ROCA and Minerva Vulnerabilities

Jančár,  Ján; Švenda,  Petr; Sýs,  Marek

ROCA and Minerva Vulnerabilities

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.

Authors	JANČÁR Ján ŠVENDA Petr SÝS Marek
Year of publication	2025
Type	Chapter of a book
MU Faculty or unit	Faculty of Informatics
Citation
Description	The chapter in the book describes principles and lessons learned from ROCA and Minerva vulnerabilities. ROCA and Minerva are two examples of real-world practically exploitable vulnerabilities found in cryptographic smartcards certified to high security levels under the Common Criteria certification scheme. Both vulnerabilities allow the extraction of the corresponding private key -- RSA primes for ROCA and private scalar for ECDSA in the case of Minerva. The exploitation utilizes a lattice-reduction-based algorithm in both cases.
Related projects:	Applied research at FI: Trust in dynamic software ecosystems, cryptographic implementations, cybersecurity trainings, data fusion for physical sensors and scheduling algorithms in logistics