Paper 2010/324

Applications of SAT Solvers to AES key Recovery from Decayed Key Schedule Images

Abdel Alim Kamal and Amr M. Youssef


Cold boot attack is a side channel attack which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Given the nature of the cold boot attack, only a corrupted image of the memory contents will be available to the attacker. In this paper, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the AES-128 key schedules from its corresponding decayed memory images. By exploiting the asymmetric decay of the memory images and the redundancy of key material inherent in the AES key schedule, rectifying the faults in the corrupted memory images of the AES-128 key schedule is formulated as a Boolean satisfiability problem which can be solved efficiently for relatively very large decay factors. Our experimental results show that this approach improves upon the previously known results.

Available format(s)
Publication info
Published elsewhere. This work is accepted in the SECURWARE 2010 Conference
Cold-boot attacksdecayed memorySAT solvers
Contact author(s)
a_kamala @ encs concordia ca
2010-06-04: received
Short URL
Creative Commons Attribution


      author = {Abdel Alim Kamal and Amr M.  Youssef},
      title = {Applications of SAT Solvers to AES key Recovery from Decayed Key Schedule Images},
      howpublished = {Cryptology ePrint Archive, Paper 2010/324},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.