Abstract
At PKC 2010, Herrmann and May introduced a lattice-based method using unravelled linearization to achieve the theoretical bound [Formula: see text] for small RSA exponents. In this paper, we identify an error in their asymptotic analysis, revising the bound to d < N0.292256 , which is strictly lower than the Boneh-Durfee bound [Formula: see text] . This error persisted for over 15 years. We also refine the Herrmann-May lattice construction, achieving the Boneh-Durfee bound while significantly reducing the Herrmann-May lattice's dimension.