2003年, Bl\"{o}mer和May在研究针对RSA密码的部分私钥泄露攻击的同时, 也研究了针对CRT-RSA的部 分私钥泄露攻击. 此后, 大量关于CRT-RSA部分私钥泄露攻击的研究是针对泄露的比特为MSBs (最高数位比特)或者LSBs (最低数位比特). 2014年, Sarkar与Venkateswarlu首次考虑了关于CRT-RSA部分私钥泄露攻击中未泄露比特块数超过1个的情况, 其格构造的方法借鉴了2008年Herrmann和May在解决线性模方程求小值解问题中的想法. 文章在Sarkar等研究基础上通过使用有益多项式及连续有益多项式的定义对构造的多项式集合进行筛选, 这种方法来源于Takayasu等对Herrmann和May求解模多项式小值解的改进工作. 因此所构造的格维数比Sarkar等构造的更低且缩短了LLL算法的运行时间, 改进了Sarkar等的结果.

In 2003, Bl\"{o}mer and May presented the partial key exposure attack on RSA, at the same time they also gave the partial key exposure attack on CRT-RSA. After that, a lot of papers about partial key exposure attacks on CRT-RSA have come into world. However, almost all of them are related to MSBs (Most Significant Bits) or LSBs (Least Significant Bits). In 2004, Sarkar and Venkateswarlu proposed an attack on RSA-CRT considering more than one unexposed blocks in the private key for the first time. And their method about structure of lattices referred to a paper which was proposed by Herrmann and May aiming to solve linear equations modulo divisors. Our result is based on Sarkar's situation for CRT-RSA. Our strategy for the lattice structure roots in Takayasu's paper concerning with solving linear equations modulo divisor, which is better than Herrmann and May's. This strategy select polynomials by defining which polynomials are helpful polynomials or consecutive helpful polynomials. Based on this strategy, we can improve Sarkar's result of attacks, and we can reduce the dimension of lattices and accelerate running time.