Skip to main content

Finding Points on Elliptic Curves with Coppersmith’s Method

  • 242 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13706)


Several cryptosystems based on Elliptic Curve Cryptography such as ElGamal and KMOV process the message as a point \(M=(x_0,y_0)\) of an elliptic curve with an equation of the form \(y^2=x^3+ax+b\) over a finite field or a finite ring. In this paper, we present a method to find the small solutions of the former elliptic curve equation. Our method is based on Coppersmith’s technique and enables one to find the solutions \((x_0,y_0)\) when \(|x_0|^3|y_0|^2\) is smaller than the modulus.


  • Elliptic curve cryptography
  • Coppersmith’s method
  • Lattice basis reduction
  • Cryptanalysis

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. Ajtai, M.: The shortest vector problem in L\({}_{\text{2}}\) is NP-hard for randomized reductions (extended abstract). In: Vitter, J.S. (ed.) Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, Dallas, Texas, USA, 23–26 May 1998, pp. 10–19. ACM (1998)

    Google Scholar 

  2. Boudabra, M., Nitaj, A.: A new public key cryptosystem based on edwards curves. IACR Cryptology ePrint Archive, p. 1051 (2019)

    Google Scholar 

  3. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)

    CrossRef  MathSciNet  Google Scholar 

  4. Demytko, N.: A new elliptic curve based analogue of RSA. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 40–49. Springer, Heidelberg (1994).

    CrossRef  Google Scholar 

  5. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)

    CrossRef  MathSciNet  Google Scholar 

  6. Galindo, D., Molleví, S.M., Morillo, P., Villar, J.L.: An efficient semantically secure elliptic curve cryptosystem based on KMOV. IACR Cryptology ePrint Archive, p. 37 (2002)

    Google Scholar 

  7. El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

    CrossRef  MathSciNet  Google Scholar 

  8. Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997).

    CrossRef  Google Scholar 

  9. Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006).

    CrossRef  MATH  Google Scholar 

  10. Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)

    CrossRef  MathSciNet  Google Scholar 

  11. Koyama, K., Maurer, U.M., Okamoto, T., Vanstone, S.A.: New public-key schemes based on elliptic curves over the ring Z\(_{n}\). In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 252–266. Springer, Heidelberg (1992).

    CrossRef  Google Scholar 

  12. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982). Dec

    CrossRef  MathSciNet  Google Scholar 

  13. May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, University of Paderborn (2003)

    Google Scholar 

  14. Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986).

    CrossRef  Google Scholar 

  15. Nitaj, A., Fouotsa, E.: A new attack on RSA and demytko’s elliptic curve cryptosystem. IACR Cryptology ePrint Archive, p. 1050 (2019)

    Google Scholar 

  16. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    CrossRef  MathSciNet  Google Scholar 

  17. Stroeker, R.J., de Weger, B.M.M.: Solving elliptic diophantine equations: the general cubic case. Acta Arithmetica 87(4), 339–365 (1999)

    CrossRef  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Abderrahmane Nitaj .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dossou-Yovo, V., Nitaj, A., Togbé, A. (2022). Finding Points on Elliptic Curves with Coppersmith’s Method. In: Poulakis, D., Rahonis, G. (eds) Algebraic Informatics. CAI 2022. Lecture Notes in Computer Science, vol 13706. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-19684-3

  • Online ISBN: 978-3-031-19685-0

  • eBook Packages: Computer ScienceComputer Science (R0)