Cryptology ePrint Archive: Report 2015/057
Cold Boot Attacks in the Discrete Logarithm Setting
Bertram Poettering and Dale L. Sibborn
Abstract: In a cold boot attack a cryptosystem is compromised by analysing a noisy version of its internal state. For instance, if a computer is rebooted the memory contents are rarely fully reset; instead, after the reboot an adversary might recover a noisy image of the old memory contents and use it as a stepping stone for reconstructing secret keys. While such attacks were known for a long time, they recently experienced a revival in the academic literature. Here, typically either RSA-based schemes or blockciphers are targeted.
We observe that essentially no work on cold boot attacks on schemes defined in the discrete logarithm setting (DL) and particularly for elliptic curve cryptography (ECC) has been conducted. In this paper we hence consider cold boot attacks on selected wide-spread implementations of DL-based cryptography. We first introduce a generic framework to analyse cold boot settings and construct corresponding key-recovery algorithms. We then study common in-memory encodings of secret keys (in particular those of the wNAF-based and comb-based ECC implementations used in OpenSSL and PolarSSL, respectively), identify how redundancies can be exploited to make cold boot attacks effective, and develop efficient dedicated key-recovery algorithms. We complete our work by providing theoretical bounds for the success probability of our attacks.
Category / Keywords: cold boot attack, DL setting, key recovery, side-channel attack
Original Publication (with major differences): CT-RSA 2015
Date: received 25 Jan 2015
Contact author: bertram poettering at rhul ac uk
Available format(s): PDF | BibTeX Citation
Version: 20150126:145248 (All versions of this report)
Short URL: ia.cr/2015/057
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]