Abstract
Cold boot attacks target memory remanence effects in hardware to secret key material. Such attacks were first explored in the scientific literature by Halderman et al. (USENIX Security Symposium 2008) and, since then, different attacks have been developed against a range of asymmetric key and symmetric key algorithms. Such attacks in general receive as input a noisy version of the secret key as stored in memory, and use redundancy in the key (and possibly knowledge of a public key) to recover the secret key. The challenge is to recover the key as efficiently as possible in the face of increasing levels of noise. For the first time, we explore the vulnerability of lattice-based cryptosystems to this form of analysis, focussing in particular on NTRU, a well-established and attractive public-key encryption scheme that seems likely to be a strong candidate for standardisation in NIST’s post-quantum process. We look at two distinct NTRU implementations, showing how the attacks that can be developed depend critically on the in-memory representation of the secret key. We develop, efficient, dedicated key-recovery algorithms for the two implementations and provide the results of an empirical evaluation of our algorithms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See http://csrc.nist.gov/groups/ST/post-quantum-crypto/ for details of the NIST process.
- 2.
See https://github.com/NTRUOpenSourceProject/ntru-crypto for the code and https://www.onboardsecurity.com/products/ntru-crypto/ntru-resources for a list of useful resources related to NTRU.
- 3.
- 4.
- 5.
See for example https://en.wikipedia.org/wiki/Maximum_likelihood_estimation.
- 6.
- 7.
References
Albrecht, M., Cid, C.: Cold boot key recovery by solving polynomial systems with noise. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 57–72. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21554-4_4
Albrecht, M.R., Orsini, E., Paterson, K.G., Peer, G., Smart, N.P.: Tightly secure ring-LWE based key encapsulation with short ciphertexts. Cryptology ePrint Archive, Report 2017/354 (2017). http://eprint.iacr.org/2017/354
Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU prime. Cryptology ePrint Archive, Report 2016/461 (2016). http://eprint.iacr.org/2016/461
Bogdanov, A., Kizhvatov, I., Manzoor, K., Tischhauser, E., Witteman, M.: Fast and memory-efficient key recovery in side-channel attacks. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 310–327. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_19
Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J.M., Schwabe, P., Stehlé, D.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017/634 (2017). http://eprint.iacr.org/2017/634
David, L., Wool, A.: A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 311–327. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52153-4_18
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryption keys. In: van Oorschot, P.C. (ed.) Proceedings of the 17th USENIX Security Symposium, San Jose, CA, USA, 28 July–1 August 2008, pp. 45–60. USENIX Association (2008)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)
Henecka, W., May, A., Meurer, A.: Correcting errors in RSA private keys. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 351–369. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_19
Heninger, N., Shacham, H.: Reconstructing RSA private keys from random key bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 1–17. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_1
Hoffstein, J., Howgrave-Graham, N., Pipher, J., Whyte, W.: Practical lattice-based cryptography: NTRUEncrypt and NTRUSign. In: Nguyen, P.Q., Vallée, B. (eds.) The LLL Algorithm - Survey and Applications. Information Security and Cryptography, pp. 349–390. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-02295-1_11
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
Huang, Z., Lin, D.: A new method for solving polynomial systems with noise over \(\mathbb{F}_2\) and its applications in cold boot key recovery. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 16–33. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_2
Kamal, A.A., Youssef, A.M.: Applications of SAT solvers to AES key recovery from decayed key schedule images. In: Savola, R., Takesue, M., Falk, R., Popescu, M. (eds.) Fourth International Conference on Emerging Security Information Systems and Technologies, SECURWARE 2010, Venice, Italy, 18–25 July 2010, pp. 216–220. IEEE Computer Society (2010)
Lee, H.T., Kim, H.T., Baek, Y.-J., Cheon, J.H.: Correcting errors in private keys obtained from cold boot attacks. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 74–87. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31912-9_6
Martin, D.P., Mather, L., Oswald, E., Stam, M.: Characterisation and estimation of the key rank distribution in the context of side channel evaluations. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 548–572. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_20
Martin, D.P., O’Connell, J.F., Oswald, E., Stam, M.: Counting keys in parallel after a side channel attack. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part II. LNCS, vol. 9453, pp. 313–337. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_13
Paterson, K.G., Polychroniadou, A., Sibborn, D.L.: A coding-theoretic approach to recovering noisy RSA keys. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 386–403. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_24
Poettering, B., Sibborn, D.L.: Cold boot attacks in the discrete logarithm setting. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 449–465. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_24
Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_25
Acknowledgements
The research of Villanueva-Polanco was supported by Colciencias.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Paterson, K.G., Villanueva-Polanco, R. (2017). Cold Boot Attacks on NTRU. In: Patra, A., Smart, N. (eds) Progress in Cryptology – INDOCRYPT 2017. INDOCRYPT 2017. Lecture Notes in Computer Science(), vol 10698. Springer, Cham. https://doi.org/10.1007/978-3-319-71667-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-71667-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71666-4
Online ISBN: 978-3-319-71667-1
eBook Packages: Computer ScienceComputer Science (R0)