From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 45d388efd89f139376065fbd0457d91ead05159f2a02d6dc4c3e9f6295cbf37c
Message ID: <199405200401.VAA24444@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-05-20 04:00:01 UTC
Raw Date: Thu, 19 May 94 21:00:01 PDT
From: Hal <hfinney@shell.portal.com>
Date: Thu, 19 May 94 21:00:01 PDT
To: cypherpunks@toad.com
Subject: Re: D-H key exchange - how does it work?
Message-ID: <199405200401.VAA24444@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
The problem with "strong" primes, primes for which (p-1)/2 is prime, is
that they are hard to find. It takes hours and hours of searching to find
a 1024 bit strong prime on a workstation. Granted, you don't need to change
very often perhaps, but some people would like to change every day. They
may need a dedicated prime-searching machine to do that.
(The best way I know to find strong primes is to find a prime q and then
check 2q+1 for primality. Finding 1024 bit primes takes a long time, and
the chances that 2q+1 is prime is very low.)
It's much easier to find a "strongish" prime, one for which (p-1)/k is
prime, where k is on the order of 100 or so. Take your prime q in the above
and try kq+1 for k=2,4,6,.... This only takes a few minutes after you find
q.
The question is, how good are strongish primes? What fraction of elements
of the group will have short periods, given that p-1 has a pretty small
number of prime factors?
Also, given a strong or strongish prime, are the chances that
g^x has a small period good enough that it makes sense to check for that
case? Any event whose chances are smaller than your computer making a
mistake is generally not worth checking for.
Hal
Return to May 1994
Return to ““Perry E. Metzger” <perry@imsi.com>”