{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T03:03:36Z","timestamp":1783393416965,"version":"3.54.6"},"publisher-location":"Berlin, Heidelberg","reference-count":24,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642420443","type":"print"},{"value":"9783642420450","type":"electronic"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-42045-0_18","type":"book-chapter","created":{"date-parts":[[2013,11,23]],"date-time":"2013-11-23T08:53:33Z","timestamp":1385196813000},"page":"341-360","source":"Crossref","is-referenced-by-count":64,"title":["Factoring RSA Keys from Certified Smart Cards: Coppersmith in the Wild"],"prefix":"10.1007","author":[{"given":"Daniel J.","family":"Bernstein","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yun-An","family":"Chang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chen-Mou","family":"Cheng","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Li-Ping","family":"Chou","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Nadia","family":"Heninger","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tanja","family":"Lange","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Nicko","family":"van Someren","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"18_CR1","unstructured":"ANSI. ANSI X9.31:1998: Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA). American National Standards Institute (1998)"},{"key":"18_CR2","unstructured":"Bernstein, D.J.: How to find the smooth parts of integers (May 2004), \n                    \n                      http:\/\/cr.yp.to\/papers.html#smoothparts"},{"key":"18_CR3","doi-asserted-by":"crossref","unstructured":"Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than n\n                           0.292. In: Stern, J. (ed.) EUROCRYPT. LNCS, vol.\u00a01592, pp. 1\u201311. Springer (1999)","DOI":"10.1007\/3-540-48910-X_1"},{"key":"18_CR4","unstructured":"Cad\u00e9, D., Pujol, X., Stehl\u00e9, D.: fpLLL (2013), \n                    \n                      http:\/\/perso.ens-lyon.fr\/damien.stehle\/fplll\/"},{"key":"18_CR5","unstructured":"Ltd. Chunghwa Telecom\u00a0Co. Hicos pki smart card security policy (2006), \n                    \n                      http:\/\/www.cryptsoft.com\/fips140\/vendors\/140sp614.pdf"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT. LNCS, vol.\u00a01070, pp. 178\u2013189. Springer (1996)","DOI":"10.1007\/3-540-68339-9_16"},{"issue":"4","key":"18_CR7","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D. Coppersmith","year":"1997","unstructured":"Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology\u00a010(4), 233\u2013260 (1997)","journal-title":"J. Cryptology"},{"key":"18_CR8","unstructured":"Decker, W., Greuel, G.-M., Pfister, G., Sch\u00f6nemann, H.: Singular 3-1-6 \u2014 A computer algebra system for polynomial computations (2012), \n                    \n                      http:\/\/www.singular.uni-kl.de"},{"key":"18_CR9","doi-asserted-by":"crossref","unstructured":"Faug\u00e8re, J.-C., Marinier, R., Renault, G.: Implicit factoring with shared most significant and middle bits. In: Nguyen, P.Q., Pointcheval, D. (eds.) Public Key Cryptography. LNCS, vol.\u00a06056, pp. 70\u201387. Springer (2010)","DOI":"10.1007\/978-3-642-13013-7_5"},{"key":"18_CR10","unstructured":"Bundesamt f\u00fcr Sicherheit in\u00a0der Informationstechnik. Certification report BSI-DSZ-CC-0212-2004 for Renesas AE45C1 (HD65145C1) smartcard integrated circuit version 01 (2004), \n                    \n                      https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Zertifizierung\/Reporte02\/0212a_pdf.pdf?__blob=publicationFile"},{"key":"18_CR11","unstructured":"Bundesamt f\u00fcr Sicherheit in\u00a0der Informationstechnik. Evaluation of random number generators (2013), \n                    \n                      https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Zertifierung\/Interpretation\/Evaluation_of_random_number_generators.pdf?