room)

Safe primes and safe RSA moduli are used in several cryptographic schemes. The most common notion is that of a prime p, where (p-1)/2 is also prime. The latter is then a Sophie Germain prime. Under appropriate heuristics, these can be generated efficiently. But the modern methods of analytic number theory have—so far—not even allowed to prove that there are infinitely many of them. Also for other notions of safe primes, there is no algorithm in the literature that is unconditionally proven to terminate, let alone to be efficient.

This talk provides a different notion of safe primes and moduli. They can be generated in polynomial time, without any unproven assumptions, and are good enough for the cryptographic applications that we are aware of.

This is joint work with Igor E. Shparlinski.