ROCA details published – taste of quantum cryptography

If you want to see raised eyebrows, just say “unbreakable crypto”. Yet everyone assumes their use of crypto is “unbreakable”. Security experts know it’s safe to reject “unbreakable systems” out of hand, but they often rely on the unbreakability of security protocols day in, day out.

KeyChest – professional certificate management by Enigma Bridge – free cloud instance at

Quantum cryptography is still some years away from being anything but an interesting research area. But if you want to see what it is to suddenly have all your keys broken, look the ROCA vulnerability.

If you haven’t heard of it yet, just google “roca vulnerability”. If you heard and want to hear more details, The ACM Digital Library has just published the full text of the research paper describing the details of the problem.

Well, the paper describes the technical details. If you want to understand details of real-world implications than it takes a bit more … imagination.

Let’s start with this – your company decided to outsource your IT to third parties. You need to show your clients and partners that you’re in control of your data and use encryption to protect against unauthorized access via the IT supplier. As you are worried about ransomware, you create frequent backups – actually your IT supplier does.

October 16th came and you suddenly learnt that it was possible to decrypt all your sensitive data without any additional information – all that was needed had been included with the data, namely public keys used for encryption. And it’s not just an odd misplaced key that got compromised – it’s all your keys at the same time.

You can revoke the keys, but the data is out there and there’s no way to hide it now. All you can do is to hope that there are so many other companies, that your IT supplier will be helpful, that you know of all the copies of your data, that no one will find your data worth $20,000 (or maybe just $500 dollars when November comes and black hats optimize the attack) to crack the key.

Encryption – one of many or the only one

Some time ago, I did an analysis of the role of IT-security in a corporation. The company’s decisions were risk-driven and they had an established model of business risks. The approach made sense and put the encryption into the “big picture”. It was one of many items under operational risks, which was itself just one of business risks.

Security of data in transit should not depend on just one key or one security mechanism.

We have drawn columns for each distinct environment where the enterprise sent or processed its data on a whiteboard, and listed all available security mechanisms for each of the columns. Very quickly, the encryption became the only remaining protection mechanism we had.

Still, when you look into the details of how you protect your data with encryption, there may well be a single key, which you assume is unbreakable.

From the security operational point of view, the ROCA vulnerability is interesting for several reasons:

  • it has been undetected for at least 10 years;
  • it has been in a library provided with a processor and as such used in products from a number of vendors, seemingly unrelated products; and
  • it makes data protected by affected keys insecure once their encrypted copies are obtained by adversaries.

Once you know you can’t do any better and you replaced all weak keys, the time will come to think whether you are placing the fortune of your business in one encryption key, where two should be the minimum.

Published by

Dan Cvrcek

Founder and CEO of Enigma Bridge, engineer, entrepreneur, cryptography SME, security architect, and professor.