# Finding length-3 positive Cunningham chains and their cryptographic significance

## Abstract

A Cunningham chain of length *k* is a finite set of primes *p* _{1}, *p* _{2},...,*p* _{k} such that *p* _{i+1}=2*p* _{ i } +1, or *p* _{i+1}=2*p* _{i−1} for *i*=1,2,3, ...,*k*−1. In this paper we present an algorithm that finds Cunningham chains of the form *p* _{i+1}=2*p* _{i+1} for *i*=2,3 and a prime *p* _{1}. Such a chain of primes were recently shown to be cryptographically significant in solving the problem of Auto-Recoverable Auto-Certifiable Cryptosystems [YY98]. For this application, the primes *p* _{1} and *p* _{2} should be large to provide for a secure enough setting for the discrete log problem. We introduce a number of simple but useful speed-up methods, such as what we call *trial remaindering* and explain a heuristic algorithm to find such chains. We ran our algorithm on a Pentium 166 MHz machine. We found values for *p* _{1}, starting at a value which is 512 bits and ending at a value for *p* _{1} which is 1,376 bits in length. We give some of these values in the appendix. The feasibility of efficiently finding such primes, in turn, enables the system in [YY98] which is a software-based public key system with key recovery (note that every cryptosystem which is suggested for actual use must be checked to insure that its computations are feasible).

## Key words

Cunningham Chains Public-Key Cryptosystems Auto-Recoverable and Auto-Certifiable Cryptosystem ElGamal system Primality testing## Preview

Unable to display preview. Download preview PDF.

## References

- [Ba90]E. Bach, Explicit bounds for primality testing and related problems.
*Mathematics of Computation*, 55 (1990), 355–380.MATHMathSciNetCrossRefGoogle Scholar - [BD92]J. Brandt, I. Damgard. On generation of probable primes by incremental search. In
*Advances in Cryptology—CRYPTO '92*, pages 358–370, 1992. Springer-Verlag.Google Scholar - [BS96]E. Bach, J. Schallit. Algorithmic Number Theory — Efficient Algorithms, vol. 1, Chp. 9, 1996. MIT Press.Google Scholar
- [CS97]J. Camenisch, M. Stadler. Efficient Group Signature Schemes for Large Groups. In
*Advances in Cryptology—CRYPTO '97*, pages 410–424, 1997. Springer-Verlag.Google Scholar - [ElG85]T. ElGamal. A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logaxithms. In
*Advances in Cryptology—CRYPTO '84*, pages 10–18, 1985. Springer-Verlag.Google Scholar - [Fo97]T. Forbes. Prime 15-tuplet. NMBRTHRY Mailing List, March 1997.Google Scholar
- [GHY85]Z. Galil, S. Haber, M. Yung. Symmetric public-key encryption. In CRYPTO '85, pages 128–137.Google Scholar
- [Gu94]R. Guy. Unsolved Problems in Number Theory. Springer-Verlag, Berlin, 2nd edition, 1994.Google Scholar
- [Ko94]N. Koblitz. A course in Number Theory and Cryptography. 2nd edition, 1994. Springer-Verlag.Google Scholar
- [LMS]J. Lacy, D. Mitchell, W. Schell. CryptoLib: Cryptography in Software. AT&T Bell Laboratories, section 2.2.1.Google Scholar
- [Lo89]G. Loh. Long chains of nearly doubled primes. Math. Comp., 53, pages 751–759, 1989.MathSciNetCrossRefGoogle Scholar
- [Mi76]G. Miller. Riemann's hypothesis and tests for primality. In
*Journal of Computer and System Sciences*, vol. 13, pages 300–317, 1976.MATHMathSciNetGoogle Scholar - [Mi92]S. Micali. Fair Public-Key Cryptosystems. In
*Advances in Cryptology—CRYPTO '92*, pages 113–138, 1992. Springer-Verlag.Google Scholar - [Ra80]M. Rabin. Probabilistic Algorithm for Testing Primality. In volume 12, n. 1 of
*Journal of Number Theory*, pages 128–138, Feb 1980.Google Scholar - [Ro93]K. R. Rosen. Elementary Number Theory and its Applications. 3rd edition, Theorem 8.14, page 295, 1993. Addison Wesley.Google Scholar
- [SS78]R. Solovay, V. Strassen. A fast Monte-Carlo test for primality. In
*SIAM Journal on Computing*, vol. 6, pages 84–85, 1977.MATHMathSciNetCrossRefGoogle Scholar - [St95]D. Stinson. Cryptography Theory and Practice. Theorem 8.2, page 267, 1995. CRC Press.Google Scholar
- [YY98]A. Young, M. Yung. Auto-Reoverableand Auto-Certifiable Cryptosystems. In
*Advances in Cryptology—Eurocrypt '98*, Springer-Verlag.Google Scholar