{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T04:56:18Z","timestamp":1764996978421},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642390586"},{"type":"electronic","value":"9783642390593"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39059-3_7","type":"book-chapter","created":{"date-parts":[[2013,6,13]],"date-time":"2013-06-13T21:33:17Z","timestamp":1371159197000},"page":"88-103","source":"Crossref","is-referenced-by-count":14,"title":["Minkowski Sum Based Lattice Construction for Multivariate Simultaneous Coppersmith\u2019s Technique and Applications to RSA"],"prefix":"10.1007","author":[{"given":"Yoshinori","family":"Aono","sequence":"first","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"Aono, Y.: Minkowski sum based lattice construction for multivariate simultaneous Coppersmith\u2019s technique and applications to RSA. Cryptology ePrint Archive, 2012\/675 (2012)"},{"key":"7_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"376","DOI":"10.1007\/978-3-642-31448-3_28","volume-title":"Information Security and Privacy","author":"Y. Aono","year":"2012","unstructured":"Aono, Y., Agrawal, M., Satoh, T., Watanabe, O.: On the Optimality of Lattices for the Coppersmith Technique. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol.\u00a07372, pp. 376\u2013389. Springer, Heidelberg (2012); The full-version is available online at Cryptology ePrint Archive, 2012\/134"},{"key":"7_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-48910-X_1","volume-title":"Advances in Cryptology - EUROCRYPT \u201999","author":"D. Boneh","year":"1999","unstructured":"Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N\n                  0.292. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol.\u00a01592, pp. 1\u201311. Springer, Heidelberg (1999)"},{"key":"7_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/3-540-49649-1_3","volume-title":"Advances in Cryptology - ASIACRYPT\u201998","author":"D. Boneh","year":"1998","unstructured":"Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol.\u00a01514, pp. 25\u201334. Springer, Heidelberg (1998)"},{"key":"7_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-540-45146-4_2","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"J. Bl\u00f6mer","year":"2003","unstructured":"Bl\u00f6mer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 27\u201343. Springer, Heidelberg (2003)"},{"key":"7_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/11426639_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J. Bl\u00f6mer","year":"2005","unstructured":"Bl\u00f6mer, J., May, A.: A tool kit for finding small roots of bivariate polynomials over the integers. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 251\u2013267. Springer, Heidelberg (2005)"},{"key":"7_CR7","doi-asserted-by":"crossref","DOI":"10.1007\/978-0-387-35651-8","volume-title":"Ideals, varieties, and algorithms: An introduction to computational algebraic geometry and commutative algebra","author":"D. Cox","year":"2007","unstructured":"Cox, D., Little, J., O\u2019Shea, D.: Ideals, varieties, and algorithms: An introduction to computational algebraic geometry and commutative algebra. Springer, New York (2007)"},{"key":"7_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-11925-5_15","volume-title":"Topics in Cryptology - CT-RSA 2010","author":"J.-S. Coron","year":"2010","unstructured":"Coron, J.-S., Naccache, D., Tibouchi, M.: Fault Attacks Against emv Signatures. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol.\u00a05985, pp. 208\u2013220. Springer, Heidelberg (2010)"},{"key":"7_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1007\/3-540-68339-9_14","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"D. Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 155\u2013165. Springer, Heidelberg (1996)"},{"key":"7_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/3-540-68339-9_16","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"D. Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 178\u2013189. Springer, Heidelberg (1996)"},{"key":"7_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/11426639_22","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"M. Ernst","year":"2005","unstructured":"Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on RSA up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 371\u2013386. Springer, Heidelberg (2005)"},{"key":"7_CR12","unstructured":"GiNaC is Not a CAS, \n                    \n                      http:\/\/www.ginac.de\/"},{"key":"7_CR13","unstructured":"The GNU MP Bignum Library, \n                    \n                      http:\/\/gmplib.org\/"},{"key":"7_CR14","unstructured":"Healy, A.D.: Resultants, Resolvents and the Computation of Galois Groups, \n                    \n                      http:\/\/www.alexhealy.net\/papers\/math250a.pdf"},{"key":"7_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/978-3-642-21969-6_6","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2011","author":"M. Herrmann","year":"2011","unstructured":"Herrmann, M.: Improved cryptanalysis of the multi-prime \u03a6-hiding assumption. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol.\u00a06737, pp. 92\u201399. Springer, Heidelberg (2011)"},{"key":"7_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1007\/BFb0024458","volume-title":"Cryptography and Coding","author":"N. Howgrave-Graham","year":"1997","unstructured":"Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol.\u00a01355, pp. 131\u2013142. Springer, Heidelberg (1997)"},{"issue":"1","key":"7_CR17","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1515\/jmc.2010.003","volume":"4","author":"M.J. Hinek","year":"2010","unstructured":"Hinek, M.J., Lam, C.C.Y.: Common modulus attacks on small private exponent RSA and some fast variants (in practice). Journal of Mathematical Cryptology\u00a04(1), 58\u201393 (2010)","journal-title":"Journal of Mathematical Cryptology"},{"key":"7_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-642-10366-7_29","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M. Herrmann","year":"2009","unstructured":"Herrmann, M., May, A.: Attacking power generators using unravelled linearization: When do we output too much? In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol.