[1]

L. M. Adleman and M. A. Huang,

*Primality Testing and Abelian Varieties over Finite Fields*, Lecture Notes in Mathematics, Vol. 1512, Berlin: Springer-Verlag, 1992.

Google Scholar[2]

L. M. Adleman, C. Pomerance, and R. S. Rumely, On distinguishing prime numbers from composite numbers,

*Annals of Mathematics*, Vol. 117, pp. 173–206, 1983.

Google Scholar[3]

A. V. Aho, J. E. Hopcroft, and J. D. Ullman,

*The Design and Analysis of Computer Algorithms*, Reading, MA: Addison-Wesley, 1974.

Google Scholar[4]

E. Bach, How to generate factored random numbers,

*SIAM Journal on Computing*, Vol. 17, No. 4, pp. 173–193, 1988.

Google Scholar[5]

E. Bach, Personal communication, April 1992.

[6]

E. Bach, Exact analysis of a priority queue algorithm for random variate generation, *Proc. 5th CM-SIAM Symp. on Discrete Algorithms (SODA)*, pp. 48–56, 1994.

[7]

E. Bach and J. Shallit, Factoring with cyclotomic polynomials,

*Mathematics of Computation*, Vol. 52, pp. 201–219, 1989.

Google Scholar[8]

E. Bach and J. Shallit, *Algorithmic Number Theory*, Vol. I: *Efficient Algorithms*, Cambridge, MA: MIT Press, to appear.

[9]

E. Bach and J. Sorensen, Sieve algorithms for perfect power testing,

*Algorithmica*, Vol. 9, pp. 313–328, 1993.

Google Scholar[10]

A. Balog, *p+a* without large prime factors, Seminaire de theorie des nombres de Bourdeaux, No. 31, 1983.

[11]

P. Beauchemin, G. Brassard, C. Crépeau, C. Goutier, and C. Pomerance, The generation of random numbers that are probability prime,

*Journal of Cryptology*, Vol. 1, No. 2, pp. 53–64, 1988.

Google Scholar[12]

B. Blakley and G. B. Blakley, Security of number theoretic cryptosystems against random attacks, I,

*Cryptologia*, Vol. 2, No. 4, pp. 305–320, 1978.

Google Scholar[13]

D. Bleichenbacher, On the power of pseudo-primality tests, Tech. Rep., Dept. of Computer Science, ETH Zurich, Sept. 1993.

[14]

D. Bleichenbacher and U. M. Maurer, Finding All Strong Pseudoprimes ≤*x*, Preprint, 1993.

[15]

M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo-random bits,

*SIAM Journal on Computing*, Vol. 13, No. 4, pp. 850–864, 1984.

Google Scholar[16]

D. M. Bressoud,

*Factorization and Primality Testing*, Berlin: Springer-Verlag, 1989.

Google Scholar[17]

J. Brillhart, D. H. Lehmer, and J. L. Selfridge, New primality criteria and factorizations of

*2*
^{m}
*±* 1,

*Mathematics of Computation*, Vol. 29, pp. 620–647, 1975.

Google Scholar[18]

R. D. Carmichael, On composite numbers

*P* which satisfy the Fermat congruence

*a*
^{Ps-1} ≡ 1 (mod

*P)*,

*American Mathematical Monthly*, Vol. 19, pp. 22–27, 1912.

Google Scholar[19]

A. Cobham, The recognition problem for the set of perfect squares, *Proc. 7th Annual Symp. on Switching and Automata Theory*, pp. 78–87, 1966.

[20]

H. Cohen and A. K. Lenstra, Implementation of a new primality test,

*Mathematics of Computation*, Vol. 48, No. 177, pp. 103–121, 1987.

Google Scholar[21]

D. Coppersmith, A. M. Odlyzko, and R. Schroeppel, Discrete logarithms in

*GF(p)*,

*Algorithmica*, Vol. 1, pp. 1–15, 1986.

MathSciNetGoogle Scholar[22]

C. Couvreur and J. J. Quisquater, An introduction to fast generation of large prime numbers,

*Philips Journal of Research*, Vol. 37, pp. 231–264, 1982 (errata:

*ibid.*, Vol. 38, p. 77, 1983).

Google Scholar[23]

I. Damgård, P. Landrock, and C. Pomerance, Average case error estimates for the strong probable prime test,

*Mathematics of Computation*, Vol. 61, pp. 177–194, 1993.

Google Scholar[24]

J. van de Lune and E. Wattel, On the numerical solution of a differential-difference equation arising in analytic number theory,

*Mathematics of Computation*, Vol. 23, pp. 417–421, 1969.

