NEW IACR ePrint paper published → arXiv: tesfadereth

RSA primes,
66–79% faster.
Formally proved.

TesfahSec uses a proprietary mathematical approach — formally proved and independently verified — to generate cryptographic primes with far fewer primality tests. As key sizes grow, the savings compound.

Get started free → Read the paper GitHub ↗
install
pip install tesfagrid
79%
Fewer primality tests
at 1024-bit RSA · measured
66%
Fewer primality tests
at 2048-bit RSA · measured
348K
verified gaps · 0 violations
independent run verification
Designed for
CERTIFICATE AUTHORITIES · CLOUD PROVIDERS · HSM MANUFACTURERS · FINANCIAL TECHNOLOGY · SECURITY TEAMS · OPEN SOURCE PROJECTS · RESEARCHERS · CERTIFICATE AUTHORITIES · CLOUD PROVIDERS · HSM MANUFACTURERS · FINANCIAL TECHNOLOGY · SECURITY TEAMS · OPEN SOURCE PROJECTS · RESEARCHERS ·
How it works

Smarter candidate selection.
Same security. Less work.

Standard prime generation searches blindly. TesfahSec uses a formally proved approach to generate only valid candidates — before any expensive test runs.

01 / 04

Proprietary pre-filter

A formally proved mathematical constraint eliminates numbers that cannot be prime before any computation begins. No guessing. No wasted iterations. Derived from the Tesfa Grid geometric framework.

Formally proved · Tesfa Grid
02 / 04

Multi-layer elimination

Additional screening layers further reduce the candidate pool before any primality test is called. Each layer is mathematically justified — not heuristic. The result: 66–79% fewer primality tests.

66–79% test reduction · measured
03 / 04

Deterministic primality test

Only validated candidates reach the final primality test. We use the industry-standard witness set — deterministically correct for all practical RSA key sizes. Same certainty. Reached faster.

Deterministic · no false positives
04 / 04
🔐

Full unpredictability preserved

Every prime is selected from a cryptographically random start. The pre-filtering only removes impossible candidates — every valid prime remains reachable with equal probability. Security is unchanged.

CSPRNG random · uniform distribution
Side by side

Standard vs TesfahSec

The same prime. A fundamentally different path to find it.

STANDARD Blind random search
1
Pick a completely random number
No mathematical knowledge applied. Any integer in the bit range is a candidate, including the vast majority that cannot be prime.
2
Basic filtering — skip even numbers
The only mathematical knowledge applied: even numbers are not prime. Eliminates 50% of candidates. Still leaves most composites untouched.
3
Run expensive primality test
Miller-Rabin primality test runs on the candidate. At 2048-bit, this is called approximately 836 times before a prime is found. Most calls return composite.
~836 Miller-Rabin tests at 2048-bit
Most work is wasted on impossible candidates
TESHFAHSEC Proof-guided generation
1
Apply proprietary pre-filter
A formally proved constraint — derived from the Tesfa Grid — instantly eliminates numbers that cannot be prime. No computation required. No valid prime is missed.
2
Additional screening layers
Further mathematically justified filters reduce the candidate pool. Combined, the multi-layer approach eliminates up to 79% of integers before any primality test runs.
3
Run the same primality test
Identical Miller-Rabin test — but called only on candidates that have already passed all pre-filters. At 2048-bit, called approximately 282 times. Same prime found.
~282 Miller-Rabin tests at 2048-bit
−66% work. Same prime. Same security.
Benchmark

Three machines. One result.

Miller-Rabin test count is machine-independent — it measures algorithmic work. Verified independently on two machines with 150 total trials.

