{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T09:29:50Z","timestamp":1768901390587,"version":"3.49.0"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032018540","type":"print"},{"value":"9783032018557","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01855-7_1","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T19:41:17Z","timestamp":1755373277000},"page":"3-32","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Computing Asymptotic Bounds for\u00a0Small Roots in\u00a0Coppersmith\u2019s Method via\u00a0Sumset Theory"],"prefix":"10.1007","author":[{"given":"Yansong","family":"Feng","sequence":"first","affiliation":[]},{"given":"Hengyi","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Qiyuan","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Abderrahmane","family":"Nitaj","sequence":"additional","affiliation":[]},{"given":"Yanbin","family":"Pan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Ajtai, M.: The shortest vector problem in $$L_2$$ is NP-hard for randomized reductions. In: Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, pp. 10\u201319 (1998)","DOI":"10.1145\/276698.276705"},{"key":"1_CR2","doi-asserted-by":"publisher","DOI":"10.1016\/j.aim.2024.109627","volume":"444","author":"E Bajo","year":"2024","unstructured":"Bajo, E., et al.: Weighted Ehrhardt theory: extending Stanley\u2019s nonnegativity theorem. Adv. Math. 444, 109627 (2024)","journal-title":"Adv. Math."},{"issue":"273","key":"1_CR3","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1090\/S0025-5718-2010-02378-6","volume":"80","author":"V Baldoni","year":"2011","unstructured":"Baldoni, V., Berline, N., De Loera, J., K\u00f6ppe, M., Vergne, M.: How to integrate a polynomial over a simplex. Math. Comput. 80(273), 297\u2013325 (2011)","journal-title":"Math. Comput."},{"key":"1_CR4","doi-asserted-by":"publisher","first-page":"1934","DOI":"10.1007\/BF02112432","volume":"70","author":"AI Barvinok","year":"1994","unstructured":"Barvinok, A.I.: Computation of exponential integrals. J. Math. Sci. 70, 1934\u20131943 (1994)","journal-title":"J. Math. Sci."},{"key":"1_CR5","first-page":"3","volume":"4","author":"AI Barvinok","year":"1992","unstructured":"Barvinok, A.I.: Partition functions in optimization and computational problems. Algebra i Analiz 4, 3\u201353 (1992)","journal-title":"Algebra i Analiz"},{"key":"1_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/11426639_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J Bl\u00f6mer","year":"2005","unstructured":"Bl\u00f6mer, J., May, A.: A tool kit for finding small roots of bivariate polynomials over the integers. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 251\u2013267. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_15"},{"issue":"4","key":"1_CR7","doi-asserted-by":"publisher","first-page":"1339","DOI":"10.1109\/18.850673","volume":"46","author":"D Boneh","year":"2000","unstructured":"Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than n\/sup 0.292. IEEE Trans. Inf. Theory 46(4), 1339\u20131349 (2000)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/3-540-45682-1_3","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"D Boneh","year":"2001","unstructured":"Boneh, D., Halevi, S., Howgrave-Graham, N.: The modular inversion hidden number problem. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 36\u201351. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45682-1_3"},{"key":"1_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/3-540-68697-5_11","volume-title":"Advances in Cryptology \u2014 CRYPTO 1996","author":"D Boneh","year":"1996","unstructured":"Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129\u2013142. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_11"},{"key":"1_CR10","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1090\/S0894-0347-97-00229-4","volume":"10","author":"M Brion","year":"1997","unstructured":"Brion, M., Vergne, M.: Lattice points in simple polytopes. J. Am. Math. Soc. 10, 371\u2013392 (1997)","journal-title":"J. Am. Math. Soc."},{"key":"1_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-030-44223-1_7","volume-title":"Post-Quantum Cryptography","author":"W Castryck","year":"2020","unstructured":"Castryck, W., Decru, T.: CSIDH on the surface. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 111\u2013129. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-44223-1_7"},{"key":"1_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1007\/3-540-68339-9_14","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1996","author":"D Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155\u2013165. