mathematics Mathematics is an area of knowledge that includes the topics of numbers, formulas and related structures, shapes and the spaces in which they are contained, and quantities and their changes. These topics are represented in modern mathematics ...

, a strong prime is a

prime number A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways ...

with certain special properties. The definitions of strong primes are different in

cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

and

number theory Number theory (or arithmetic or higher arithmetic in older usage) is a branch of pure mathematics devoted primarily to the study of the integers and arithmetic function, integer-valued functions. German mathematician Carl Friedrich Gauss (1777� ...

Definition in number theory

, a strong prime is a prime number that is greater than the

arithmetic mean In mathematics and statistics, the arithmetic mean ( ) or arithmetic average, or just the ''mean'' or the ''average'' (when the context is clear), is the sum of a collection of numbers divided by the count of numbers in the collection. The colle ...

of the nearest prime above and below (in other words, it's closer to the following than to the preceding prime). Or to put it algebraically, writing the

sequence In mathematics, a sequence is an enumerated collection of objects in which repetitions are allowed and order matters. Like a set, it contains members (also called ''elements'', or ''terms''). The number of elements (possibly infinite) is calle ...

of prime numbers as (''p'', ''p'', ''p'', ...) = (2, 3, 5, ...), ''p'' is a strong prime if . For example, 17 is the seventh prime: the sixth and eighth primes, 13 and 19, add up to 32, and half that is 16; 17 is greater than 16, so 17 is a strong prime. The first few strong primes are : 11, 17, 29, 37, 41, 59, 67, 71, 79, 97, 101, 107, 127, 137, 149,

163 Year 163 ( CLXIII) was a common year starting on Friday (link will display the full calendar) of the Julian calendar. At the time, it was known as the Year of the Consulship of Laelianus and Pastor (or, less frequently, year 916 '' Ab urbe con ...

, 179, 191,

197 Year 197 ( CXCVII) was a common year starting on Saturday (link will display the full calendar) of the Julian calendar. At the time, it was known as the Year of the Consulship of Magius and Rufinus (or, less frequently, year 950 '' Ab urbe con ...

, 223, 227, 239, 251, 269,

277 __NOTOC__ Year 277 ( CCLXXVII) was a common year starting on Monday (link will display the full calendar) of the Julian calendar. At the time, it was known as the Year of the Consulship of Probus and Paulinus (or, less frequently, year 1030 ''A ...

, 281, 307, 311, 331, 347, 367, 379, 397, 419, 431, 439, 457, 461, 479, 487, 499 . In a

twin prime A twin prime is a prime number that is either 2 less or 2 more than another prime number—for example, either member of the twin prime pair (41, 43). In other words, a twin prime is a prime that has a prime gap of two. Sometimes the term ''twin p ...

pair (''p'', ''p'' + 2) with ''p'' > 5, ''p'' is always a strong prime, since 3 must divide ''p'' − 2, which cannot be prime.

Definition in cryptography

, a prime number ''p'' is said to be "strong" if the following conditions are satisfied.Ron Rivest and Robert Silverman, ''Are 'Strong' Primes Needed for RSA?'', Cryptology ePrint Archive: Report 2001/007. http://eprint.iacr.org/2001/007 * ''p'' is sufficiently large to be useful in cryptography; typically this requires ''p'' to be too large for plausible computational resources to enable a

cryptanalyst Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic sec ...

to factorise products of ''p'' with other strong primes. * ''p'' − 1 has large prime factors. That is, ''p'' = ''a'q'' + 1 for some integer ''a'' and large prime ''q''. * ''q'' − 1 has large prime factors. That is, ''q'' = ''a'q'' + 1 for some integer ''a'' and large prime ''q''. * ''p'' + 1 has large prime factors. That is, ''p'' = ''a'q'' − 1 for some integer ''a'' and large prime ''q''. It is possible for a prime to be a strong prime both in the cryptographic sense and the number theoretic sense. For the sake of illustration, 439351292910452432574786963588089477522344331 is a strong prime in the number theoretic sense because the arithmetic mean of its two neighboring primes is 62 less. Without the aid of a computer, this number would be a strong prime in the cryptographic sense because 439351292910452432574786963588089477522344330 has the large prime factor 1747822896920092227343 (and in turn the number one less than that has the large prime factor 1683837087591611009), 439351292910452432574786963588089477522344332 has the large prime factor 864608136454559457049 (and in turn the number one less than that has the large prime factor 105646155480762397). Even using algorithms more advanced than

trial division Trial division is the most laborious but easiest to understand of the integer factorization algorithms. The essential idea behind trial division tests to see if an integer ''n'', the integer to be factored, can be divided by each number in turn t ...

