L. Babai, On Lovász lattice reduction and the nearest point problem, Combinatorica, Vol. 6 (1986) pp. 1–13.
D. Boneh and G. Durfee, Cryptanalysis of RSA with private key of less than N0.292. Advances in Cryptology, EUROCRYPT' 99 (J. Stern, ed.), volume 1592, Lecture Notes in Computer Science, Springer-Verlag (1999) pp. 1–11.
D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. Advances in Cryptology, CRYPTO' 96 (N. Koblitz, ed.), volume 1109, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 129–142.
D. Coppersmith, Finding a small root of a bivariate integer equation; factoring with high bits known. Advances in Cryptology, EUROCRYPT' 96 (U. Maurer, ed.), volume 1070, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 178–189.
D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, J. of Cryptology, Vol. 10 (1997) pp. 233–260.
T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, Vol. 31 (1985) pp. 469–472.
N. Howgrave-Graham, Finding small roots of univariate modular equations revisited, Proc. of Cryptography and Coding (Lect. Notes in Comp. Sci., Vol. 1355), Springer-Verlag (1997) pp. 131–142.
N. Howgrave-Graham, Computational mathematics inspired by RSA, PhD. Thesis, University of Bath (1999).
N. Howgrave-Graham and J-P. Seifert, Extending Wiener's attack in the presence of many decrypting exponents, Secure Networking—CQRE [Secure]' 99, (Lect. Notes in Comp. Sci., Vol. 1740), Springer-Verlag (1999) pp. 153–166.
A. K. Lenstra, H. W. Lenstra and L. Lovász, Factoring polynomials with rational coefficients, Math. Ann., Vol. 261 (1982) pp. 515–534.
V. Shoup, NTL: A Library for doing Number Theory http://www.shoup.net/