Improved Key Recovery Algorithms from Noisy RSA Secret Keys with Analog Noise

From the proposal of key-recovery algorithms for RSA secret key from its noisy version at Crypto2009, there have been considerable researches on RSA key recovery from discrete noise. At CHES2014, two efficient algorithms for recovering secret keys are proposed from noisy analog data obtained through physical attacks such as side channel attacks. One of the algorithms works even if the noise distributions are unknown. However, the algorithm is not optimal especially if the noise distribution is imbalanced. To overcome this problem, we propose new algorithms to recover from such an imbalanced analog noise. We first present a generalized algorithm and show its success condition. We then construct the algorithm suitable for imbalanced noise under the condition that the variances of noise distributions are a priori known. Our algorithm succeeds in recovering the secret key from much more noise. We present the success condition in the explicit form and verify that our algorithm is superior to the previous results. We then show its optimality. Note that the proposed algorithm has the same performance as the previous one in the balanced noise. We next propose a key recovery algorithm that does not use the values of the variances. The algorithm first estimates the variance of noise distributions from the observed data with help of the EM algorithm and then recover the secret key by the first algorithm with their estimated variances. The whole algorithm works well even if the values of the variance is unknown in advance. We examine that our proposed algorithm succeeds in recovering the secret key from much more noise than the previous algorithm.