, these numbers would be difficult to factor by hand. For a modern

computer algebra system A computer algebra system (CAS) or symbolic algebra system (SAS) is any mathematical software with the ability to manipulate mathematical expressions in a way similar to the traditional manual computations of mathematicians and scientists. The d ...

, these numbers can be factored almost instantaneously. A

cryptographically strong Strong cryptography or cryptographically strong are general terms applied to cryptographic systems or components that are considered highly resistant to cryptanalysis. Demonstrating the resistance of any cryptographic scheme to attack is a com ...

prime has to be much larger than this example.

Application of strong primes in cryptography

Factoring-based cryptosystems

Some people suggest that in the

key generation Key generation is the process of generating keys in cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted. A device or program used to generate keys is called a key generator or keygen. Generation in crypt ...

process in RSA cryptosystems, the modulus ''n'' should be chosen as the product of two strong primes. This makes the factorization of ''n'' = ''pq'' using Pollard's ''p'' − 1 algorithm computationally infeasible. For this reason, strong primes are required by the ANSI X9.31 standard for use in generating RSA keys for digital signatures. However, strong primes do not protect against modulus factorisation using newer algorithms such as

Lenstra elliptic curve factorization The Lenstra elliptic-curve factorization or the elliptic-curve factorization method (ECM) is a fast, sub-exponential running time, algorithm for integer factorization, which employs elliptic curves. For general-purpose factoring, ECM is the thi ...

and

Number Field Sieve In number theory, the general number field sieve (GNFS) is the most efficient classical algorithm known for factoring integers larger than . Heuristically, its complexity for factoring an integer (consisting of bits) is of the form :\exp\left( ...

algorithm. Given the additional cost of generating strong primes

RSA Security RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rive ...

do not currently recommend their use in

. Similar (and more technical) argument is also given by Rivest and Silverman.

Discrete-logarithm-based cryptosystems

It is shown by Stephen Pohlig and

Martin Hellman Martin Edward Hellman (born October 2, 1945) is an American cryptologist and mathematician, best known for his involvement with public key cryptography in cooperation with Whitfield Diffie and Ralph Merkle. Hellman is a longtime contributor to ...

in 1978 that if all the factors of ''p'' − 1 are less than log ''p'', then the problem of solving discrete logarithm modulo ''p'' is in P. Therefore, for cryptosystems based on discrete logarithm, such as DSA, it is required that ''p'' − 1 have at least one large prime factor.

Miscellaneous facts

A computationally large

safe prime In number theory, a prime number ''p'' is a if 2''p'' + 1 is also prime. The number 2''p'' + 1 associated with a Sophie Germain prime is called a . For example, 11 is a Sophie Germain prime and 2 × 11 + ...

is likely to be a cryptographically strong prime. Note that the criteria for determining if a pseudoprime is a

strong pseudoprime A strong pseudoprime is a composite number that passes the Miller–Rabin primality test. All prime numbers pass this test, but a small fraction of composites also pass, making them "pseudoprimes". Unlike the Fermat pseudoprimes, for which there ex ...

is by congruences to powers of a base, not by inequality to the arithmetic mean of neighboring pseudoprimes. When a prime is equal to the mean of its neighboring primes, it's called a balanced prime. When it's less, it's called a weak prime (not to be confused with a weakly prime number).

References

External links

Guide to Cryptography and Standards

- RSA Lab's explanation on strong vs weak primes {{Prime number classes Classes of prime numbers Theory of cryptography