Asymptotically fast triangularization of matrices over rings
SIAM Journal on Computing
Cryptanalysis of Unbalanced RSA with Small CRT-Exponent
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring
Journal of Cryptology
Finding a small root of a univariate modular equation
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Finding small roots of bivariate integer polynomial equations: a direct approach
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
A tool kit for finding small roots of bivariate polynomials over the integers
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Partial key exposure attacks on RSA up to full size exponents
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
New attacks on RSA with small secret CRT-Exponents
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
On the Improvement of the BDF Attack on LSBS-RSA
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Factorization of Square-Free Integers with High Bits Known
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
A New Side-Channel Attack on RSA Prime Generation
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Finding small roots of bivariate integer polynomial equations: a direct approach
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
RSA moduli with a predetermined portion: techniques and applications
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Partial key exposure on RSA with private exponents larger than N
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
| Hi-index | 0.00 |
Coppersmith described at Eurocrypt 96 an algorithm for finding small roots of bivariate integer polynomial equations, based on lattice reduction. A simpler algorithm was later proposed in [9], but it was asymptotically less efficient than Coppersmith's algorithm. In this paper, we describe an analogous simplification but with the same asymptotic complexity as Coppersmith. We illustrate our new algorithm with the problem of factoring RSA moduli with high-order bits known; in practical experiments our method is several orders of magnitude faster than [9].