Cold Boot Attacks on NTRU

Kenneth G. Paterson; Ricardo Villanueva-Polanco

doi:10.1007/978-3-319-71667-1_6

Cold Boot Attacks on NTRU

Kenneth G. Paterson, Ricardo Villanueva-Polanco

Department of Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

229 Downloads (Pure)

Abstract

Cold boot attacks target memory remanence effects in hardware to secret key material. Such attacks were first explored in the scientific literature by Halderman et al. (USENIX Security Symposium 2008) and, since then, different attacks have been developed against a range of asymmetric key and symmetric key algorithms. Such attacks in general receive as input a noisy version of the secret key as stored in memory, and use redundancy in the key (and possibly knowledge of a public key) to recover the secret key. The challenge is to recover the key as efficiently as possible in the face of increasing levels of noise. For the first time, we explore the vulnerability of lattice-based cryptosystems to this form of analysis, focussing in particular on NTRU, a well-established and at- tractive public-key encryption scheme that seems likely to be a strong candidate for standardisation in NIST’s post-quantum process. We look at two distinct NTRU implementations, showing how the attacks that can be developed depend critically on the in-memory representation of the secret key. We develop, efficient, dedicated key-recovery algorithms for the two implementations and provide the results of an empirical eval- uation of our algorithms.

Original language	English
Title of host publication	Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings
Publisher	Springer-Verlag
Pages	107-125
Number of pages	19
Volume	10698 LNCS
ISBN (Electronic)	978-3-319-71667-1
ISBN (Print)	978-3-319-71666-4
DOIs	https://doi.org/10.1007/978-3-319-71667-1_6
Publication status	Published - 2017
Event	18th International Conference on Cryptology in India, INDOCRYPT 2017 - Chennai, India Duration: 10 Dec 2017 → 13 Dec 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10698 LNCS
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Conference

Conference	18th International Conference on Cryptology in India, INDOCRYPT 2017
Country/Territory	India
City	Chennai
Period	10/12/17 → 13/12/17

Keywords

Cold boot attacks
Key enumeration
NTRU

Access to Document

10.1007/978-3-319-71667-1_6

Accepted ManuscriptAccepted author manuscript, 396 KB

Cite this

Paterson, K. G., & Villanueva-Polanco, R. (2017). Cold Boot Attacks on NTRU. In Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings (Vol. 10698 LNCS, pp. 107-125). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10698 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-71667-1_6

Paterson, Kenneth G. ; Villanueva-Polanco, Ricardo. / Cold Boot Attacks on NTRU. Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings. Vol. 10698 LNCS Springer-Verlag, 2017. pp. 107-125 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{734949c297d74967b0f6019bcb726e36,

title = "Cold Boot Attacks on NTRU",

abstract = "Cold boot attacks target memory remanence effects in hardware to secret key material. Such attacks were first explored in the scientific literature by Halderman et al. (USENIX Security Symposium 2008) and, since then, different attacks have been developed against a range of asymmetric key and symmetric key algorithms. Such attacks in general receive as input a noisy version of the secret key as stored in memory, and use redundancy in the key (and possibly knowledge of a public key) to recover the secret key. The challenge is to recover the key as efficiently as possible in the face of increasing levels of noise. For the first time, we explore the vulnerability of lattice-based cryptosystems to this form of analysis, focussing in particular on NTRU, a well-established and at- tractive public-key encryption scheme that seems likely to be a strong candidate for standardisation in NIST{\textquoteright}s post-quantum process. We look at two distinct NTRU implementations, showing how the attacks that can be developed depend critically on the in-memory representation of the secret key. We develop, efficient, dedicated key-recovery algorithms for the two implementations and provide the results of an empirical eval- uation of our algorithms.",

keywords = "Cold boot attacks, Key enumeration, NTRU",

author = "Paterson, {Kenneth G.} and Ricardo Villanueva-Polanco",

year = "2017",

doi = "10.1007/978-3-319-71667-1_6",

language = "English",

isbn = "978-3-319-71666-4",

volume = "10698 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer-Verlag",

pages = "107--125",

booktitle = "Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings",

note = "18th International Conference on Cryptology in India, INDOCRYPT 2017 ; Conference date: 10-12-2017 Through 13-12-2017",

