Reconstructing rsa private keys from random key bits (2009)

by N Heninger, H Shacham
Venue:In CRYPTO