Young A., Yung M. (1998) Finding length-3 positive Cunningham chains and their cryptographic significance. In: Buhler J.P. (eds) Algorithmic Number Theory. ANTS 1998. Lecture Notes in Computer Science, vol 1423. Springer, Berlin, Heidelberg
A Cunningham chain of length k is a finite set of primes p1, p2,...,pk such that pi+1=2pi+1, or pi+1=2pi−1 for i=1,2,3, ...,k−1. In this paper we present an algorithm that finds Cunningham chains of the form pi+1=2pi+1 for i=2,3 and a prime p1. Such a chain of primes were recently shown to be cryptographically significant in solving the problem of Auto-Recoverable Auto-Certifiable Cryptosystems [YY98]. For this application, the primes p1 and p2 should be large to provide for a secure enough setting for the discrete log problem. We introduce a number of simple but useful speed-up methods, such as what we call trial remaindering and explain a heuristic algorithm to find such chains. We ran our algorithm on a Pentium 166 MHz machine. We found values for p1, starting at a value which is 512 bits and ending at a value for p1 which is 1,376 bits in length. We give some of these values in the appendix. The feasibility of efficiently finding such primes, in turn, enables the system in [YY98] which is a software-based public key system with key recovery (note that every cryptosystem which is suggested for actual use must be checked to insure that its computations are feasible).
Cunningham Chains Public-Key Cryptosystems Auto-Recoverable and Auto-Certifiable Cryptosystem ElGamal system Primality testing