Description: We show that an RSA private key with small public exponent can be eciently recovered
given a 0.27 fraction of its bits at random. An important application of this work is to the
\cold boot" attacks of Halderman et al. We make new observations about the structure of RSA
keys that allow our algorithm to make use of the redundant information in the typical storage
format of an RSA private key. Our algorithm itself is elementary and does not make use of the
lattice techniques used in other RSA key reconstruction problems. We give an analysis of the
running time behavior of our algorithm that matches the threshold phenomenon observed in
our experiments.
To Search:
File list (Check if you may need any files):
510.pdf