Skip to main content
Conference ProceedingsOPEN ACCESS

Finding a small root of a univariate modular equation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1996) 1070 155-165
DOI: 10.1007/3-540-68339-9_14
235Citations
Citations of this article
62Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We show how to solve a polynomial equation (mod N) of degree k in a single variable x, as long as there is a solution smaller than N 1/k . We give two applications to RSA encryption with exponent 3. First, knowledge of all the ciphertext and 2/3 of the plaintext bits for a single message reveals that message. Second, if messages are padded with truly random padding and then encrypted with an exponent 3, then two encryptions of the same message (with different padding) will reveal the message, as long as the padding is less than 1/9 of the length of N. With several encryptions, another technique can (heuristically) tolerate padding up to about 1/6 of the length of N.

Cite

CITATION STYLE

APA

Coppersmith, D. (1996). Finding a small root of a univariate modular equation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1070, pp. 155–165). Springer Verlag. https://doi.org/10.1007/3-540-68339-9_14

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free