Finding length-3 positive Cunningham chains and their cryptographic significance

  • Adam Young
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1423)


A Cunningham chain of length k is a finite set of primes p1, p2,...,pk such that pi+1=2pi+1, or pi+1=2pi−1 for i=1,2,3, ...,k−1. In this paper we present an algorithm that finds Cunningham chains of the form pi+1=2pi+1 for i=2,3 and a prime p1. Such a chain of primes were recently shown to be cryptographically significant in solving the problem of Auto-Recoverable Auto-Certifiable Cryptosystems [YY98]. For this application, the primes p1 and p2 should be large to provide for a secure enough setting for the discrete log problem. We introduce a number of simple but useful speed-up methods, such as what we call trial remaindering and explain a heuristic algorithm to find such chains. We ran our algorithm on a Pentium 166 MHz machine. We found values for p1, starting at a value which is 512 bits and ending at a value for p1 which is 1,376 bits in length. We give some of these values in the appendix. The feasibility of efficiently finding such primes, in turn, enables the system in [YY98] which is a software-based public key system with key recovery (note that every cryptosystem which is suggested for actual use must be checked to insure that its computations are feasible).

Key words

Cunningham Chains Public-Key Cryptosystems Auto-Recoverable and Auto-Certifiable Cryptosystem ElGamal system Primality testing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Adam Young
    • 1
  • Moti Yung
    • 2
  1. 1.Dept. of Computer ScienceColumbia UniversityUSA
  2. 2.CertCoNew YorkUSA

Personalised recommendations