使用BigInteger.isProbablePrime()生成加密安全素数 [英] Use of BigInteger.isProbablePrime() to generate cryptographically secure primes

问题描述

您可以使用BigInteger.isProbablePrime()生成加密安全的素数吗?要使他们安全"有什么确定性?

Can you use BigInteger.isProbablePrime() to generate cryptographically secure primes? What certainty is necessary for them to be "secure"?

推荐答案

我没有持有加密货币的学位，所以要加一点盐.

I do not hold a degree in crypto, so take this with a grain of salt.

您在这里有两个主要的关注领域:

You have two major areas of concern here:

1. 您的素数必须是不可预测的随机数.这意味着您需要使用诸如

1. Your primes need to be unpredictably random. This means that you need to use a source such as SecureRandom to generate your primes. No matter how sure of your primality, if they are predictable, the entire cryptosystem fails to meet its goal. If you are using the BigInteger(int bitLength, int certainty, Random rnd) constructor, you can pass in your SecureRandom as it subclasses Random.

您的潜在质数需要合理地确定为质数(我假设您使用的算法依赖于分解的难度).如果您获得了可能的素数，但攻击者很有可能在5分钟内将其分解，因为它具有您运行的素数测试从未注意到的因子，那么您的算法就有些运气了.通常使用Rabin-Miller，并且此答案指出，对于32位整数，15的确定性就足够了.推荐的最大值为40 ，任何超出此范围的值都是毫无意义的.

Your potential primes need to be reasonably certain of being primes (I'm assuming that you are using an algorithm that relies on the hardness of factoring). If you get a probable prime, but an attacker can, with a good probability, factor it within 5 minutes because it had a factor that never got noticed by the primality test you ran, you are somewhat out of luck with your algorithm. Rabin-Miller is generally used, and this answer states that a certainty of 15 is sufficient for 32-bit integers. A value up to 40 is recommended, and anything beyond that is meaningless.

这篇关于使用BigInteger.isProbablePrime()生成加密安全素数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！