This International Standard specifies methods for generating and testing prime numbers as required in cryptographic protocols and algorithms.
Firstly, this International Standard specifies methods for testing whether a given number is prime. The testing methods included in this International Standard can be divided into two groups: - Probabilistic primality tests, which have a small error probability. All probabilistic tests described here may declare a composite to be a prime. One test described here may declare a prime to be composite. - Deterministic methods, which are guaranteed to give the right verdict. These methods use so-called primality certificates.
Secondly, this International Standard specifies methods to generate prime numbers. Again, both probabilistic and deterministic methods are presented.
Note - Readers with a background in algorithm theory may have had previous encounters with probabilistic and deterministic algorithms. We stress that the deterministic methods in this International Standard internally still make use of random bits, and deterministic only refers to the fact that the output is correct with probability one.
Annex B describes variants of the methods for generating primes so that particular cryptographic requirements can be met.
The methods for generating, proving and verifying primality defined by this International Standard are applicable to cryptographic systems based on the properties of the primes.
Note - The specifications of the tests given in this International Standard define the properties to be tested in the simplest possible form. Following these specifications directly will not necessarily produce the most efficient implementations. This is especially the case for the Frobenius-Grantham test.