}

Paterson, KG & Villanueva-Polanco, R 2017, Cold Boot Attacks on NTRU. in Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings. vol. 10698 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10698 LNCS, Springer-Verlag, pp. 107-125, 18th International Conference on Cryptology in India, INDOCRYPT 2017, Chennai, India, 10/12/17. https://doi.org/10.1007/978-3-319-71667-1_6

Cold Boot Attacks on NTRU. / Paterson, Kenneth G.; Villanueva-Polanco, Ricardo.
Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings. Vol. 10698 LNCS Springer-Verlag, 2017. p. 107-125 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10698 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Cold Boot Attacks on NTRU

AU - Paterson, Kenneth G.

AU - Villanueva-Polanco, Ricardo

PY - 2017

Y1 - 2017

N2 - Cold boot attacks target memory remanence effects in hardware to secret key material. Such attacks were first explored in the scientific literature by Halderman et al. (USENIX Security Symposium 2008) and, since then, different attacks have been developed against a range of asymmetric key and symmetric key algorithms. Such attacks in general receive as input a noisy version of the secret key as stored in memory, and use redundancy in the key (and possibly knowledge of a public key) to recover the secret key. The challenge is to recover the key as efficiently as possible in the face of increasing levels of noise. For the first time, we explore the vulnerability of lattice-based cryptosystems to this form of analysis, focussing in particular on NTRU, a well-established and at- tractive public-key encryption scheme that seems likely to be a strong candidate for standardisation in NIST’s post-quantum process. We look at two distinct NTRU implementations, showing how the attacks that can be developed depend critically on the in-memory representation of the secret key. We develop, efficient, dedicated key-recovery algorithms for the two implementations and provide the results of an empirical eval- uation of our algorithms.

AB - Cold boot attacks target memory remanence effects in hardware to secret key material. Such attacks were first explored in the scientific literature by Halderman et al. (USENIX Security Symposium 2008) and, since then, different attacks have been developed against a range of asymmetric key and symmetric key algorithms. Such attacks in general receive as input a noisy version of the secret key as stored in memory, and use redundancy in the key (and possibly knowledge of a public key) to recover the secret key. The challenge is to recover the key as efficiently as possible in the face of increasing levels of noise. For the first time, we explore the vulnerability of lattice-based cryptosystems to this form of analysis, focussing in particular on NTRU, a well-established and at- tractive public-key encryption scheme that seems likely to be a strong candidate for standardisation in NIST’s post-quantum process. We look at two distinct NTRU implementations, showing how the attacks that can be developed depend critically on the in-memory representation of the secret key. We develop, efficient, dedicated key-recovery algorithms for the two implementations and provide the results of an empirical eval- uation of our algorithms.

KW - Cold boot attacks

KW - Key enumeration

KW - NTRU

U2 - 10.1007/978-3-319-71667-1_6

DO - 10.1007/978-3-319-71667-1_6

M3 - Conference contribution

AN - SCOPUS:85037820823

SN - 978-3-319-71666-4

VL - 10698 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 107

EP - 125

BT - Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings

PB - Springer-Verlag

T2 - 18th International Conference on Cryptology in India, INDOCRYPT 2017

Y2 - 10 December 2017 through 13 December 2017

ER -

Paterson KG, Villanueva-Polanco R. Cold Boot Attacks on NTRU. In Progress in Cryptology – INDOCRYPT 2017 - 18th International Conference on Cryptology in India, Proceedings. Vol. 10698 LNCS. Springer-Verlag. 2017. p. 107-125. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Epub 2017 Nov 30. doi: 10.1007/978-3-319-71667-1_6