Generating safe primes

Joachim Von Zur Gathen, Igor E. Shparlinski

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)


Safe primes and safe RSA moduli are used in several cryptographic schemes. The most common notion is that of a prime P, where (p - 1)/2 is also prime. The latter is then a Sophie Germain prime. Under appropriate heuristics, they exist in abundance and can be generated efficiently. But the modern methods of analytic number theory have - so far - not even allowed to prove that there are infinitely many of them. Thus for this notion of safe primes, there is no algorithm in the literature that is unconditionally proven to terminate, let alone to be efficient. This paper considers a different notion of safe primes and moduli. They can be generated in polynomial time, without any unproven assumptions, and are good enough for the cryptographic applications that we are aware of.

Original languageEnglish
Pages (from-to)333-365
Number of pages33
JournalJournal of Mathematical Cryptology
Issue number4
Publication statusPublished - 1 Dec 2013
Externally publishedYes


  • Hofheinz-Kiltz-Shoup cryptosystem
  • Safe prime
  • Sophie Germain prime


Dive into the research topics of 'Generating safe primes'. Together they form a unique fingerprint.

Cite this