Ben Laurie <[EMAIL PROTECTED]> writes: > Simon Josefsson wrote: >> No, the certificate is verifiable in deterministic polynomial time. >> The test is probabilistic, though, but as long as it works, I don't >> see why that matters. However, I suspect the ANSI X9.80 or ISO 18032 >> paths are more promising. I was just tossing out URLs. > > Surely Miller-Rabin is polynomial time anyway?
Yes, but it doesn't produce certificates; the algorithm that I cited do. The algorithm to _verify_ the certificate was not probabilistic, only the algorithm to _produce_ the certificates was probabilistic. Btw, could you describe the threat scenario where you believe this test would be useful? Thanks, Simon --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]