Abstract
In 1997, Coppersmith proved a famous theorem for finding small roots of bivariate polynomials over ℤ, with important applications to cryptography.
While it seems to have been overlooked until now, we found the proof of the most commonly cited version of this theorem to be incomplete. Filling in the gap requires technical manipulations which we carry out in this paper.
Article PDF
Similar content being viewed by others
References
D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)
J.-S. Coron, Finding small roots of bivariate integer polynomial equations revisited, in Proceedings of Eurocrypt 2004. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 492–505
J.-S. Coron, Finding small roots of bivariate integer polynomial equations: a direct approach, in Proceedings of CRYPTO 2007. LNCS, vol. 4622 (Springer, Berlin, 2007), pp. 379–394
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Dan Boneh.
Rights and permissions
About this article
Cite this article
Coron, JS., Kirichenko, A. & Tibouchi, M. A Note on the Bivariate Coppersmith Theorem. J Cryptol 26, 246–250 (2013). https://doi.org/10.1007/s00145-012-9121-x
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-012-9121-x