A Coding-Theoretic Approach to Recovering Noisy RSA Keys

Paterson, Kenneth G.; Polychroniadou, Antigoni; Sibborn, Dale L.

doi:10.1007/978-3-642-34961-4_24

Cited by 36 publications

(39 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They also showed that the bound for the error probability is given by 0.084 if the associated secret key is (p, q). Paterson et al proposed an algorithm correcting error bits that occurs asymmetrically at Asiacrypt 2012 [10]. They adopted a coding theoretic approach for designing a new algorithm and analyzing its performance.…”

Section: Background and Motivationmentioning

confidence: 99%

“…The previous works [4,5,8,10] considered an erasure and/or error setting, where each bit of the secret key is either erased or flipped. Thus, the noisy version of the secret key is composed of discrete symbols, that is, {0, 1} and the erasure symbol "?".…”

Section: Motivation: Key-recovery From Noisy Analog Datamentioning

confidence: 99%

“…Paterson et al [10] concluded that it is an open problem to generalize their approach to the case where soft information (that is, analog data) about the secret bits is available. This is the problem we address in this paper.…”

Section: Motivation: Key-recovery From Noisy Analog Datamentioning

confidence: 99%

“…First, we modify the algorithm of Paterson et al [10] to adapt an analog data; while their algorithm takes a (noisy) binary bit sequence as input. For the modification, we introduce the concept of score; a node with a low score will be discarded, whereas a node with the highest score will be kept and generate a subtree of depth t with 2 t leaf nodes.…”

Section: Our Contributionsmentioning

confidence: 99%

“…This section presents an overview of the methods [4,5,10] using binary trees to recover the secret key of the RSA cryptosystem. We use similar notations to those in [4].…”

Section: Preliminariesmentioning

confidence: 99%

See 4 more Smart Citations

RSA Meets DPA: Recovering RSA Secret Keys from Noisy Analog Data

Kunihiro

Honda

2014

Advanced Information Systems Engineering

View full text Add to dashboard Cite

Abstract. We discuss how to recover RSA secret keys from noisy analog data obtained through physical attacks such as cold boot and side channel attacks. Many studies have focused on recovering correct secret keys from noisy binary data. Obtaining noisy binary keys typically involves first observing the analog data and then obtaining the binary data through quantization process that discards much information pertaining to the correct keys. In this paper, we propose two algorithms for recovering correct secret keys from noisy analog data, which are generalized variants of Paterson et al.'s algorithm. Our algorithms fully exploit the analog information. More precisely, consider observed data which follows the Gaussian distribution with mean (−1) b and variance σ 2 for a secret key bit b. We propose a polynomial time algorithm based on the maximum likelihood approach and show that it can recover secret keys if σ < 1.767. The first algorithm works only if the noise distribution is explicitly known. The second algorithm does not need to know the explicit form of the noise distribution. We implement the first algorithm and verify its effectiveness. This is the full version of [7].

show abstract

Section: Background and Motivationmentioning

confidence: 99%

Section: Motivation: Key-recovery From Noisy Analog Datamentioning

confidence: 99%

Section: Motivation: Key-recovery From Noisy Analog Datamentioning

confidence: 99%

Section: Our Contributionsmentioning

confidence: 99%

“…This section presents an overview of the methods [4,5,10] using binary trees to recover the secret key of the RSA cryptosystem. We use similar notations to those in [4].…”

Section: Preliminariesmentioning

confidence: 99%

See 3 more Smart Citations