TY - GEN
T1 - Cold Boot Attacks on NTRU
AU - Paterson, Kenneth G.
AU - Villanueva-Polanco, Ricardo
PY - 2017
Y1 - 2017
N2 - Cold boot attacks target memory remanence effects in hardware to secret key material. Such attacks were first explored in the scientific literature by Halderman et al. (USENIX Security Symposium 2008) and, since then, different attacks have been developed against a range of asymmetric key and symmetric key algorithms. Such attacks in general receive as input a noisy version of the secret key as stored in memory, and use redundancy in the key (and possibly knowledge of a public key) to recover the secret key. The challenge is to recover the key as efficiently as possible in the face of increasing levels of noise. For the first time, we explore the vulnerability of lattice-based cryptosystems to this form of analysis, focussing in particular on NTRU, a well-established and at- tractive public-key encryption scheme that seems likely to be a strong candidate for standardisation in NIST’s post-quantum process. We look at two distinct NTRU implementations, showing how the attacks that can be developed depend critically on the in-memory representation of the secret key. We develop, efficient, dedicated key-recovery algorithms for the two implementations and provide the results of an empirical eval- uation of our algorithms.
AB - Cold boot attacks target memory remanence effects in hardware to secret key material. Such attacks were first explored in the scientific literature by Halderman et al. (USENIX Security Symposium 2008) and, since then, different attacks have been developed against a range of asymmetric key and symmetric key algorithms. Such attacks in general receive as input a noisy version of the secret key as stored in memory, and use redundancy in the key (and possibly knowledge of a public key) to recover the secret key. The challenge is to recover the key as efficiently as possible in the face of increasing levels of noise. For the first time, we explore the vulnerability of lattice-based cryptosystems to this form of analysis, focussing in particular on NTRU, a well-established and at- tractive public-key encryption scheme that seems likely to be a strong candidate for standardisation in NIST’s post-quantum process. We look at two distinct NTRU implementations, showing how the attacks that can be developed depend critically on the in-memory representation of the secret key. We develop, efficient, dedicated key-recovery algorithms for the two implementations and provide the results of an empirical eval- uation of our algorithms.
KW - Cold boot attacks
KW - Key enumeration
KW - NTRU
U2 - 10.1007/978-3-319-71667-1_6
DO - 10.1007/978-3-319-71667-1_6
M3 - Conference contribution
AN - SCOPUS:85037820823
SN - 978-3-319-71666-4
VL - 10698 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 107
EP - 125
BT - Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings
PB - Springer-Verlag
T2 - 18th International Conference on Cryptology in India, INDOCRYPT 2017
Y2 - 10 December 2017 through 13 December 2017
ER -