Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities

@article{Coppersmith1997SmallST,
  title={Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities},
  author={D. Coppersmith},
  journal={Journal of Cryptology},
  year={1997},
  volume={10},
  pages={233-260}
}
  • D. Coppersmith
  • Published 1997
  • Mathematics, Computer Science
  • Journal of Cryptology
    • Abstract. We show how to find sufficiently small integer solutions to a polynomial in a single variable modulo N, and to a polynomial in two variables over the integers. The methods sometimes extend to more variables. As applications: RSA encryption with exponent 3 is vulnerable if the opponent knows two-thirds of the message, or if two messages agree over eight-ninths of their length; and we can find the factors of N=PQ if we are given the high order $\frac{1}{4} \log_2 N$ bits of P. 
    View on Springer
    di.ens.fr
    688 Citations
    Highly Influential Citations
    86
    Background Citations
    186
    Methods Citations
    190
    Results Citations
    11

    Topics from this paper

    Explore Further: Topics Discussed in This Paper

      688 Citations
      Citation Type

      Citation Type

      Application of ECM to a class of RSA keys
      • 2
      • PDF
      Factoring multi-power RSA moduli with primes sharing least or most significant bits
      • 1
      Factoring RSA moduli with primes sharing bits in the middle
      • Omar Akchiche, O. Khadir
      • Mathematics, Computer Science
      • Applicable Algebra in Engineering, Communication and Computing
      • 2017
      • 2
      • Highly Influenced
      A new RSA vulnerability using continued fractions
      • 8
      Factoring Multi-power RSA Modulus N = p r q with Partial Known Bits
      • 11
      • Highly Influenced
      Cryptanalysis of Unbalanced RSA with Small CRT-Exponent
      • A. May
      • Mathematics, Computer Science
      • CRYPTO
      • 2002
      • 49
      • PDF
      A new attack on RSA with two or three decryption exponents
      • 1
      • Highly Influenced
      • PDF
      Finding Small Roots of Bivariate Integer Polynomial Equations: A Direct Approach
      • J. Coron
      • Computer Science, Mathematics
      • CRYPTO
      • 2007
      • 42
      • PDF
      New Results on Solving Linear Equations Modulo Unknown Divisors and its Applications
      • Yao Lu, Rui Zhang, D. Lin
      • Mathematics, Computer Science
      • IACR Cryptol. ePrint Arch.
      • 2014
      • 6
      • PDF
      Factoring multi power RSA moduli with a class of secret exponents
      • Highly Influenced
      • PDF

      References

      SHOWING 1-10 OF 15 REFERENCES
      Finding a Small Root of a Univariate Modular Equation
      • 309
      • PDF
      Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known
      • 265
      • PDF
      Solving Simultaneous Modular Equations of Low Degree
      • J. Håstad
      • Mathematics, Computer Science
      • SIAM J. Comput.
      • 1988
      • 187
      • PDF
      Protocol Failures for RSA-Like Functions Using Lucas Sequences and Elliptic Curves
      • 10
      • PDF
      Low-Exponent RSA with Related Messages
      • 171
      • PDF
      Optimal Asymmetric Encryption
      • 907
      • PDF
      Factoring polynomials with rational coefficients
      • 3,743
      • PDF
      NP-Complete Decision Problems for Binary Quadratics
      • 101
      • PDF
      Efficient Factoring Based on Partial Information
      • 80
      • PDF
      A method for obtaining digital signatures and public-key cryptosystems
      • 7,150
      • PDF