Comment by gus_massa

Never trust the client. You must do a full verification. IIUC from another comment, you only ask the client to return the interval they tested and some token to ensure the server send them that interval.

You must ask for each number in the interval the two primes and a Primality certificate for each prime. https://en.wikipedia.org/wiki/Primality_certificate

The idea is that it's very hard to find the two primes and it's very hard to prove that they are actually primes. But if the client send you both primes and send you each primality certificate, then the verification is very fast. Also, you can store that info so people can see it.