Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1070)


We present a method to solve integer polynomial equations in two variables, provided that the solution is suitably bounded. As an application, we show how to find the factors of N = PQ if we are given the high order ((1/4) log2 N) bits of P. This compares with Rivest and Shamir’s requirement of ((1/3) log2 N) bits.


Polynomial Equation Diagonal Entry Triangular Matrix Select Index Springer LNCS 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    D. Coppersmith, “Finding a Small Root of a Univariate Modular Equation,” Proceedings of Eurocrypt 96.Google Scholar
  2. 2.
    A. K. Lenstra, H. W. Lenstra and L. Lovasz, “Factoring Polynomials with Integer Coefficients,” Matematische Annalen 261 (1982), 513–534.MathSciNetGoogle Scholar
  3. 3.
    K. Manders and L. Adleman, “NP-complete decision problems for binary quadratics,” J. Comput. System Sci. 16, 168–184.Google Scholar
  4. 4.
    U. M. Maurer, “Factoring with an Oracle,” Advances in Cryptology — EUROCRYPT’92, Springer LNCS 658 (1993) 429–436.Google Scholar
  5. 5.
    R. L. Rivest and A. Shamir, “Efficient factoring based on partial information,” Advances in Cryptology — EUROCRYPT’85, Springer LNCS 219 (1986) 31–34.Google Scholar
  6. 6.
    B. Vallée, M. Girault and P. Toffin, “How to Guess ℓ-th Roots Modulo n by Reducing Lattice Bases,” Proceedings of AAECC 6, Springer LNCS 357 (1988) 427–442.Google Scholar
  7. 7.
    S. A. Vanstone and R. J. Zuccherato, “Short RSA Keys and Their Generation,” Journal of Cryptology 8 number 2 (Spring 1995) 101–114.zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  1. 1.T.J. Watson Research CenterIBM ResearchYorktown HeightsUSA

Personalised recommendations