Article

Reconstructing RSA Private Keys from Random Key Bits

Authors:

Nadia Heninger,

Hovav ShachamAuthors Info & Claims

CRYPTO '09: Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology

Pages 1 - 17

https://doi.org/10.1007/978-3-642-03356-8_1

Published: 19 August 2009 Publication History

Abstract

We show that an RSA private key with small public exponent can be efficiently recovered given a 0.27 fraction of its bits at random. An important application of this work is to the "cold boot" attacks of Halderman et al. We make new observations about the structure of RSA keys that allow our algorithm to make use of the redundant information in the typical storage format of an RSA private key. Our algorithm itself is elementary and does not make use of the lattice techniques used in other RSA key reconstruction problems. We give an analysis of the running time behavior of our algorithm that matches the threshold phenomenon observed in our experiments.

Cited By

View all

Ajani YBright C(2024)SAT and Lattice Reduction for Integer FactorizationProceedings of the 2024 International Symposium on Symbolic and Algebraic Computation10.1145/3666000.3669712(391-399)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3666000.3669712
Wang ZTaram MMoghimi DSwanson STullsen DZhao JCalandrino JTroncoso C(2023)NVLeakProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620616(6771-6788)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620616
Liu GLiu YZhou YGao Y(2023)Recovering Multi-prime RSA Keys with Erasures and ErrorsInformation Security Practice and Experience10.1007/978-981-99-7032-2_16(266-283)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1007/978-981-99-7032-2_16
Show More Cited By

Recommendations

Building Key-Private Public-Key Encryption Schemes
ACISP '09: Proceedings of the 14th Australasian Conference on Information Security and Privacy

In the setting of identity-based encryption with multiple trusted authorities, TA anonymity formally models the inability of an adversary to distinguish two ciphertexts corresponding to the same message and identity, but generated using different TA ...
Secure public-key encryption scheme without random oracles

Since the first practical and secure public-key encryption scheme without random oracles proposed by Cramer and Shoup in 1998, Cramer-Shoup's scheme and its variants remained the only practical and secure public-key encryption scheme without random ...
On the Security of RSA with Primes Sharing Least-Significant Bits

We investigate the security of a variant of the RSA public-key cryptosystem called LSBS-RSA, in which the modulus primes share a large number of least-significant bits. We show that low public-exponent LSBS-RSA is inherently resistant to Partial Key ...

Comments

Information & Contributors

Information

Published In

CRYPTO '09: Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology

August 2009

689 pages

ISBN:9783642033551

Editor:
Shai Halevi
IBM Research, Hawthorne, NY, USA

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 19 August 2009

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

36
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ajani YBright C(2024)SAT and Lattice Reduction for Integer FactorizationProceedings of the 2024 International Symposium on Symbolic and Algebraic Computation10.1145/3666000.3669712(391-399)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3666000.3669712
Wang ZTaram MMoghimi DSwanson STullsen DZhao JCalandrino JTroncoso C(2023)NVLeakProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620616(6771-6788)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620616
Liu GLiu YZhou YGao Y(2023)Recovering Multi-prime RSA Keys with Erasures and ErrorsInformation Security Practice and Experience10.1007/978-981-99-7032-2_16(266-283)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1007/978-981-99-7032-2_16
Tani KKunihiro N(2023)HS-Based Error Correction Algorithm for Noisy Binary GCD Side-Channel SequencesApplied Cryptography and Network Security10.1007/978-3-031-33488-7_3(59-88)Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-33488-7_3
Lu YPeng LZhang RHu LLin D(2022)Towards Optimal Bounds for Implicit Factorization ProblemSelected Areas in Cryptography – SAC 201510.1007/978-3-319-31301-6_26(462-476)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-319-31301-6_26
Zhou Yvan de Pol JYu YStandaert F(2022)A Third is All You Need: Extended Partial Key Exposure Attack on CRT-RSA with Additive Exponent BlindingAdvances in Cryptology – ASIACRYPT 202210.1007/978-3-031-22972-5_18(508-536)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-22972-5_18
Esser AMay AVerbel JWen W(2022)Partial Key Exposure Attacks on BIKE, Rainbow and NTRUAdvances in Cryptology – CRYPTO 202210.1007/978-3-031-15982-4_12(346-375)Online publication date: 15-Aug-2022
https://dl.acm.org/doi/10.1007/978-3-031-15982-4_12
Chuengsatiansup CFeutrill ASim RYarom Y(2022)RSA Key Recovery from Digit Equivalence InformationApplied Cryptography and Network Security10.1007/978-3-031-09234-3_10(193-211)Online publication date: 20-Jun-2022
https://dl.acm.org/doi/10.1007/978-3-031-09234-3_10
Wang TLiu YXu JHu LTao YZhou Y(2021)Integer LWE with Non-subgaussian Error and Related AttacksInformation Security10.1007/978-3-030-91356-4_1(3-25)Online publication date: 9-Nov-2021
https://dl.acm.org/doi/10.1007/978-3-030-91356-4_1
Moghimi DVan Bulck JHeninger NPiessens FSunar BCapkun SRoesner F(2020)COPYCATProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489239(469-486)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489239
Show More Cited By

Abstract

Cited By

Recommendations

Building Key-Private Public-Key Encryption Schemes

Secure public-key encryption scheme without random oracles

On the Security of RSA with Primes Sharing Least-Significant Bits

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations