[raverbashing]

I would be very weary of changing such constants as this

19 should have been tested by a lookup table, there's no need to apply such heavy test to it

However, by changing that constant (if not properly verified) I'd worry it might change the primality test for some classes of numbers. Where this might be later manipulated to produce a weak key

[mkl]

I think you're misunderstanding the constant: it is only used for small numbers (≤ 23), which are tested with a lookup table, and the constant is itself that lookup table. The test for small numbers is literally just checking a bit, so is not heavy at all.

They intended to do 2^2+2^3+2^5+2^7+2^11+2^13+2^17+2^19+2^23 = 9054380, but they accidentally left out 2^19, and got 2^2+2^3+2^5+2^7+2^11+2^13+2^17+2^23 = 8530092.

You can see the problematic Algorithm 4.16 on p31 here: https://gitlab.com/swisspost-evoting/crypto-primitives/crypt...

[raverbashing]

Thanks for explaining it, now it makes sense (and I guess it makes sense to implement the "lookup table" like this in this case)

[vmilner]

To be fair, there’s a reasonable chance this would have picked up in testing once the pseudocode was actually implemented.