Cold Boot Attacks on NTRU

Kenneth G. Paterson, Ricardo Villanueva-Polanco

Research output: Chapter in Book/Report/Conference proceedingConference contribution

235 Downloads (Pure)


Cold boot attacks target memory remanence effects in hardware to secret key material. Such attacks were first explored in the scientific literature by Halderman et al. (USENIX Security Symposium 2008) and, since then, different attacks have been developed against a range of asymmetric key and symmetric key algorithms. Such attacks in general receive as input a noisy version of the secret key as stored in memory, and use redundancy in the key (and possibly knowledge of a public key) to recover the secret key. The challenge is to recover the key as efficiently as possible in the face of increasing levels of noise. For the first time, we explore the vulnerability of lattice-based cryptosystems to this form of analysis, focussing in particular on NTRU, a well-established and at- tractive public-key encryption scheme that seems likely to be a strong candidate for standardisation in NIST’s post-quantum process. We look at two distinct NTRU implementations, showing how the attacks that can be developed depend critically on the in-memory representation of the secret key. We develop, efficient, dedicated key-recovery algorithms for the two implementations and provide the results of an empirical eval- uation of our algorithms.
Original languageEnglish
Title of host publicationProgress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings
Number of pages19
Volume10698 LNCS
ISBN (Electronic)978-3-319-71667-1
ISBN (Print)978-3-319-71666-4
Publication statusPublished - 2017
Event18th International Conference on Cryptology in India, INDOCRYPT 2017 - Chennai, India
Duration: 10 Dec 201713 Dec 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10698 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349


Conference18th International Conference on Cryptology in India, INDOCRYPT 2017


  • Cold boot attacks
  • Key enumeration
  • NTRU

Cite this