I already have lower bits of a factor of $N = pq$, and I try to use the following code to factorize $N$
PR.<x> = PolynomialRing(Zmod(n))
nbits = n.nbits()
f = 2^kbits*x + p0
f = f.monic()
roots = f.small_roots(X = 2 ** (nbits // 2 - kbits), beta = 0.3) ### Called it (@)
if roots:
x0 = roots[0]
p = gcd(2^kbits*x0 + p0, n)
print(p)
However it doesn't find any root. But I change (@) to
roots = f.small_roots(X = 2 ** 60, beta = 0.3) ### nbits // 2 - kbits = 165
Then it successfully find the small root of $f$. I read the document but still don't know why the original code doesn't work. Need help QAQ