Google Scholar[25]

R. De Moliner, Effiziente Konstruktion zufälliger grosser Primzahlen, Diploma Thesis, Inst. for Signal and Information Processing, Swiss Federal Institute of Technology, Zurich, 1989.

Google Scholar[26]

H. G. Diamond, Elementary methods in the study of the distribution of prime numbers,

*Bulletin of the American Mathematical Society* (New Series), Vol. 7, No. 3, pp. 553–589, 1982.

Google Scholar[27]

K. Dickman, On the frequency of numbers containing prime factors of a certain relative magnitude,

*Arkiv for Matematik, Astronomi och Fysik*, Vol. 22A, No. 10, pp. 1–14, 1930.

Google Scholar[28]

W. Diffie and M. E. Hellman, New directions in cryptography,

*IEEE Transactions on Information Theory*, Vol. 22, No. 6, pp. 644–654, 1976.

Google Scholar[29]

B. Dixon and A. K. Lenstra, Massively parallel elliptic curve factoring,

*Advances in Cryptology—EUROCRYPT '92*, Lecture Notes in Computer Science, Vol. 658, pp. 183–193, Berlin: Springer-Verlag, 1993.

Google Scholar[30]

T. El-Gamal, A public key cryptosystem and a signature scheme based on the discrete logarithm,

*IEEE Transactions on Information Theory*, Vol. 31, No. 4, pp. 469–472, 1985.

Google Scholar[31]

P. Erdös, On the normal number of prime factors of

*p-* 1 and some related problems concerning Euler's ϕ-function,

*Quarterly Journal of Mathematics, Oxford*, Vol. 6, pp. 205–213, 1935.

Google Scholar[32]

A. Fiat and A. Shamir, How to prove yourself: practical solution to identification and signature problems,

*Advances in Cryptology—CRYPTO '86*, Lecture Notes in Computer Science, Vol. 263, pp. 186–194, Berlin: Springer-Verlag, 1987.

Google Scholar[33]

J. B. Friedlander, Shifted primes without large prime factors, in

*Number Theory and Applications*, R. A. Mollin (ed.), Dordrecht: Kluwer, pp. 393–401, 1989.

Google Scholar[34]

M. Goldfeld, On the number of primes

*p* for which

*p+a* has a large prime factor,

*Mathematika*, Vol. 16, pp. 23–27, 1969.

Google Scholar[35]

S. Goldwasser and J. Kilian, Almost all primes can be quickly certified, *Proc. 18th Annual ACM Symp. on the Theory of Computing*, pp. 316–329, 1986.

[36]

S. Goldwasser and S. Micali, Probabilistic encryption,

*Journal of Computer and System Sciences*, Vol. 28, pp. 270–299, 1984.

Google Scholar[37]

J. Gordon, Strong RSA Keys,

*Electronics Letters*, Vol. 20, No. 12, pp. 514–516, 1984.

Google Scholar[38]

A. Granville, Primality testing and Carmichael numbers,

*Notices of the American Mathematical Society*, Vol. 39, No. 6, pp. 696–700, 1992.

Google Scholar[39]

L. C. Guillou and J.-J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory,

*Advances in Cryptology—EUROCRYPT '88*, Lecture Notes in Computer Science, Vol. 330, pp. 123–128, Berlin: Springer-Verlag, 1988.

Google Scholar[40]

G. H. Hardy and J. E. Littlewood, Some problems of “partitio numerorum”; III: on the expression of a number as a sum of primes,

*Acta Mathematica*, Vol. 44, pp. 1–70, 1922.

Google Scholar[41]

C. Hooley,

*On the largest prime factor of p+a, Mathematika*, Vol. 20, pp. 135–143, 1973.

Google Scholar[42]

G. Jaeschke, On strong pseudoprimes to several bases,

*Mathematics of Computation*, Vol. 61, pp. 915–926, 1993.

Google Scholar[43]

S. H. Kim and C. Pomerance, The probability that a random probable prime is composite,

*Mathematics of Computation*, Vol. 53, pp. 721–741, 1989.

Google Scholar[44]

D. E. Knuth and L. Trabb Pardo, Analysis of a simple factorization algorithm,

*Theoretical Computer Science*, Vol. 3, pp. 321–348, 1976.

Google Scholar[45]

N. Koblitz,

*A Course in Number Theory and Cryptography*, Berlin: Springer-Verlag, 1987.

Google Scholar[46]

N. Koblitz, Primality of the number of points on an elliptic curve over a finite field,

*Pacific Journal of Mathematics*, Vol. 131, No. 1, pp. 157–165, 1988.

MathSciNetMATHGoogle Scholar[47]

K. Koyama, U. M. Maurer, T. Okamoto, and S. A. Vanstone, New public-key cryptosystem based on elliptic curves over the ring

*Z*
_{n},

*Advances in* Cryptology—CRYPTO

*'91*, Lecture Notes in Computer Science, Vol. 576, pp. 252–266, Berlin: Springer-Verlag, 1992.

