Recovering RSA Secret Keys from Noisy Key Bits with Erasures and Errors

  • Noboru Kunihiro
  • Naoyuki Shinohara
  • Tetsuya Izu
Conference paper

DOI: 10.1007/978-3-642-36362-7_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7778)
Cite this paper as:
Kunihiro N., Shinohara N., Izu T. (2013) Recovering RSA Secret Keys from Noisy Key Bits with Erasures and Errors. In: Kurosawa K., Hanaoka G. (eds) Public-Key Cryptography – PKC 2013. Lecture Notes in Computer Science, vol 7778. Springer, Berlin, Heidelberg


We discuss how to recover RSA secret keys from noisy key bits with erasures and errors. There are two known algorithms recovering original secret keys from noisy keys. At Crypto 2009, Heninger and Shacham proposed a method for the case where an erroneous version of secret keys contains only erasures. Subsequently, Henecka et al. proposed a method for an erroneous version containing only errors at Crypto 2010. For physical attacks such as side-channel and cold boot attacks, we need to study key recovery from a noisy secret key containing both erasures and errors. In this paper, we propose a method to recover a secret key from such an erroneous version and analyze the condition for error and erasure rates so that our algorithm succeeds in finding the correct secret key in polynomial time. We also evaluate a theoretical bound to recover the secret key and discuss to what extent our algorithm achieves this bound.


RSA Key-recovery Cold Boot Attack Side-channel Attack Maximal Likelihood 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Noboru Kunihiro
    • 1
  • Naoyuki Shinohara
    • 2
  • Tetsuya Izu
    • 3
  1. 1.The University of TokyoJapan
  2. 2.NICTJapan
  3. 3.Fujitsu LabsJapan

Personalised recommendations