Finding length-3 positive Cunningham chains and their cryptographic significance

  • Adam Young
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1423)


A Cunningham chain of length k is a finite set of primes p 1, p 2,...,p k such that p i+1=2p i +1, or p i+1=2p i−1 for i=1,2,3, ...,k−1. In this paper we present an algorithm that finds Cunningham chains of the form p i+1=2p i+1 for i=2,3 and a prime p 1. Such a chain of primes were recently shown to be cryptographically significant in solving the problem of Auto-Recoverable Auto-Certifiable Cryptosystems [YY98]. For this application, the primes p 1 and p 2 should be large to provide for a secure enough setting for the discrete log problem. We introduce a number of simple but useful speed-up methods, such as what we call trial remaindering and explain a heuristic algorithm to find such chains. We ran our algorithm on a Pentium 166 MHz machine. We found values for p 1, starting at a value which is 512 bits and ending at a value for p 1 which is 1,376 bits in length. We give some of these values in the appendix. The feasibility of efficiently finding such primes, in turn, enables the system in [YY98] which is a software-based public key system with key recovery (note that every cryptosystem which is suggested for actual use must be checked to insure that its computations are feasible).

Key words

Cunningham Chains Public-Key Cryptosystems Auto-Recoverable and Auto-Certifiable Cryptosystem ElGamal system Primality testing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Ba90]
    E. Bach, Explicit bounds for primality testing and related problems. Mathematics of Computation, 55 (1990), 355–380.MATHMathSciNetCrossRefGoogle Scholar
  2. [BD92]
    J. Brandt, I. Damgard. On generation of probable primes by incremental search. In Advances in Cryptology—CRYPTO '92, pages 358–370, 1992. Springer-Verlag.Google Scholar
  3. [BS96]
    E. Bach, J. Schallit. Algorithmic Number Theory — Efficient Algorithms, vol. 1, Chp. 9, 1996. MIT Press.Google Scholar
  4. [CS97]
    J. Camenisch, M. Stadler. Efficient Group Signature Schemes for Large Groups. In Advances in Cryptology—CRYPTO '97, pages 410–424, 1997. Springer-Verlag.Google Scholar
  5. [ElG85]
    T. ElGamal. A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logaxithms. In Advances in Cryptology—CRYPTO '84, pages 10–18, 1985. Springer-Verlag.Google Scholar
  6. [Fo97]
    T. Forbes. Prime 15-tuplet. NMBRTHRY Mailing List, March 1997.Google Scholar
  7. [GHY85]
    Z. Galil, S. Haber, M. Yung. Symmetric public-key encryption. In CRYPTO '85, pages 128–137.Google Scholar
  8. [Gu94]
    R. Guy. Unsolved Problems in Number Theory. Springer-Verlag, Berlin, 2nd edition, 1994.Google Scholar
  9. [Ko94]
    N. Koblitz. A course in Number Theory and Cryptography. 2nd edition, 1994. Springer-Verlag.Google Scholar
  10. [LMS]
    J. Lacy, D. Mitchell, W. Schell. CryptoLib: Cryptography in Software. AT&T Bell Laboratories, section 2.2.1.Google Scholar
  11. [Lo89]
    G. Loh. Long chains of nearly doubled primes. Math. Comp., 53, pages 751–759, 1989.MathSciNetCrossRefGoogle Scholar
  12. [Mi76]
    G. Miller. Riemann's hypothesis and tests for primality. In Journal of Computer and System Sciences, vol. 13, pages 300–317, 1976.MATHMathSciNetGoogle Scholar
  13. [Mi92]
    S. Micali. Fair Public-Key Cryptosystems. In Advances in Cryptology—CRYPTO '92, pages 113–138, 1992. Springer-Verlag.Google Scholar
  14. [Ra80]
    M. Rabin. Probabilistic Algorithm for Testing Primality. In volume 12, n. 1 of Journal of Number Theory, pages 128–138, Feb 1980.Google Scholar
  15. [Ro93]
    K. R. Rosen. Elementary Number Theory and its Applications. 3rd edition, Theorem 8.14, page 295, 1993. Addison Wesley.Google Scholar
  16. [SS78]
    R. Solovay, V. Strassen. A fast Monte-Carlo test for primality. In SIAM Journal on Computing, vol. 6, pages 84–85, 1977.MATHMathSciNetCrossRefGoogle Scholar
  17. [St95]
    D. Stinson. Cryptography Theory and Practice. Theorem 8.2, page 267, 1995. CRC Press.Google Scholar
  18. [YY98]
    A. Young, M. Yung. Auto-Reoverableand Auto-Certifiable Cryptosystems. In Advances in Cryptology—Eurocrypt '98, Springer-Verlag.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Adam Young
    • 1
  • Moti Yung
    • 2
  1. 1.Dept. of Computer ScienceColumbia UniversityUSA
  2. 2.CertCoNew YorkUSA

Personalised recommendations