Finding Small Solutions to Small Degree Polynomials
This talk is a brief survey of recent results and ideas concerning the problem of finding a small root of a univariate polynomial mod N, and the companion problem of finding a small solution to a bivariate equation over ℤ. We start with the lattice-based approach from [2,3], and speculate on directions for improvement.
KeywordsModular polynomials lattice reduction
Unable to display preview. Download preview PDF.
- 1.Dan Boneh, personal communication.Google Scholar
- 2.D. Coppersmith, Finding a small root of a univariate modular equation. Advances in Cryptology-EUROCRYPT’96, LNCS 1070, Springer, 1996, 155–165.Google Scholar
- 3.D. Coppersmith, Finding a small root of a bivariate integer equation; factoring with high bits known, Advances in Cryptology-EUROCRYPT’96, LNCS 1070, Springer, 1996, 178–189.Google Scholar
- 5.D. Coppersmith, N.A. Howgrave-Graham, S.V. Nagaraj, Divisors in Residue classes—Constructively. Manuscript.Google Scholar
- 6.N. Elkies, Rational points near curves and small nonzero |x 3-y2| via lattice reduction, ANTS-4, LNCS vol 1838 (2000) Springer Verlag, 33–63.Google Scholar
- 7.J. Håstad, On using RSA with low exponent in a public key network, Advances in Cryptology-CRYPTO’85, LNCS 218, Springer-Verlag, 1986, 403–408.Google Scholar
- 9.N.A. Howgrave-Graham, personal communication, 1997.Google Scholar
- 10.N.A. Howgrave-Graham, Approximate Integer Common Divisors, This volume, pp. 51–66.Google Scholar
- 15.H.W. Lenstra, personal communication.Google Scholar
- 17.Phong Nguyen, personal communication.Google Scholar
- 18.T.J. Rivlin, Chebyshev Polynomials, From Approximation Theory to Algebra and Number Theory, Wiley (1990).Google Scholar