1.

L. Babai, On Lovász lattice reduction and the nearest point problem, *Combinatorica*, Vol. 6 (1986) pp. 1–13.

2.

D. Boneh and G. Durfee, Cryptanalysis of RSA with private key of less than *N*0*.*292. Advances in Cryptology, EUROCRYPT' 99 (J. Stern, ed.), volume 1592, Lecture Notes in Computer Science, Springer-Verlag (1999) pp. 1–11.

3.

D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. Advances in Cryptology, CRYPTO' 96 (N. Koblitz, ed.), volume 1109, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 129–142.

4.

D. Coppersmith, Finding a small root of a bivariate integer equation; factoring with high bits known. Advances in Cryptology, EUROCRYPT' 96 (U. Maurer, ed.), volume 1070, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 178–189.

5.

D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, *J. of Cryptology*, Vol. 10 (1997) pp. 233–260.

6.

T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, *IEEE Trans. Inform. Theory*, Vol. 31 (1985) pp. 469–472.

7.

N. Howgrave-Graham, Finding small roots of univariate modular equations revisited, *Proc. of Cryptography and Coding* (Lect. Notes in Comp. Sci., Vol. 1355), Springer-Verlag (1997) pp. 131–142.

8.

N. Howgrave-Graham, *Computational mathematics inspired by RSA*, PhD. Thesis, University of Bath (1999).

9.

N. Howgrave-Graham and J-P. Seifert, Extending Wiener's attack in the presence of many decrypting exponents, *Secure Networking—CQRE [Secure]*' 99, (Lect. Notes in Comp. Sci., Vol. 1740), Springer-Verlag (1999) pp. 153–166.

10.

A. K. Lenstra, H. W. Lenstra and L. Lovász, Factoring polynomials with rational coefficients, *Math. Ann.*, Vol. 261 (1982) pp. 515–534.

11.

V. Shoup, NTL: A Library for doing Number Theory http://www.shoup.net/