Cold Boot Attacks on Bliss

摘要

In this paper, we examine the feasibility of cold boot attacks against the BLISS signature scheme. We believe this to be the first time that this has been attempted. Our work is the continuation of the trend to develop cold boot attacks for different schemes as revealed by the literature. But it is also the continuation of the evaluation of post-quantum cryptographic schemes against this class of attack. Particularly, we review the BLISS implementation provided by the strongSwan project. This implementation particularly stores its private key in memory in an interesting way therefore requiring novel approaches to key recovery. We present various approaches to key recovery. We first analyse the key recovery problem in this particular case via key enumeration algorithms, and so propose different techniques for key recovery. We then turn our attention to exploit further the algebraic relation among the components of the private key, and we thus establish a connection between the key recovery problem in this particular case and an instance of Learning with Errors Problem (LWE). We then explore various key recovery techniques to tackle this instance of LWE. In particular, we show a key recovery strategy combining lattice techniques and key enumeration. Finally, we report results from experimenting with one of the key recovery algorithms for a range of parameters, showing it is able to tolerate a noise level of α = 0.001 and β = 0.09 for a parameter set when performing a 2~(40) enumeration.