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_14"},{"issue":"4","key":"1_CR13","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D Coppersmith","year":"1997","unstructured":"Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233\u2013260 (1997)","journal-title":"J. Cryptol."},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"492","DOI":"10.1007\/978-3-540-24676-3_29","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"J-S Coron","year":"2004","unstructured":"Coron, J.-S.: Finding small roots of bivariate integer polynomial equations revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492\u2013505. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24676-3_29"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1007\/978-3-540-74143-5_21","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"J-S Coron","year":"2007","unstructured":"Coron, J.-S.: Finding small roots of bivariate integer polynomial equations: a direct approach. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 379\u2013394. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74143-5_21"},{"issue":"2","key":"1_CR16","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/s00591-005-0094-9","volume":"52","author":"JA De Loera","year":"2005","unstructured":"De Loera, J.A.: The many aspects of counting lattice points in polytopes. Math. Semesterber. 52(2), 175\u2013195 (2005)","journal-title":"Math. Semesterber."},{"key":"1_CR17","unstructured":"De\u00a0Micheli, G., Heninger, N.: Recovering cryptographic keys from partial information, by example. Cryptology ePrint Archive (2020)"},{"issue":"5","key":"1_CR18","doi-asserted-by":"publisher","first-page":"967","DOI":"10.1137\/0217060","volume":"17","author":"ME Dyer","year":"1988","unstructured":"Dyer, M.E., Frieze, A.M.: On the complexity of computing the volume of a polyhedron. SIAM J. Comput. 17(5), 967\u2013974 (1988)","journal-title":"SIAM J. Comput."},{"key":"1_CR19","first-page":"616","volume":"254","author":"E Ehrhart","year":"1962","unstructured":"Ehrhart, E.: Sur les poly\u00e8dres rationnels homoth\u00e9tiques \u00e0 n dimensions. CR Acad. Sci. Paris 254, 616 (1962)","journal-title":"CR Acad. Sci. Paris"},{"key":"1_CR20","unstructured":"Feng, Y., Luo, H., Chen, Q., Nitaj, A., Pan, Y.: Computing asymptotic bounds for small roots in coppersmith\u2019s method via sumset theory. Cryptology ePrint Archive, Paper 2024\/1330 (2024). https:\/\/eprint.iacr.org\/2024\/1330"},{"key":"1_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2024.114549","volume":"999","author":"Y Feng","year":"2024","unstructured":"Feng, Y., Nitaj, A., Pan, Y.: Partial prime factor exposure attacks on some RSA variants. Theoret. Comput. Sci. 999, 114549 (2024)","journal-title":"Theoret. Comput. Sci."},{"issue":"6","key":"1_CR22","doi-asserted-by":"publisher","first-page":"1139","DOI":"10.1007\/s00493-023-00055-2","volume":"43","author":"A Granville","year":"2023","unstructured":"Granville, A., Shakan, G., Walker, A.: Effective results on the size and structure of Sumsets. Combinatorica 43(6), 1139\u20131178 (2023)","journal-title":"Combinatorica"},{"key":"1_CR23","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1023\/A:1009734613675","volume":"2","author":"SP Han","year":"1998","unstructured":"Han, S.P., Kirfel, C., Nathanson, M.B.: Linear forms in finite sets of integers. Ramanujan J. 2, 271\u2013281 (1998)","journal-title":"Ramanujan J."},{"key":"1_CR24","doi-asserted-by":"publisher","unstructured":"Heninger, N., Ryan, K.: The hidden number problem with small unknown multipliers: Cryptanalyzing mega in six queries and other applications. In: Boldyreva, A., Kolesnikov, V. (eds.) Public-Key Cryptography \u2013 PKC 2023. PKC 2023. LNCS, vol. 13940, pp. 147\u2013176. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-31368-4_6","DOI":"10.1007\/978-3-031-31368-4_6"},{"key":"1_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/978-3-642-13013-7_4","volume-title":"Public Key Cryptography \u2013 PKC 2010","author":"M Herrmann","year":"2010","unstructured":"Herrmann, M., May, A.: Maximizing small root bounds by linearization and applications to small secret exponent RSA. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 53\u201369. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13013-7_4"},{"key":"1_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/BFb0024458","volume-title":"Crytography and Coding","author":"N Howgrave-Graham","year":"1997","unstructured":"Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131\u2013142. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0024458"},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/3-540-44670-2_6","volume-title":"Cryptography and Lattices","author":"N Howgrave-Graham","year":"2001","unstructured":"Howgrave-Graham, N.: Approximate integer common divisors. