BBCR4 on Crypto-wars today at 13:30

Alan Braggins alan.braggins at
Tue Mar 25 11:59:07 GMT 2014

On 25/03/14 03:41, Peter Fairbrother wrote:
> I just read of an idea, I don't know who by, about making RSA keys
> shorter - choose the first prime at random, then choose the second prime
> so that the first 2n/3 bits of n are some fixed, shared value. says "Bernstein reports
an unpublished result by Coppersmith for specifying  up to 2n/3 bits
using lattice reduction" (with references to slides for a couple of
talks by Bernstein). says "Coppersmith 2003"
for the lattice reduction, but doesn't seem to list that in the
references. explains the actual
method, on a slide titled "Primes in lattices".

For n/2, Joye says "presented at ASIACRYPT '98 by Lenstra",
and "reinvented many times".
Bernstein just says "widely known" for n/2.

More information about the ukcrypto mailing list