Advertisement

Journal of Cryptology

, Volume 26, Issue 2, pp 246–250 | Cite as

A Note on the Bivariate Coppersmith Theorem

  • Jean-Sébastien CoronEmail author
  • Alexey Kirichenko
  • Mehdi Tibouchi
Article
  • 436 Downloads

Abstract

In 1997, Coppersmith proved a famous theorem for finding small roots of bivariate polynomials over ℤ, with important applications to cryptography.

While it seems to have been overlooked until now, we found the proof of the most commonly cited version of this theorem to be incomplete. Filling in the gap requires technical manipulations which we carry out in this paper.

Key words

Coppersmith’s theorem Bivariate polynomials Small roots 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997) MathSciNetzbMATHCrossRefGoogle Scholar
  2. [2]
    J.-S. Coron, Finding small roots of bivariate integer polynomial equations revisited, in Proceedings of Eurocrypt 2004. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 492–505 CrossRefGoogle Scholar
  3. [3]
    J.-S. Coron, Finding small roots of bivariate integer polynomial equations: a direct approach, in Proceedings of CRYPTO 2007. LNCS, vol. 4622 (Springer, Berlin, 2007), pp. 379–394 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
    Email author
  • Alexey Kirichenko
    • 2
  • Mehdi Tibouchi
    • 3
  1. 1.Université du LuxembourgLuxembourgLuxembourg
  2. 2.F-Secure CorporationHelsinkiFinland
  3. 3.NTT Information Sharing Platform LaboratoriesMusashino-shi, TokyoJapan

Personalised recommendations