Google Scholar[48]

E. Kranakis,

*Primality and Cryptography*, Stuttgart: Teubner; New York: Wiley, 1986.

Google Scholar[49]

A. K. Lenstra, Primality testing, in

*Cryptology and Computational Number Theory*, C. Pomerance (ed.), Proceedings of Symposia in Applied Mathematics, Vol. 42, pp. 13–25, Providence, RI: American Mathematical Society, 1990.

Google Scholar[50]

A. K. Lenstra, D. Atkins, M. Graff, and P. C. Leyland, The magic words are squeamish ossifrage, *Proc. Asiacrypt '94*, Wollongong, Australia, Nov. 28–Dec. 1, 1994, to appear.

[51]

A. K. Lenstra and H. W. Lenstra, Algorithms in number theory, in *Handbook of Theoretical Computer Science*, J. van Leeuwen (ed.), Chapter 12, Elsevier, 1990.

[52]

A. K. Lenstra, H. W. Lenstra, M. S. Manasse, and J. M. Pollard, The number field sieve, *Proc. 22nd ACM Symp. on Theory of Computing*, pp. 564–572, 1990.

[53]

A. K. Lenstra and M. S. Manasse, Factoring with two large primes,

*Advances in Cryptology—EUROCRYPT '90*, Lecture Notes in Computer Science, Vol. 473, pp. 69–80, Berlin: Springer-Verlag, 1991.

Google Scholar[54]

H. W. Lenstra, Jr., Factoring integers with elliptic curves,

*Annals of Mathematics*, Vol. 126, pp. 649–673, 1987.

MathSciNetGoogle Scholar[55]

U. M. Maurer, Fast generation of secure RSA-moduli with almost maximal diversity,

*Advances in Cryptology—EUROCRYPT '89*, Lecture Notes in Computer Science, Vol. 434, pp. 636–647, Berlin: Springer-Verlag, 1990.

Google Scholar[56]

U. M. Maurer, Some number-theoretic conjectures and their relation to the generation of cryptographic primes, in

*Cryptography and Coding II*, C. Mitchell (ed.), pp. 173–191, Oxford: Oxford, University Press, 1992.

Google Scholar[57]

U. M. Maurer, Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms,

*Advances in Cryptology—CRYPTO '94*, Lecture Notes in Computer Science, Vol. 839, pp. 271–281, Berlin: Springer-Verlag, 1994.

Google Scholar[58]

U. M. Maurer and Y. Yacobi, Non-interactive public-key cryptography,

*Advances in Cryptology —EUROCRYPT '91*, Lecture Notes in Computer Science, Vol. 547, pp. 498–507, Berlin: Springer-Verlag, 1991.

Google Scholar[59]

K. McCurley, The discrete logarithm problem, in

*Cryptology and Computational Number Theory*, C. Pomerance (ed.), Proceedings of Symposia in Applied Mathematics, Vol. 42, pp. 49–74, Providence, RI: American Mathematical Society, 1990.

Google Scholar[60]

A. Menezes,

*Elliptic Curve Public Key Cryptosystems*, Dordrecht: Kluwer, 1993.

Google Scholar[61]

P. Mihailescu, Fast generation of provable primes using search in arithmetic progressions,

*Advances in Cryptology—CRYPTO '94*, Lecture Notes in Computer Science, Vol. 839, pp. 282–293, Berlin: Springer-Verlag, 1994.

Google Scholar[62]

G. L. Miller, Riemann's hypothesis and tests for primality,

*Journal of Computer and System Sciences*, Vol. 13, pp. 300–317, 1976.

Google Scholar[63]

L. Monier, Evaluation and comparison of two efficient probabilistic primality testing algorithms,

*Theoretical Computer Science*, Vol. 12, pp. 97–108, 1980.

Google Scholar[64]

F. Morain, Distributed primality proving and the primality of (2

^{3539}+1)/3,

*Advances in Cryptology—EUROCRYPT '90*, Lecture Notes in Computer Science, Vol. 473, pp. 110–123, Berlin: Springer-Verlag, 1991.

Google Scholar[65]

F. Morain, Prime Values of Partition Numbers and the Primality of p(1840926), Tech. Report LIX/92/RR/11, Laboratoire d'Informatique de l'Ecole Polytechnique (LIX), F-91128 Palaiseau Cedex, France, 1992.

[66]

F. Morain, Personal communication, September 1993.

[67]

M. Ogiwara, A Method for Generating Cryptographically Strong Primes, Research Reports on Informaion Sciences, No. C-93, Dept. of Information Sciences, Tokyo Institute of Technology, April 1989.

