• Corpus ID: 244714344

# Two variable polynomial congruences and capacity theory

@inproceedings{Chinburg2021TwoVP,
title={Two variable polynomial congruences and capacity theory},
author={Ted Chinburg and Brett Hemenway Falk and Nadia Heninger and Zachary Scherr},
year={2021}
}
• Published 28 November 2021
• Mathematics, Computer Science
Coppersmith’s method [8] uses lattice basis reduction to find small solutions of polynomial congruences. This method and its variants have been used to solve a number of problems across cryptography, including attacks against low public exponent RSA [8], demonstrating the insecurity of small private exponent RSA [2], factoring with partial knowledge [8], and the approximate integer common divisor problem [11, 15, 7]. This paper is the second in a series relating Coppersmith’s method to adelic…

## References

SHOWING 1-10 OF 15 REFERENCES

• Mathematics, Computer Science
ASIACRYPT
• 2016
Using capacity theory, it is proved that Coppersmith's bound for univariate polynomials is optimal in the sense that there are no auxiliary polynomial of the type he used that would allow finding roots of size of size N^{1/d+\epsilon}$for monic degree-$d polynmials modulo $N$.
As an application of the partial approximate common divisor algorithm, it is shown that a cryptosystem proposed by Okamoto actually leaks the private information directly from the public information in polynomial time.
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2011
This work analyzes the multivariate generalization of Howgrave-Graham's algorithm for the approximate common divisor problem and develops a corresponding lattice-based list decoding algorithm for Parvaresh-Vardy and Guruswami-Rudra codes, which are multivariate extensions of Reed-Solomon codes.
It is shown how to find sufficiently small integer solutions to a polynomial in a single variable modulo N, and to a Poole's inequality in two variables over the integers.
An alternative technique for finding small roots of univariate modular equations is described and it is compared with that taken in (Coppersmith, 1996), which links the concept of the dual lattice to the LLL algorithm.
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2020
This work formalizes lattice problems augmented with a predicate distinguishing a target vector and gives algorithms for solving instances of these problems and demonstrates that their algorithms succeed in recovering the signing key for instances that were previously believed to be unsolvable using lattice approaches.
• Computer Science, Mathematics
JACM
• 2013
The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones, by introducing an algebraic variant of LWE called ring-LWE, and proving that it too enjoys very strong hardness guarantees.
• Computer Science, Mathematics
CRYPTO
• 1996
We show that computing the most significant bits of the secret key in a Diffie-Hellman key-exchange protocol from the public keys of the participants is as hard as computing the secret key itself.
• Computer Science, Mathematics
IEEE Trans. Inf. Theory
• 1999
We show that if the private exponent d used in the RSA (Rivest-Shamir-Adleman (1978)) public-key cryptosystem is less than N/sup 0.292/ then the system is insecure. This is the first improvement over
• Mathematics, Computer Science
EUROCRYPT
• 2010
A fully homomorphic encryption scheme, using only elementary modular arithmetic, that reduces the security of the scheme to finding an approximate integer gcd, and investigates the hardness of this task, building on earlier work of Howgrave-Graham.