Average case error estimates of the strong Lucas test

Abstract

AbstractReliable probabilistic primality tests are fundamental in public-key cryptography. In adversarial scenarios, a composite with a high probability of passing a specific primality test could be chosen. In such cases, we need worst-case error estimates of the test. However, in many scenarios, the numbers are randomly chosen and thus have a significantly smaller error probability. We are hence interested in average-case error estimates. In this paper we establish such bounds for the strong Lucas primality test, as there exist only worst-case, but no average-case error bounds. This allows us to use this test with more confidence. Let us examine an algorithm that draws odd k-bit integers uniformly and independently, runs t independent iterations of the strong Lucas test with randomly chosen parameters, and outputs the first number that passes all t consecutive rounds. We attain numerical upper bounds on the probability that a composite is returned. Moreover, we examine a slight modification of this algorithm that only considers integers that are not divisible by small primes, yielding improved bounds. In addition, we classify the numbers that contribute most to our estimate.