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 51\u201366. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44670-2_6"},{"key":"1_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/11935230_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"E Jochemsz","year":"2006","unstructured":"Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267\u2013282. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11935230_18"},{"issue":"4","key":"1_CR29","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/BF01075048","volume":"26","author":"AG Khovanskii","year":"1992","unstructured":"Khovanskii, A.G.: Newton polyhedron, Hilbert polynomial, and sums of finite sets. Funct. Anal. Appl. 26(4), 276\u2013281 (1992)","journal-title":"Funct. Anal. Appl."},{"key":"1_CR30","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/BF01457454","volume":"261","author":"AK Lenstra","year":"1982","unstructured":"Lenstra, A.K., Lenstra, H.W., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515\u2013534 (1982)","journal-title":"Math. Ann."},{"issue":"2","key":"1_CR31","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1016\/j.jcss.2005.08.004","volume":"72","author":"L Lov\u00e1sz","year":"2006","unstructured":"Lov\u00e1sz, L., Vempala, S.: Simulated annealing in convex bodies and an o*(n4) volume algorithm. J. Comput. Syst. Sci. 72(2), 392\u2013417 (2006)","journal-title":"J. Comput. Syst. Sci."},{"key":"1_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/3-540-45708-9_16","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"A May","year":"2002","unstructured":"May, A.: Cryptanalysis of unbalanced RSA with small CRT-exponent. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 242\u2013256. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_16"},{"key":"1_CR33","unstructured":"May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, Citeseer (2003)"},{"key":"1_CR34","doi-asserted-by":"publisher","unstructured":"May, A., Nowakowski, J., Sarkar, S.: Approximate divisor multiples\u2013factoring with only a third of the secret CRT-exponents. In: Dunkelman, O., Dziembowski, S. (eds.) Advances in Cryptology \u2013 EUROCRYPT 2022. LNCS, vol. 13277, pp. 147\u2013167. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07082-2_6","DOI":"10.1007\/978-3-031-07082-2_6"},{"key":"1_CR35","doi-asserted-by":"publisher","unstructured":"Meers, J., Nowakowski, J.: Solving the Hidden Number Problem for CSIDH and CSURF via Automated Coppersmith. In: Guo, J., Steinfeld, R. (eds.) Advances in Cryptology \u2013 ASIACRYPT 2023. ASIACRYPT 2023. LNCS, vol. 14441, pp. 39\u201371. Springer, Singapore (2023). https:\/\/doi.org\/10.1007\/978-981-99-8730-6_2","DOI":"10.1007\/978-981-99-8730-6_2"},{"key":"1_CR36","doi-asserted-by":"crossref","unstructured":"Nathanson, M.B.: Growth of sumsets in abelian semigroups. arXiv preprint math\/0002091 (2000)","DOI":"10.1007\/PL00006010"},{"issue":"2","key":"1_CR37","first-page":"553","volume":"14","author":"MB Nathanson","year":"2002","unstructured":"Nathanson, M.B., Ruzsa, I.Z.: Polynomial growth of sumsets in abelian semigroups. J. de th\u00e9orie des nombres de Bordeaux 14(2), 553\u2013560 (2002)","journal-title":"J. de th\u00e9orie des nombres de Bordeaux"},{"key":"1_CR38","doi-asserted-by":"crossref","unstructured":"Ryan, K.: Solving multivariate coppersmith problems with known moduli. Cryptology ePrint Archive (2024)","DOI":"10.1007\/978-3-031-91095-1_13"},{"key":"1_CR39","doi-asserted-by":"publisher","unstructured":"Sarkar, S.: Enhanced bound for the commutative isogeny hidden number problem in CSURF. In: Mukhopadhyay, S., St\u0103nic\u0103, P. (eds.) Progress in Cryptology \u2013 INDOCRYPT 2024. LNCS, vol. 15496, pp. 201\u2013211. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-80311-6_10","DOI":"10.1007\/978-3-031-80311-6_10"},{"key":"1_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/978-3-319-56614-6_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"A Takayasu","year":"2017","unstructured":"Takayasu, A., Lu, Y., Peng, L.: Small CRT-exponent RSA revisited. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 130\u2013159. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56614-6_5"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01855-7_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T19:21:37Z","timestamp":1768850497000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01855-7_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032018540","9783032018557"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01855-7_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}