Paper 2012/675

Minkowski sum based lattice construction for multivariate simultaneous Coppersmith's technique and applications to RSA

Yoshinori Aono


We investigate a lattice construction method for the Coppersmith technique for finding small solutions of a modular equation. We consider its variant for simultaneous equations and propose a method to construct a lattice by combining lattices for solving single equations. As applications, we consider a new RSA cryptanalyses. Our algorithm can factor an RSA modulus from $\ell \ge 2$ pairs of RSA public exponents with the common modulus corresponding to secret exponents smaller than $N^{(9\ell -5)/(12\ell + 4)}$, which improves on the previously best known result by Sarkar and Maitra. For partial key exposure situation, we also can factor the modulus if $\beta - \delta/2 + 1/4 < (3\ell-1)(3\ell + 1)$, where $\beta$ and $\delta$ are bit-lengths $/ \log N$ of the secret exponent and its exposed LSBs, respectively.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
RSACoppersmith techniquelattice based attacklattice construcitonsimutaneous equations
Contact author(s)
aono @ nict go jp
2013-03-04: last of 2 revisions
2012-11-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yoshinori Aono},
      title = {Minkowski sum based lattice construction for multivariate simultaneous Coppersmith's technique and applications to {RSA}},
      howpublished = {Cryptology ePrint Archive, Paper 2012/675},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.