512-BIT
512-bit
Standard184 tests
TesfahSec41 tests
−78%
1024-BIT · MAX REDUCTION
1024-bit
Standard511 tests
TesfahSec108 tests
−79%
2048-BIT · NIST STANDARD
2048-bit
Standard836 tests
TesfahSec282 tests
−66%
NIST recommended
MethodRun 1Run 2Run 3 · independentAvgvs Standard
Standard baseline213194194200
Standard+ (basic opt.)245112112156−22%
TesfahSecour method84616169−66%

512-bit primes · 150 total trials · theorem compliance 100% on all generated primes

DigiCert and Microsoft are transitioning to 3072-bit and 4096-bit RSA. Miller-Rabin cost scales as O(bits³) — each test becomes exponentially more expensive at larger key sizes. TesfahSec savings compound as the industry moves to larger keys. At 4096-bit, each primality test is 512× more expensive than at 512-bit. Our 66%+ reduction is worth more with every bit added.
Who benefits

Built for production security

Any system generating RSA or ECC keys benefits. The larger the key, the greater the savings.

🏛

Certificate Authorities

Millions of TLS certificates issued, each requiring RSA prime generation. At 2048-bit: 554 fewer primality tests per certificate. At scale across millions of certificates, compute savings are measurable.

−66% compute per certificate at 2048-bit

HSM Manufacturers

Hardware security modules generate RSA keys continuously. TesfahSec reduces computation per key and eliminates timing variability in candidate generation — a property valued in FIPS-compliant implementations.

Constant-time generation · FIPS-relevant
🏦

Financial Technology

Every secure API call, digital signature, and encrypted transaction uses RSA or ECC. Companies upgrading to 3072-bit for NIST compliance need efficient, formally proved prime generation at scale.

REST API · drop-in · no code change

Developers and Researchers

Any application generating RSA keys benefits. Open-source Python library for integration. REST API with a free tier for testing and small projects. Academic paper for those who need the formal proof.

pip install tesfagrid · 100 free calls/month
API Reference

One header. One endpoint.
A prime in milliseconds.

REST API, zero dependencies, any language.

GET
/v1/generate
Generate a prime · 256 to 4096-bit
GET
/v1/generate/rsa-pair
Full RSA keypair (p, q, n) · Pro+
GET
/v1/verify
Verify primality · all tiers · free
GET
/v1/status
Health check · no auth required
Or use the library
from tesfagrid import prime_generator
p, tests = prime_generator.generate(bits=2048)
# tests = 282 vs ~836 standard
GET /v1/generate
# Request curl "https://tesfagrid.io/v1/generate?bits=2048" \ -H "X-API-Key: tg_pro_your_key" # Response { "prime": "9821374956...", "bits": 2048, "miller_rabin_tests": 282, "generation_ms": 142.3, "calls_remaining": 99718 }
Pricing

Start free. Scale as you grow.

Same quality at every tier. Cancel any time.

Free
$0
100 calls / month
  • Up to 512-bit primes
  • 5 calls / minute
  • /v1/verify included
  • Email support
Get free key →
Starter
$29/mo
10,000 calls / month
  • Up to 1024-bit primes
  • 30 calls / minute
  • Usage dashboard
  • Email support
Start →
MOST POPULAR
Pro
$99/mo
100,000 calls / month
  • Up to 2048-bit primes
  • RSA pair generation
  • 120 calls / minute
  • Priority support
Start Pro →
Enterprise
$499/mo
Unlimited
  • Up to 4096-bit primes
  • RSA pair generation
  • 600 calls / minute
  • SLA guarantee
Contact us →

HSM / hardware licensing from $50,000 one-time · Contact us

Formally proved security

Security proof published on IACR ePrint and arXiv. Every generated prime is drawn from the full distribution with equal probability. No prime excluded.

No timing side-channel

Constant-time candidate generation — no variable rejection loop. Critical for hardware security modules and FIPS compliance environments.

Open source foundation

Core algorithm MIT-licensed on GitHub. Full source available. The API adds infrastructure — not secrecy. Inspect everything.

Research

The mathematics is published

IACR ePrint and arXiv. Complete security proof. All benchmark data. Seven sections.

Tesfa Grid Sieve: Theorem-Guided Prime Generation — Tesfaye Dereje, JFS, 2026

IACR ePrint → Research hub → GitHub →