1 |
R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Communications of the ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.
DOI
|
2 |
RSA Laboratories, "PKCS #1 v2.2: RSA Cryptography Standard," Oct. 2012.
|
3 |
D. Coppersmith, "Small solutions to polynomial equations, and low exponent RSA vulnerabilities," Journal of Cryptology, vol. 10, no. 4, pp. 233-260, Sep. 1997.
DOI
|
4 |
D. Boneh, G. Durfee, and N. Howgrave-Graham, "Factoring for large r," Advances in Cryptology, CRYPTO '99, LNCS 1666, pp. 326-337, 1999.
|
5 |
N. Heninger and H. Shacham, "Reconstructing rsa private keys from random key bits," Advances in Cryptology, CRYPTO '09, LNCS 5677, pp. 1-17, 2009.
|
6 |
W. Henecka, A. May, and A. Meurer, "Correcting errors in RSA private keys," Advances in Cryptology, CRYPTO '10, LNCS 6223, pp. 351-369, 2010.
|
7 |
W. Hoeffding, "Probability inequalities for sums of bounded random variables," Journal of the American Statistical Association, vol. 58, no. 301, pp. 13-30, 1963.
DOI
|
8 |
National Institute of Standards and Technology, "Secure Hash Standard (SHS)," FIPS PUB 180-4, Mar. 2012.
|
9 |
NTL: A library for doing number theory, available at www.shoup.net/ntl
|