1Crypt::Primes(3)      User Contributed Perl Documentation     Crypt::Primes(3)
2
3
4

NAME

6       Crypt::Primes - Provable Prime Number Generator suitable for Crypto‐
7       graphic Applications.
8

VERSION

10        $Revision: 0.49 $
11        $Date: 2001/06/11 01:04:23 $
12

SYNOPSIS

14           # generate a random, provable 512-bit prime.
15
16           use Crypt::Primes qw(maurer);
17           my $prime = maurer (Size => 512);
18
19           # generate a random, provable 2048-bit prime and report
20           # progress on console.
21
22           my $another_prime = maurer (
23                                Size => 2048,
24                                Verbosity => 1
25                               );
26
27           # generate a random 1024-bit prime and a group
28           # generator of Z*(n).
29
30           my $hash_ref = maurer (
31                           Size => 1024,
32                           Generator => 1,
33                           Verbosity => 1
34                          );
35

WARNING

37       The codebase is stable, but the API will most definitely change in a
38       future release.
39

DESCRIPTION

41       This module implements Ueli Maurer's algorithm for generating large
42       provable primes and secure parameters for public-key cryptosystems.
43       The generated primes are almost uniformly distributed over the set of
44       primes of the specified bitsize and expected time for generation is
45       less than the time required for generating a pseudo-prime of the same
46       size with Miller-Rabin tests.  Detailed description and running time
47       analysis of the algorithm can be found in Maurer's paper[1].
48
49       Crypt::Primes is a pure perl implementation.  It uses Math::Pari for
50       multiple precision integer arithmetic and number theoretic functions.
51       Random numbers are gathered with Crypt::Random, a perl interface to
52       /dev/u?random devices found on most modern Unix operating systems.
53

FUNCTIONS

55       The following functions are availble for import.  They must be
56       explicitely imported.
57
58       maurer(%params)
59           Generates a prime number of the specified bitsize.  Takes a hash as
60           parameter and returns a Math::Pari object (prime number) or a hash
61           reference (prime number and generator) when group generator compu‐
62           tation is requested.  Following hash keys are understood:
63
64       Size
65           Bitsize of the required prime number.
66
67       Verbosity
68           Level of verbosity of progress reporting.  Report is printed on
69           STDOUT.  Level of 1 indicates normal, terse reporting.  Level of 2
70           prints lots of intermediate computations, useful for debugging.
71
72       Generator
73           When Generator key is set to a non-zero value, a group generator of
74           Z*(n) is computed.  Group generators are required key material in
75           public-key cryptosystems like Elgamal and Diffie-Hellman that are
76           based on intractability of the discrete logarithm problem.  When
77           this option is present, maurer() returns a hash reference that con‐
78           tains two keys, Prime and Generator.
79
80       Relprime
81           When set to 1, maurer() stores intermediate primes in a class
82           array, and ensures they are not used during construction of primes
83           in the future calls to maurer() with Reprime => 1.  This is used by
84           rsaparams().
85
86       Intermediates
87           When set to 1, maurer() returns a hash reference that contains
88           (corresponding to the key 'Intermediates') a reference to an array
89           of intermediate primes generated.
90
91       Factors
92           When set to 1, maurer() returns a hash reference that contains
93           (corresponding to the key 'Factors') a reference to an array of
94           factors of p-1 where p is the prime generated, and also (corre‐
95           sponding to the key 'R') a divisor of p.
96
97       rsaparams(%params)
98           Generates two primes (p,q) and public exponent (e) of a RSA key
99           pair. The key pair generated with this method is resistant to iter‐
100           ative encryption attack. See Appendix 2 of [1] for more informa‐
101           tion.
102
103           rsaparams() takes the same arguments as maurer() with the exception
104           of `Generator' and `Relprime'.  Size specifies the common bitsize
105           of p an q.  Returns a hash reference with keys p, q and e.
106
107       trialdiv($n,$limit)
108           Performs trial division on $n to ensure it's not divisible by any
109           prime smaller than or equal to $limit.  The module maintains a
110           lookup table of primes (from 2 to 65521) for this purpose.  If
111           $limit is not provided, a suitable value is computed automatically.
112           trialdiv() is used by maurer() to weed out composite random numbers
113           before performing computationally intensive modular exponentiation
114           tests.  It is, however, documented should you need to use it
115           directly.
116

IMPLEMENTATION NOTE

118       This module implements a modified FastPrime, as described in [1], to
119       facilitate group generator computation.  (Refer to [1] and [2] for
120       description and pseudo-code of FastPrime).  The modification involves
121       introduction of an additional constraint on relative size r of q.
122       While computing r, we ensure k * r is always greater than maxfact,
123       where maxfact is the bitsize of the largest number we can factor eas‐
124       ily.  This value defaults to 140 bits.  As a result, R is always
125       smaller than maxfact, which allows us to get a complete factorization
126       of 2Rq and use it to find a generator of the cyclic group Z*(2Rq).
127

RUNNING TIME

129       Crypt::Primes generates 512-bit primes in 7 seconds (on average), and
130       1024-bit primes in 37 seconds (on average), on my PII 300 Mhz notebook.
131       There are no computational limits by design; primes upto 8192-bits were
132       generated to stress test the code.  For detailed runtime analysis see
133       [1].
134

SEE ALSO

136       largeprimes(1), Crypt::Random(3), Math::Pari(3)
137

BIBLIOGRAPHY

139       1 Fast Generation of Prime Numbers and Secure Public-Key Cryptographic
140       Parameters, Ueli Maurer (1994).
141       2 Corrections to Fast Generation of Prime Numbers and Secure Public-Key
142       Cryptographic Parameters, Ueli Maurer (1996).
143       3 Handbook of Applied Cryptography by Menezes, Paul C. van Oorschot and
144       Scott Vanstone (1997).
145       Documents 1 & 2 can be found under docs/ of the source distribution.
146

AUTHOR

148       Vipul Ved Prakash, <mail@vipul.net>
149

LICENSE

151       Copyright (c) 1998-2001, Vipul Ved Prakash. All rights reserved. This
152       code is free software; you can redistribute it and/or modify it under
153       the same terms as Perl itself.
154

TODO

156       Maurer's algorithm generates primes of progressively larger bitsize
157       using a recursive construction method. The algorithm enters recursion
158       with a prime number and bitsize of the next prime to be generated.
159       (Bitsizes of the intermediate primes are computed using a probability
160       distribution that ensures generated primes are sufficiently random.)
161       This recursion can be distributed over multiple machines, participating
162       in a competitive computation model, to achieve close to best running
163       time of the algorithm.  Support for this will be implemented some day,
164       possibly when the next version of Penguin hits CPAN.
165
166
167
168perl v5.8.8                       2007-04-18                  Crypt::Primes(3)
Impressum