In mathematics, a Solinas prime, or generalized Mersenne prime, is a

prime number A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only way ...

that has the form

f(2^m)

, where

f(x)

is a low-

degree Degree may refer to: As a unit of measurement * Degree (angle), a unit of angle measurement ** Degree of geographical latitude ** Degree of geographical longitude * Degree symbol (°), a notation used in science, engineering, and mathemati ...

polynomial In mathematics, a polynomial is an expression consisting of indeterminates (also called variables) and coefficients, that involves only the operations of addition, subtraction, multiplication, and positive-integer powers of variables. An ex ...

with small

integer An integer is the number zero (), a positive natural number (, , , etc.) or a negative integer with a minus sign ( −1, −2, −3, etc.). The negative numbers are the additive inverses of the corresponding positive numbers. In the language ...

coefficient In mathematics, a coefficient is a multiplicative factor in some term of a polynomial, a series, or an expression; it is usually a number, but may be any expression (including variables such as , and ). When the coefficients are themselves ...

s. These primes allow fast modular reduction algorithms and are widely used in

cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...

. They are named after Jerome Solinas. This class of numbers encompasses a few other categories of prime numbers: *

Mersenne primes In mathematics, a Mersenne prime is a prime number that is one less than a power of two. That is, it is a prime number of the form for some integer . They are named after Marin Mersenne, a French Minim friar, who studied them in the early 17t ...

, which have the form

2^k-1

, * Crandall or pseudo-Mersenne primes, which have the form

2^k-c

for small

odd Odd means unpaired, occasional, strange or unusual, or a person who is viewed as eccentric. Odd may also refer to: Acronym * ODD (Text Encoding Initiative) ("One Document Does it all"), an abstracted literate-programming format for describing X ...

c

Modular Reduction Algorithm

Let

f(t) = t^d - c_t^ - ... - c_0

be a

monic polynomial In algebra, a monic polynomial is a single-variable polynomial (that is, a univariate polynomial) in which the leading coefficient (the nonzero coefficient of highest degree) is equal to 1. Therefore, a monic polynomial has the form: :x^n+c_x^+\ ...

of degree

d

with coefficients in

\mathbb

and suppose that

p = f(2^m)

is a Solinas prime. Given a number

n < p^2

with up to

2md

bits, we want to find a number

congruent Congruence may refer to: Mathematics * Congruence (geometry), being the same size and shape * Congruence or congruence relation, in abstract algebra, an equivalence relation on an algebraic structure that is compatible with the structure * In mod ...

n

mod

p

with only as many bits as

p

– that is, with at most

md

bits. First, represent

n

in base

2^m

: :

n = \sum_^A_j2^

Next, generate a

d

-by-

d

matrix Matrix most commonly refers to: * ''The Matrix'' (franchise), an American media franchise ** '' The Matrix'', a 1999 science-fiction action film ** "The Matrix", a fictional setting, a virtual reality environment, within ''The Matrix'' (franchi ...

X = (X_)

by stepping

d

times the

linear-feedback shift register In computing, a linear-feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state. The most commonly used linear function of single bits is exclusive-or (XOR). Thus, an LFSR is most often a ...

defined over

\mathbb

by the polynomial

f

: starting with the

d

-integer register

0 , ...,  0 ,  1 /math>, shift right one position, injecting 0 on the left and adding (component-wise) the output value times the vector_0,...,c_/math> at each step (see for details). Let X_be the integer in the j th register on the i th step and note that the first row of X is given by (X_) =_0,...,c_/math>. Then if we denote by B = (B_i) the integer vector given by:

: (B_0 ... B_) = (A_0 ... A_) + (A_d ... A_)X,

it can be easily checked that:

: \sum_^B_j2^\equiv\sum_^A_j2^ \mod p .

Thus B represents an md -bit integer congruent to n .

For judicious choices of f (again, see, this algorithm involves only a relatively small number of additions and subtractions (and no divisions!), so it can be much more efficient than the naive modular reduction algorithm (n - p \cdot (n / p)).

Examples of Solinas primes

Four of the recommended primes in

NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sc ...

's document "Recommended Elliptic Curves for Federal Government Use" are Solinas primes: * p-192

2^ - 2^ - 1

* p-224

2^ - 2^ + 1

* p-256

2^ - 2^ + 2^ + 2^ -1

* p-384

2^ - 2^ - 2^ + 2^ - 1

Curve448 In cryptography, Curve448 or Curve448-Goldilocks is an elliptic curve potentially offering 224 bits of security and designed for use with the elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. Developed by Mike Hamburg of Rambus Cryptog ...

uses the Solinas prime

2^ - 2^ - 1.

References

{{Prime number classes, state=collapsed Classes of prime numbers fr:Nombre de Mersenne premier#Généralisations

Modular Reduction Algorithm

Examples of Solinas primes

See also

References