D. Coppersmith, "Small solutions to polynomial equations and low exponent vulnerabilities ", Journal of Cryptology, Vol. 10(4), pp. 223--260, 1997. Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
A Survey on Passive Side-Channel Attacks and their.. - Oswald, Preneel (Correct)
....attacks. We also want to point out that not all bits of the private key have to be deduced by power analysis attacks in order to determine the whole private key. Several e#cient techniques are known to determine the private key if only a small fraction of it s bits are known (see [BDF98] Cop97] or [vOW99] 3.1.2 Attacks on Implementations of the Elliptic Curve Scalar Point Multiplication Regarding attacks on implementations of elliptic curve scalar point multiplications the following results have been published. Coron s article [Cor99] was the first article on power analysis attacks ....
D. Coppersmith. Small solutions to polynomial equations and low exponent rsa vulnerabilities. Jounal of Cryptology, (10):233--260, 1997. 8
A Pre-Computation Scheme for Speeding Up Public-Key Cryptosystems - Boyko (1998) (Correct)
....messages. Decryption times can be reduced by using small decryption exponents d, which should be chosen according to Wiener s recommendations [28] also discussed later) We also note that certain attacks on RSA exploit low exponents, and some future applications appear to require large exponents [3, 7]. We analyze the generation schemes using standard assumptions. 9 1.3 Lattice attacks on subset sum problems Subset sum constructions have been so successfully attacked by lattice reduction [16] based methods [5, 15, 8] that it is often considered risky to base cryptographic constructions on ....
D. Coppersmith. Small solutions to polynomial equations and low exponent RSA vulnerabilities. Journal of Cryptology, 10(4), 1997.
Anonymous Authentication of Membership in Dynamic Groups - Schechter, Parnell, Hartemink (1999) (7 citations) (Correct)
....x 2 M [ x = 2 M decode(e; s i ; P) x fe [i]g s i verify(e; s i ; P) isCommon e = encode(decode(e; s i ; P) P) When using VCS vectors, secrecy holds only if x is not revealed when encrypted multiple times with different public keys. This is not true of RSA with small exponents or Rabin [13, 14, 8]. For this reason, caution must be exercised when selecting a public key encryption technique. Commonality holds because any secret key corresponding to a key in P can be used to decode e to learn x. Decrypting e [i] with s i yields the same secret x for all i. Any member of P can use decode( ....
D. Coppersmith, "Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities," Journal of Cryptography, v. 10 n. 4, Autumn 1997, pp. 233260.
Speeding up Discrete Log and Factoring Based Schemes.. - Boyko, Peinado.. (1998) (19 citations) (Correct)
....messages. Decryption times can be reduced by using small decryption exponents d, which should be chosen according to Wiener s recommendations [29] also discussed later) We also note that certain attacks on RSA exploit low exponents, and some future applications appear to require large exponents [3, 7]. We analyze the generation schemes using standard assumptions. Lattice attacks on subset sum problems: Subset sum constructions have been so successfully attacked by lattice reduction [18] based methods [4, 17, 8] that it is often considered risky to base cryptographic constructions on them. Our ....
....a given message rather than random one. We analyze versions of the following scheme, in which f is an appropriately chosen function. The schemes defined in this section will use either f(x) x or consider f as a random oracle. Attacks on low exponent RSA due to Hastad and Coppersmith suggest (see [7]) that the RSA function should be applied to a suitably randomized version of the input (plaintext) rather than the input itself. Key generation: The public and private keys (e; d) as well as the modulus N are generated as in RSA. That is, a party generates two large random primes p; q, sets N ....
D. Coppersmith. Small solutions to polynomial equations and low exponent RSA vulnerabilities. Journal of Cryptology, 10(4), 1997.
Computing the RSA Secret Key is Deterministic Polynomial Time.. - May (2004) (2 citations) (Correct)
No context found.
D. Coppersmith, "Small solutions to polynomial equations and low exponent vulnerabilities ", Journal of Cryptology, Vol. 10(4), pp. 223--260, 1997.
New Partial Key Exposure Attacks on RSA - Blömer, May (2003) (2 citations) (Correct)
No context found.
D. Coppersmith, "Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities", Journal of Cryptology 10(4), 1997
CRYPTANALYSIS OF RSA WITH CONSTRAINED KEYS Abderrahmane Nitaj - Epartement De Math (2006) (Correct)
No context found.
D. Coppersmith, Small solutions to polynomial equations and low exponent vulnerabilities, Journal of Cryptology 10 (4) (1997), 223-260.
Deterministic Polynomial Time Equivalence of Computing the RSA.. - Coron, May (2004) (Correct)
No context found.
D. Coppersmith, "Small solutions to polynomial equations and low exponent vulnerabilities ", Journal of Cryptology, Vol. 10(4), pp. 223--260, 1997.
Deterministic Polynomial Time Equivalence of Computing the RSA.. - Coron, May (2004) (Correct)
No context found.
D. Coppersmith, "Small solutions to polynomial equations and low exponent vulnerabilities ", Journal of Cryptology, Vol. 10(4), pp. 223--260, 1997.
Reducing the Elliptic Curve Cryptosystem of Meyer-Müller to.. - Joye, Quisquater (1996) (Correct)
No context found.
D. Coppersmith: `Small solutions to polynomial equations, and low exponent RSA vulnerabilities', submitted to Journal of Cryptology.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC