Build Your Own Prime Number Generator — Step-by-Step Tutorial

Generating Primes Fast: The Ultimate Prime Number Generator GuidePrime numbers are the building blocks of number theory and underpin many applications in computer science, cryptography, and mathematics. This guide explains how to generate primes quickly, compares common algorithms, offers implementation tips, and provides guidance for scaling to large ranges or cryptographic-sized primes.

---

What are prime numbers and why generate them quickly?

A prime number is an integer greater than 1 that has no positive divisors other than 1 and itself. Efficient prime generation is important for:

• Cryptography (RSA, Diffie–Hellman) where large random primes are required.
• Mathematical experiments and research.
• Algorithms and testing that need prime-based structures (hashing, pseudo-random number generators).
• Educational purposes and coding competitions.

---

Overview of prime-generation approaches

There are two broad goals when generating primes:

• Enumerate all primes up to a bound N.
• Produce large random primes (hundreds to thousands of bits) for cryptography.

Common algorithms:

• Trial division — simple, good for very small ranges.
• Sieve of Eratosthenes — classic method for enumerating primes up to N.
• Optimized sieves — segmented sieve, wheel factorization, bit-packing.
• Probabilistic primality tests — Miller–Rabin, Baillie–PSW for testing large integers.
• Deterministic tests for specialized sizes — AKS (theoretical), deterministic Miller–Rabin variants for bounded sizes.

---

Sieve of Eratosthenes (basic)

The Sieve of Eratosthenes marks multiples of primes to identify primes up to N. Complexity: O(N log log N) time, O(N) memory.

Basic steps:

1. Create a boolean array is_prime[2..N], initially true.
2. For p from 2 to sqrt(N): if is_prime[p], mark multiples p*p, p*p+p, … as false.
3. Remaining true indices are primes.

Pros: simple, fast for N up to ~10^8 (with optimized memory).
Cons: memory usage grows with N; not ideal for huge N that exceed RAM.

---

Memory and speed optimizations for sieves

• Bit packing: store one bit per odd number to reduce memory 8× relative to a byte array.
• Only sieve odd numbers: skip even indices to halve memory and work.
• Wheel factorization: skip multiples of small primes (e.g., 2,3,5) to reduce operations.
• Block/segmented sieving: process ranges (segments) that fit in cache or RAM; essential when N is large or when generating primes in a range [L, R].
• Precompute small primes up to sqrt® to use while segmented sieving.

Example benefits:

• Segmented sieve + bit packing lets you enumerate primes up to 10^12 in reasonable time on commodity hardware (subject to IO and memory limits).
• Using CPU cache-friendly block sizes (e.g., a few MB) yields noticeable speedups.

---

Segmented Sieve (for ranges and large N)

Segmented sieve enumerates primes in [L, R] by:

1. Sieve small primes up to sqrt® with a base sieve.
2. Process the range [L, R] in segments of size S (fit in cache).
3. For each segment, mark multiples of base primes starting at the appropriate offset.

Advantages:

• Low memory: only need space for the segment plus base primes.
• Can handle R up to very large values limited by time rather than memory.

Practical tips:

• Use odd-only representation.
• Choose segment size ~ a few MB to exploit cache.
• Pre-calculate start indices for each base prime to avoid repeated division.

---

Fast primality testing for large numbers

For cryptographic-sized primes (e.g., 1024–8192 bits), sieves are irrelevant — use probabilistic tests:

• Miller–Rabin primality test

  • A randomized strong probable-prime test.
  • For a k-round test, the probability a composite passes all rounds is at most 4^-k for random bases; deterministic sets of bases exist for integers below certain bounds.
  • Fast: modular exponentiation is the heavy operation; time roughly O(k * log^3 n) using modular multiplication algorithms.

• Baillie–PSW

  • Combines a single strong base-2 Miller–Rabin with a Lucas probable-prime test.
  • No counterexamples are known; often used as a fast, reliable primality check.

• Deterministic Miller–Rabin

  • For 64-bit integers, testing a small fixed set of bases yields a deterministic result.
  • For example, testing bases {2, 3, 5, 7, 11, 13} (specific sets vary by bound) can be deterministic up to particular limits.

• AKS primality test

  • Deterministic and polynomial time, but much slower in practice than probabilistic tests.

Generating large random primes (typical cryptographic flow):

1. Randomly generate an odd candidate of the desired bit length with high bit set.
2. Perform small-prime trial division (e.g., by primes < 1000) to remove easy composites.
3. Apply Miller–Rabin with enough rounds (e.g., 64 rounds for very high assurance, though 16–32 rounds are common).
4. Optionally run Baillie–PSW as an additional check.

---

Implementation notes and code sketches

Here are concise patterns (language-agnostic).

Sieve of Eratosthenes (odd-only, bit-packed):

• Represent only odd numbers: index i represents value 2*i+1.
• For each prime p starting at 3, mark multiples starting at p*p; compute index for p*p and step by 2*p.

Segmented sieve:

• Compute base_primes = sieve(sqrt®).
• For segment_low from L to R step segment_size:
  • segment_high = min(segment_low + segment_size – 1, R)
  • initialize boolean array for segment representing odd numbers.
  • for each p in base_primes: find first multiple >= segment_low and mark multiples.
  • collect primes from unmarked positions.

Miller–Rabin (outline):

• Write n-1 = d * 2^s with d odd.
• For each random base a in [2, n-2]:
  • x = a^d mod n
  • if x == 1 or x == n-1 continue next base
  • repeat s-1 times: x = x^2 mod n; if x == n-1 break and continue
  • if loop finishes without x == n-1, composite.

Small-prime trial division:

• Precompute a list of small primes (e.g., up to 10^4).
• Test candidate modulo each; if divisible, reject.

---

Practical performance tips

• For enumerating up to N on a single machine: segmented sieve with bit-packed odd-only storage and wheel factorization yields best practical throughput.
• Use optimized modular multiplication (Montgomery reduction) for very large integers in Miller–Rabin to speed modular exponentiation.
• Avoid repeated memory allocations by reusing buffers for segments and temporary arrays.
• Parallelize across segments or across base primes where memory and cache allow; ensure thread-safe marking.
• For cryptographic prime generation, prefer hardware RNGs or cryptographically secure CSPRNGs, and post-filter with Miller–Rabin + Baillie–PSW.

---

Choosing parameters and examples

• Small-scale hobby: For N ≤ 10^7, a simple odd-only sieve in memory is easy and fast.
• Medium-scale: N ≤ 10^10, use segmented sieve with ~1–10 MB segments and bit-packed storage.
• Large-scale research: N up to 10^12 or more — segmented sieve, parallelization, and external storage strategies.
• Cryptographic primes: 2048-bit primes — generate random candidates, trial divide, run 20–64 Miller–Rabin rounds plus Baillie–PSW if desired.

---

Common pitfalls

• Not handling even numbers efficiently wastes half the work.
• Using naive data structures causes cache misses; favor contiguous arrays and power-of-two-aligned segment sizes.
• Failing to use CSPRNG for cryptographic primes leads to vulnerabilities.
• Forgetting to set the top bit in random candidate generation can produce weaker-than-intended primes.

---

Summary

• For enumerating primes up to a limit: use an optimized segmented Sieve of Eratosthenes (odd-only, bit-packed, wheel factorization).
• For large random primes: use trial division plus Miller–Rabin (and optionally Baillie–PSW) with sufficient rounds and a secure RNG.
• Focus on memory layout, bit-level storage, and cache-friendly segment sizes for best practical performance.

---