DOI QR코드

DOI QR Code

On Recovering Erased RSA Private Key Bits

  • Baek, Yoo-Jin (Department of Information Security, Woosuk University)
  • 투고 : 2018.05.18
  • 심사 : 2018.06.01
  • 발행 : 2018.08.31

초록

While being believed that decrypting any RSA ciphertext is as hard as factorizing the RSA modulus, it was also shown that, if additional information is available, breaking the RSA cryptosystem may be much easier than factoring. For example, Coppersmith showed that, given the 1/2 fraction of the least or the most significant bits of one of two RSA primes, one can factorize the RSA modulus very efficiently, using the lattice-based technique. More recently, introducing the so called cold boot attack, Halderman et al. showed that one can recover cryptographic keys from a decayed DRAM image. And, following up this result, Heninger and Shacham presented a polynomial-time attack which, given 0.27-fraction of the RSA private key of the form (p, q, d, $d_p$, $d_q$), can recover the whole key, provided that the given bits are uniformly distributed. And, based on the work of Heninger and Shacham, this paper presents a different approach for recovering RSA private key bits from decayed key information, under the assumption that some random portion of the private key bits is known. More precisely, we present the algorithm of recovering RSA private key bits from erased key material and elaborate the formula of describing the number of partially-recovered RSA private key candidates in terms of the given erasure rate. Then, the result is justified by some extensive experiments.

키워드

참고문헌

  1. M. Albrecht and C. Cid, "Cold Boot Key Recovery by Solving Polynomial Systems with Noise," in Proc. ACNS 2011, pp. 57-72, June 7-10, 2011. DOI: http://dx.doi.org/10.1007/978-3-642-21554-4_4
  2. D. Coppersmith, “Small solutions to polynomial equations, and low exponent RSA vulnerabilities,” Journal of Cryptology, Vol. 10, No. 2, pp. 233-260, 1997. DOI: http://dx.doi.org/10.1007/s001459900030
  3. J.A. Halderman, S. Schoen, N. Heninger, W. Clarkson, W. Paul, J. Calandrino, A. Feldman, J. Appelbaum, and E. Felten, "Lest We Remember: Cold Boot Attacks on Encryption Keys," in Proc. of USENIX Security 2008, pp. 45-60, June 22-27, 2008. DOI: http://dx.doi.org/10.1145/1506409.1506429
  4. W. Henecka, A. May and A. Meurer, "Correcting Errors in RSA Private Keys," in Proc. CRYPTO '10, pp. 351-369, Aug. 15-19, 2010. DOI: http://dx.doi.org/10.1007/978-3-642-14623-7_19
  5. N. Heninger and H. Shacham, "Reconstructing rsa private keys from random key bits," in Proc. CRYPTO 2009, pp. 1-17, Aug. 16-20, 2009. DOI: http://dx.doi.org/10.1007/978-3-642-03356-8_1
  6. A.A. Kamal and A.M. Youssef, "Applications of SAT Solvers to AES key Recovery from Decayed Key Schedule Images," in Proc. SECURWARE 2010, Jul. 18-25, 2010. DOI: http://dx.doi.org/10.1109/SECURWARE.2010.42
  7. P. Kocher, J. Jaffe and B. Jun, "Differential power analysis," in Proc. CRYPTO '99, pp. 388-397, Aug. 15-19, 1999. DOI: http://dx.doi.org/10.1007/3-540-48405-1_25
  8. P. Kocher, "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems," in Proc. CRYPTO '96, pp. 104-113, Aug. 18-22, 1996. DOI: http://dx.doi.org/10.1007/3-540-68697-5_9
  9. A.J. Menezes, P.C. van Oorschot and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.
  10. K.G. Paterson, A. Polychroniadou, and D.L. Sibborn, "A Coding-Theoretic Approach to Recovering Noisy RSA Keys," in Proc. ASIACRYPT 2012, pp. 386-403, Dec. 2-6, 2012. DOI: http://dx.doi.org/10.1007/978-3-642-34961-4_24
  11. RSA Security INc., Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Standard, 2002.
  12. A. Tsow, "An Improved Recovery Algorithm for Decayed AES Key Schedule Images," in Proc. SAC 2009, pp. 215-230, Aug. 13-14, 2009. DOI: http://dx.doi.org/10.1007/978-3-642-05445-7_14
  13. J. Park and W. Choi, “Study on Structural and Systematic Security Threats of Vehicle Black Box as Embedded System,” International Journal of Advanced Culture Technology (IJACT), Vol. 9, No. 3, pp. 9-16, 2017.