\u00a05912, pp. 487\u2013504. Springer, Heidelberg (2009)"},{"key":"7_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/3-540-46701-7_14","volume-title":"Secure Networking - CQRE (Secure) \u201999","author":"N. Howgrave-Graham","year":"1999","unstructured":"Howgrave-Graham, N., Seifert, J.-P.: Extending Wiener\u2019s attack in the presence of many decrypting exponents. In: Baumgart, R. (ed.) CQRE 1999. LNCS, vol.\u00a01740, pp. 153\u2013166. Springer, Heidelberg (1999)"},{"key":"7_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/11935230_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"E. Jochemsz","year":"2006","unstructured":"Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol.\u00a04284, pp. 267\u2013282. Springer, Heidelberg (2006)"},{"key":"7_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/978-3-540-71677-8_27","volume-title":"Public Key Cryptography \u2013 PKC 2007","author":"N. Kunihiro","year":"2007","unstructured":"Kunihiro, N., Kurosawa, K.: Deterministic polynomial time equivalence between factoring and key-recovery attack on Takagi\u2019s RSA. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol.\u00a04450, pp. 412\u2013425. Springer, Heidelberg (2007)"},{"key":"7_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1007\/978-3-642-14081-5_16","volume-title":"Information Security and Privacy","author":"N. Kunihiro","year":"2010","unstructured":"Kunihiro, N.: Solving generalized small inverse problems. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol.\u00a06168, pp. 248\u2013263. Springer, Heidelberg (2010)"},{"key":"7_CR23","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/BF01457454","volume":"261","author":"A.K. Lenstra","year":"1982","unstructured":"Lenstra, A.K., Lenstra Jr., H.W., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Mathematische Annalen\u00a0261, 515\u2013534 (1982)","journal-title":"Mathematische Annalen"},{"issue":"4","key":"7_CR24","doi-asserted-by":"publisher","first-page":"609","DOI":"10.1007\/s11432-009-0014-z","volume":"52","author":"P. Luo","year":"2009","unstructured":"Luo, P., Zhou, H.-J., Wang, D.-S., Dai, Y.-Q.: Cryptanalysis of RSA for a special case with d\u2009>\u2009e. Science in China Series F: Information Sciences\u00a052(4), 609\u2013616 (2009)","journal-title":"Science in China Series F: Information Sciences"},{"key":"7_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/3-540-45708-9_16","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"A. May","year":"2002","unstructured":"May, A.: Cryptanalysis of unbalanced RSA with small CRT-exponent. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 242\u2013256. Springer, Heidelberg (2002)"},{"key":"7_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-540-78440-1_3","volume-title":"Public Key Cryptography \u2013 PKC 2008","author":"A. May","year":"2008","unstructured":"May, A., Ritzenhofen, M.: Solving systems of modular equations in one variable: How many RSA-encrypted messages does Eve need to know? In: Cramer, R. (ed.) PKC 2008. LNCS, vol.\u00a04939, pp. 37\u201346. Springer, Heidelberg (2008)"},{"key":"7_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/978-3-540-89754-5_26","volume-title":"Progress in Cryptology - INDOCRYPT 2008","author":"S. Maitra","year":"2008","unstructured":"Maitra, S., Sarkar, S.: A New Class of Weak Encryption Exponents in RSA. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol.\u00a05365, pp. 337\u2013349. Springer, Heidelberg (2008)"},{"key":"7_CR28","unstructured":"Shoup, V.: NTL: A Library for doing Number Theory, \n                    \n                      http:\/\/www.shoup.net\/ntl\/index.html"},{"key":"7_CR29","volume-title":"The LLL algorithm: Survey and applications","author":"P.Q. Nguyen","year":"2009","unstructured":"Nguyen, P.Q., Vall\u00e9e, B.: The LLL algorithm: Survey and applications. Springer, Berlin (2009)"},{"key":"7_CR30","unstructured":"Ritzenhofen, M.: On efficiently calculating small solutions of systems of polynomial equations: lattice-based methods and applications to cryptography, Ph.D. thesis, Ruhr University Bochum, \n                    \n                      http:\/\/www-brs.ub.ruhr-uni-bochum.de\/netahtml\/HSS\/Diss\/RitzenhofenMaike\/diss.pdf"},{"issue":"2","key":"7_CR31","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R.L. Rivest","year":"1978","unstructured":"Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptsystems. Communications of the ACM\u00a021(2), 120\u2013128 (1978)","journal-title":"Communications of the ACM"},{"key":"7_CR32","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1016\/j.ipl.2009.11.016","volume":"110","author":"S. Sarkar","year":"2010","unstructured":"Sarkar, S., Maitra, S.: Cryptanalysis of RSA with two decryption exponents. Information Processing Letter\u00a0110, 178\u2013181 (2010)","journal-title":"Information Processing Letter"},{"key":"7_CR33","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1016\/j.ipl.2010.02.016","volume":"110","author":"S. Sarkar","year":"2010","unstructured":"Sarkar, S., Maitra, S.: Cryptanalysis of RSA with more than one decryption exponent. Information Processing Letter\u00a0110, 336\u2013340 (2010)","journal-title":"Information Processing Letter"},{"issue":"3","key":"7_CR34","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1109\/18.54902","volume":"36","author":"M.J. Wiener","year":"1990","unstructured":"Wiener, M.J.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory\u00a036(3), 553\u2013558 (1990)","journal-title":"IEEE Transactions on Information Theory"}],"container-title":["Lecture Notes in Computer Science","Information Security and Privacy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39059-3_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,14]],"date-time":"2019-05-14T00:03:52Z","timestamp":1557792232000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-39059-3_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642390586","9783642390593"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39059-3_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}