Abstract
An alternative technique for finding small roots of univariate modular equations is described. This approach is then compared with that taken in (Coppersmith, 1996), which links the concept of the dual lattice (see (Cassels, 1971)) to the LLL algorithm (see (Lenstra et al., 1982)). Timing results comparing both algorithms are given, and practical considerations are discussed. This work has direct applications to several low exponent attacks on the RSA cryptographic scheme (see (Coppersmith, 1996)).
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
Cassels, J. W. S. 1971. An introduction to the geometry of numbers. Springer.
Cohen, H. 1991. A Course in Computational Algebraic Number Theory. Springer-Verlag.
Coppersmith, D. 1996. Finding a small root of a univariate modular equation. In: Proceedings of Eurocrypt 96.
Lenstra, A. K., Lenstra, H. W., & Lovasz, L. 1982. Factoring polynomials with integer coefficients. Mathematische Annalen, 261, 513–534.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Howgrave-Graham, N. (1997). Finding small roots of univariate modular equations revisited. In: Darnell, M. (eds) Crytography and Coding. Cryptography and Coding 1997. Lecture Notes in Computer Science, vol 1355. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0024458
Download citation
DOI: https://doi.org/10.1007/BFb0024458
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63927-5
Online ISBN: 978-3-540-69668-1
eBook Packages: Springer Book Archive