__blob=publicationFile\n                    \n                    \n                   and \n                    \n                      https:\/\/www.bsi.bund.de\/DE\/Themen\/ZertifizierungundAnerkennung\/ZertifizierungnachCCundITSEC\/AnwendungshinweiseundInterpretationen\/AISCC\/ais_cc.html"},{"key":"18_CR12","doi-asserted-by":"crossref","unstructured":"Granville, A.: Harald Cram\u00e9r and the distribution of prime numbers. Scand. Actuarial J. 1995(1), 12\u201328 (1995)","DOI":"10.1080\/03461238.1995.10413946"},{"key":"18_CR13","unstructured":"Heninger, N., Durumeric, Z., Wustrow, E., Alex Halderman, J.: Mining your Ps and Qs: Detection of widespread weak keys in network devices. In: Proceedings of the 21st USENIX Security Symposium (August 2012)"},{"key":"18_CR14","doi-asserted-by":"crossref","unstructured":"Heninger, N., Shacham, H.: Reconstructing rsa private keys from random key bits. In: Halevi, S. (ed.) CRYPTO. LNCS, vol.\u00a05677, pp. 1\u201317. Springer (2009)","DOI":"10.1007\/978-3-642-03356-8_1"},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Herrmann, M., May, A.: Solving linear equations modulo divisors: On factoring given any bits. In: Pieprzyk, J. (ed.) ASIACRYPT. LNCS, vol.\u00a05350, pp. 406\u2013424. Springer (2008)","DOI":"10.1007\/978-3-540-89255-7_25"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Howgrave-Graham, N.: Approximate integer common divisors. In: Silverman, J.H. (ed.) CaLC. LNCS, vol.\u00a02146, pp. 51\u201366. Springer (2001)","DOI":"10.1007\/3-540-44670-2_6"},{"key":"18_CR17","doi-asserted-by":"crossref","unstructured":"Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Public keys. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO. LNCS, vol.\u00a07417, pp. 626\u2013642. Springer (2012)","DOI":"10.1007\/978-3-642-32009-5_37"},{"key":"18_CR18","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/BF01457454","volume":"261","author":"A.K. Lenstra","year":"1982","unstructured":"Lenstra, A.K., Lenstra Jr., H.W., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Math. Ann.\u00a0261, 515\u2013534 (1982)","journal-title":"Math. Ann."},{"key":"18_CR19","doi-asserted-by":"crossref","unstructured":"May, A., Ritzenhofen, M.: Implicit factoring: On polynomial time factoring given only an implicit hint. In: Jarecki, S., Tsudik, G. (eds.) Public Key Cryptography. LNCS, vol.\u00a05443, pp. 1\u201314. Springer (2009)","DOI":"10.1007\/978-3-642-00468-1_1"},{"key":"18_CR20","unstructured":"MOICA. Safety questions (2013), \n                    \n                      http:\/\/moica.nat.gov.tw\/html\/en_T2\/faq22-066-090.htm"},{"key":"18_CR21","unstructured":"National Institute of Standards and Technology (NIST). Security requirements for cryptographic modules. Federal Information Processing Standards Publication (FIPS PUB) 140-2 (May 2001), \n                    \n                      http:\/\/csrc.nist.gov\/publications\/fips\/fips140-2\/fips1402.pdf\n                    \n                    \n                   (updated December 03, 2012), See \n                    \n                      http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-29\/sp800-29.pdf\n                    \n                    \n                   for differences between this and FIPS-140-1"},{"key":"18_CR22","unstructured":"National Institute of Standards and Technology (NIST). Recommendation for random number generation using deterministic random bit generators. NIST Special Publication (NIST SP) 800-90A (January 2012)"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Paterson, K.G., Polychroniadou, A., Sibborn, D.L.: A coding-theoretic approach to recovering noisy RSA keys. In: Wang, X., Sako, K. (eds.) ASIACRYPT. LNCS, vol.\u00a07658, pp. 386\u2013403. Springer (2012)","DOI":"10.1007\/978-3-642-34961-4_24"},{"key":"18_CR24","unstructured":"Stein, W.A., et al.: Sage Mathematics Software (Version 5.8). The Sage Development Team (2013), \n                    \n                      http:\/\/www.sagemath.org"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology - ASIACRYPT 2013"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-42045-0_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,24]],"date-time":"2019-05-24T18:26:59Z","timestamp":1558722419000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-42045-0_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642420443","9783642420450"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-42045-0_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}