Cryptology ePrint Archive: Report 2015/057

Cold Boot Attacks in the Discrete Logarithm Setting

Bertram Poettering and Dale L. Sibborn

Abstract: In a cold boot attack a cryptosystem is compromised by analysing a noisy version of its internal state. For instance, if a computer is rebooted the memory contents are rarely fully reset; instead, after the reboot an adversary might recover a noisy image of the old memory contents and use it as a stepping stone for reconstructing secret keys. While such attacks were known for a long time, they recently experienced a revival in the academic literature. Here, typically either RSA-based schemes or blockciphers are targeted. We observe that essentially no work on cold boot attacks on schemes defined in the discrete logarithm setting (DL) and particularly for elliptic curve cryptography (ECC) has been conducted. In this paper we hence consider cold boot attacks on selected wide-spread implementations of DL-based cryptography. We first introduce a generic framework to analyse cold boot settings and construct corresponding key-recovery algorithms. We then study common in-memory encodings of secret keys (in particular those of the wNAF-based and comb-based ECC implementations used in OpenSSL and PolarSSL, respectively), identify how redundancies can be exploited to make cold boot attacks effective, and develop efficient dedicated key-recovery algorithms. We complete our work by providing theoretical bounds for the success probability of our attacks.

Category / Keywords: cold boot attack, DL setting, key recovery, side-channel attack

Original Publication (with major differences): CT-RSA 2015

Date: received 25 Jan 2015

Contact author: bertram poettering at rhul ac uk

Available format(s): PDF | BibTeX Citation

Version: 20150126:145248 (All versions of this report)

Short URL: ia.cr/2015/057

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]