A coding-theoretic approach to recovering noisy RSA keys

Authors:
Kenneth G. Paterson;Antigoni Polychroniadou;Dale L. Sibborn
Affiliations:
Information Security Group, Royal Holloway, University of London, UK;Information Security Group, Royal Holloway, University of London, UK;Information Security Group, Royal Holloway, University of London, UK
Venue:
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Year:
2012

Citing 9
Cited 0

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Algorithmic results in list decoding

Foundations and Trends® in Theoretical Computer Science
Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Lest we remember: cold boot attacks on encryption keys

SS'08 Proceedings of the 17th conference on Security symposium
Lest we remember: cold-boot attacks on encryption keys

Communications of the ACM - Security in the Browser
Reconstructing RSA Private Keys from Random Key Bits

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
When private keys are public: results from the 2008 Debian OpenSSL vulnerability

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Remote timing attacks are practical

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Correcting errors in RSA private keys

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Inspired by cold boot attacks, Heninger and Shacham (Crypto 2009) initiated the study of the problem of how to recover an RSA private key from a noisy version of that key. They gave an algorithm for the case where some bits of the private key are known with certainty. Their ideas were extended by Henecka, May and Meurer (Crypto 2010) to produce an algorithm that works when all the key bits are subject to error. In this paper, we bring a coding-theoretic viewpoint to bear on the problem of noisy RSA key recovery. This viewpoint allows us to cast the previous work as part of a more general framework. In turn, this enables us to explain why the previous algorithms do not solve the motivating cold boot problem, and to design a new algorithm that does (and more). In addition, we are able to use concepts and tools from coding theory --- channel capacity, list decoding algorithms, and random coding techniques --- to derive bounds on the performance of the previous and our new algorithm.