本文件规定了根据密码协议和算法的要求生成和测试素数的方法。 首先，本文件规定了测试给定数字是否为素数的方法。本文件中包含的测试方法分为两组: -概率素性测试，错误概率很小。这里描述的所有概率测试都可以将一个组合声明为素数； -确定性方法，保证给出正确的结论。这些方法使用所谓的素性证书。 其次，本文档指定了生成素数的方法。再次介绍了概率方法和确定性方法。 请注意，有算法理论背景的读者可能已经接触过概率和确定性算法。本文件中的确定性方法在内部仍然使用随机位（通过ISO/IEC 18031中描述的方法生成），而“确定性”仅指输出正确的概率为1。 附录A提供了米勒-拉宾素性测试使用的错误概率。 附录B描述了生成素数的各种方法，以满足特定的密码要求。 附录C定义了素数生成和验证方法使用的原语。

This document specifies methods for generating and testing prime numbers as required in cryptographic protocols and algorithms. Firstly, this document specifies methods for testing whether a given number is prime. The testing methods included in this document are divided into two groups: — probabilistic primality tests, which have a small error probability. All probabilistic tests described here can declare a composite to be a prime; — deterministic methods, which are guaranteed to give the right verdict. These methods use so-called primality certificates. Secondly, this document specifies methods to generate prime numbers. Again, both probabilistic and deterministic methods are presented. NOTE It is possible that readers with a background in algorithm theory have already had previous encounters with probabilistic and deterministic algorithms. The deterministic methods in this document internally still make use of random bits (to be generated via methods described in ISO/IEC 18031), and "deterministic" only refers to the fact that the output is correct with probability one. Annex A provides error probabilities that are utilized by the Miller-Rabin primality test. Annex B describes variants of the methods for generating primes so that particular cryptographic requirements can be met. Annex C defines primitives utilized by the prime generation and verification methods.