Sciweavers

CRYPTO
2009
Springer

Reconstructing RSA Private Keys from Random Key Bits

14 years 7 months ago
Reconstructing RSA Private Keys from Random Key Bits
sion of an extended abstract published in Proceedings of Crypto 2009, Springer-Verlag, 2009. Available from the IACR Cryptology ePrint Archive as Report 2008/510. We show that an RSA private key with small public exponent can be efficiently recovered given a 0.27 fraction of its bits at random. An important application of this work is to the “cold boot” attacks of Halderman et al. We make new observations about the structure of RSA keys that allow our algorithm to make use of the redundant information in the typical storage format of an RSA private key. Our algorithm itself is elementary and does not make use of the lattice techniques used in other RSA key reconstruction problems. We give an analysis of the running time behavior of our algorithm that matches the threshold phenomenon observed in our experiments.
Nadia Heninger, Hovav Shacham
Added 26 May 2010
Updated 26 May 2010
Type Conference
Year 2009
Where CRYPTO
Authors Nadia Heninger, Hovav Shacham
Comments (0)