[68]

D. A. Plaisted, Fast verification, testing, and generation of large primes,

*Theoretical Computer Science*, Vol. 9, pp. 1–16, 1979 (errata:

*ibid.*, Vol. 14, p. 345, 1981).

Google Scholar[69]

H. C. Pocklington, The determination of the prime or composite nature of large numbers by Fermat's theorem,

*Proceedings of the Cambridge Philosphical Society*, Vol. 18, pp. 29–30, 1914–1916.

Google Scholar[70]

S. C. Pohlig and M. E. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance,

*IEEE Transactions on Information Theory*, Vol. 24, No. 1, pp. 106–110, 1978.

Google Scholar[71]

J. M. Pollard, Theorems on factorization and primality testing,

*Proceedings of the Cambridge Philosophical Society*, Vol. 76, pp. 521–528, 1974.

Google Scholar[72]

C. Pomerance, Popular values of Euler's function,

*Mathematika*, Vol. 27, pp. 84–89, 1980.

Google Scholar[73]

C. Pomerance, Factoring, in

*Cryptology and Computational Number Theory*, C. Pomerance (ed.), Proceedings of Symposia in Applied Mathematics, Vol. 42, pp. 27–47, Providence, RI: American Mathematical Society, 1990.

Google Scholar[74]

K. Prachar, Über die Anzahl der Teiler einer natürlichen Zahl, welche die Form

*p-* 1 haben,

*Monatshefte für Mathematik*, Vol. 59, pp. 91–97, 1955.

Google Scholar[75]

V. R. Pratt, Every prime has a succinct certificate,

*SIAM Journal on Computing*, Vol. 4, No. 3, pp. 214–220, 1975.

Google Scholar[76]

M. O. Rabin, Probabilistic algorithm for testing primality,

*Journal of Number Theory*, Vol. 12, pp. 128–138, 1980.

Google Scholar[77]

H. Riesel,

*Prime Numbers and Computer Methods for Factorization*, Boston: Birkhäuser, 1985.

Google Scholar[78]

R. L. Rivest, Remarks on a proposed cryptanalytic attack on the M.I.T. public key cryptosystem,

*Cryptologia*, Vol. 2, No. 1, pp. 62–65, 1978.

Google Scholar[79]

R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems,

*Communications of the Association for Computing Machinery*, Vol. 21, No. 2, pp. 120–126, 1978.

Google Scholar[80]

C. P. Schnorr, Efficient identification and signatures for smart cards,

*Advances in Cryptology—CRYPTO '89*, Lecture Notes in Computer Science, Vol. 435, pp. 239–252, Berlin: Springer-Verlag, 1990.

Google Scholar[81]

A. Schönhage and V. Strassen, Schnelle Multiplikation grosser Zahlen,

*Computing*, Vol. 7, pp. 281–292, 1971.

Google Scholar[82]

A. Shamir, Efficient signature schemes based on birational permutations,

*Advances in Cryptology—CRYPTO '93*, Lecture Notes in Computer Science, Vol. 773, pp. 1–12, Berlin: Springer-Verlag, 1994.

Google Scholar[83]

J. Shawe-Taylor, Generating strong primes,

*Electronics Letters*, Vol. 22, No. 16, pp. 875–877, 1986.

Google Scholar[84]

G. Simmons and M. Norris, Preliminary comments on the M.I.T. public key cryptosystem,

*Cryptologia*, Vol. 1, No. 4, pp. 406–414, 1977.

Google Scholar[85]

R. Solovay and V. Strassen, A fast Monte-Carlo test for primality,

*SIAM Journal on Computing*, Vol. 6, No. 1, pp. 84–85, 1977 (errata:

*ibid.*, Vol. 7, p. 118, 1978).

Google Scholar[86]

G. Trenta, Werkzeuge zur Realisierung eines RSA-Kryptosystems, Diploma Thesis, Dept. of Computer Science, Swiss Federal Institute of Technology, March 1990.

[87]

H. C. Williams, A

*p+* 1 method of factoring,

*Mathematics of Computation*, Vol. 39, No. 159, pp. 225–234, 1982.

Google Scholar[88]

H. C. Williams and B. Schmid, Some remarks concerning the M.I.T. public-key cryptosystem,

*BIT*, Vol. 19, pp. 525–538, 1979.

Google Scholar[89]

K. Wooldridge, Values taken many times by Euler's phi-function,

*Proceedings of the American Mathematical Society*, Vol. 76, pp. 229–234, 1979.

Google Scholar[90]

Specifications for a digital signature standard, *US Federal Register*, Vol. 56, No. 169, August 30, 1991.