Skip to main content
Springer Nature Link
Log in

On the Joint Security of Encryption and Signature in EMV

  • Conference paper
Topics in Cryptology – CT-RSA 2012 (CT-RSA 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7178))

Included in the following conference series:

  • 1851 Accesses

Abstract

We provide an analysis of current and future algorithms for signature and encryption in the EMV standards in the case where a single key-pair is used for both signature and encryption. We give a theoretical attack for EMV’s current RSA-based algorithms, showing how access to a partial decryption oracle can be used to forge a signature on a freely chosen message. We show how the attack might be integrated into EMV’s CDA protocol flow, enabling an attacker with a wedge device to complete an offline transaction without knowing the cardholder’s PIN. Finally, the elliptic curve signature and encryption algorithms that are likely to be adopted in a forthcoming version of the EMV standards are analyzed in the single key-pair setting, and shown to be secure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abdalla, M., Bellare, M., Rogaway, P.: The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. An, J.H., Dodis, Y., Rabin, T.: On the Security of Joint Signature and Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83–107. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  3. Bleichenbacher, D.: Chosen Ciphertext Attacks against Protocols Based on the RSA Encryption Standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 1. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  4. Brown, D.: Generic groups, collision resistance, and ECDSA. Des. Codes Cryptography 35, 119–152 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  5. Brown, D.: On the provable security of ECDSA. In: Seroussi, G., Blake, I.F., Smart, N.P. (eds.) Advances in Elliptic Curve Cryptography, pp. 21–40. Cambridge University Press (2005)

    Google Scholar 

  6. Coron, J.-S., Joye, M., Naccache, D., Paillier, P.: Universal Padding Schemes for RSA. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 226–241. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Coron, J.-S., Naccache, D., Tibouchi, M.: Fault Attacks against EMV Signatures. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 208–220. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Coron, J.-S., Naccache, D., Tibouchi, M., Weinmann, R.-P.: Practical Cryptanalysis of ISO/IEC 9796-2 and EMV Signatures. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 428–444. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  9. Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33, 167–226 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  10. Dent, A.W.: Proofs of security for ECIES. In: Seroussi, G., Blake, I.F., Smart, N.P. (eds.) Advances in Elliptic Curve Cryptography, pp. 41–66. Cambridge University Press (2005)

    Google Scholar 

  11. Desmedt, Y., Odlyzko, A.M.: A Chosen Text Attack on the RSA Cryptosystem and some Discrete Logarithm Schemes. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 516–522. Springer, Heidelberg (1986)

    Google Scholar 

  12. EMV Co. EMV Common Payment Application Specification – Version 1.0 (December 2005)

    Google Scholar 

  13. EMV Co. EMV Book 2 – Security and Key Management – Version 4.1z ECC – With support for Elliptic Curve Cryptography (May 2007)

    Google Scholar 

  14. EMV Co. EMV Book 1 – Application Independent ICC to Terminal Interface Requirements – Version 4.2 (June 2008)

    Google Scholar 

  15. EMV Co. EMV Book 2 – Security and Key Management – Version 4.2 (June 2008)

    Google Scholar 

  16. EMV Co. EMV Book 3 – Application Specification – Version 4.2 (June 2008)

    Google Scholar 

  17. EMV Co. EMV Book 4 – Cardholder, Attendant, and Acquirer Interface Requirements – Version 4.2 (June 2008)

    Google Scholar 

  18. EMV Co. EMV Specification Bulletin No. 84 (December 2010)

    Google Scholar 

  19. Haber, S., Pinkas, B.: Securely combining public-key cryptosystems. In: ACM Conference on Computer and Communications Security, pp. 215–224 (2001)

    Google Scholar 

  20. ISO/IEC. ISO/IEC 14888-3:2006, Information technology – Security techniques – Digital signatures with appendix – Part 3: Discrete logarithm based mechanisms (2006)

    Google Scholar 

  21. ISO/IEC. ISO/IEC 18033-2, Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers (2006)

    Google Scholar 

  22. ISO/IEC. Final Draft of ISO/IEC 14888-3:2006, Information technology – Security techniques – Digital signatures with appendix Part 3: Discrete logarithm based mechanisms Amendment 1: Elliptic Curve Russian Digital Signature Algorithm, Schnorr Digital Signature Algorithm, Elliptic Curve Schnorr Digital Signature Algorithm, and Elliptic Curve Full Schnorr Digital Signature Algorithm (2010)

    Google Scholar 

  23. Naccache, D., Coron, J.-S., Stern, J.P.: On the Security of RSA Padding. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 1–18. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  24. Klíma, V., Rosa, T.: Further Results and Considerations on Side Channel Attacks on RSA. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 244–259. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  25. Komano, Y., Ohta, K.: Efficient Universal Padding Techniques for Multiplicative Trapdoor One-Way Permutation. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 366–382. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  26. Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and PIN is broken. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 433–446 (May 2010)

    Google Scholar 

  27. Neven, G., Smart, N.P., Warinschi, B.: Hash function requirements for Schnorr signatures. J. Mathematical Cryptology 3, 69–87 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  28. Paillier, P., Vergnaud, D.: Discrete-Log-Based Signatures May not be Equivalent to Discrete Log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1–20. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  29. Paterson, K.G., Schuldt, J.C.N., Stam, M., Thomson, S.: On the Joint Security of Encryption and Signature, Revisited. In: Lee, D.H. (ed.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 161–178. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  30. Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptology 13(3), 361–396 (2000)

    Article  MATH  Google Scholar 

  31. Shoup, V.: A proposal for an ISO standard for public key encryption (version 2.1) (2001), http://www.shoup.net/papers/iso-2_1.pdf

  32. Smart, N.P.: The Exact Security of ECIES in the Generic Group Model. In: Honary, B. (ed.) IMACC 2001. LNCS, vol. 2260, pp. 73–84. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  33. Smart, N.P.: Errors Matter: Breaking RSA-Based PIN Encryption with Thirty Ciphertext Validity Queries. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 15–25. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, UK

    Jean Paul Degabriele & Kenneth G. Paterson

  2. IBM Research – Zurich, Switzerland

    Anja Lehmann

  3. Department of Computer Science, University of Bristol, UK

    Nigel P. Smart

  4. INRIA / ENS / CNRS, Paris, France

    Mario Strefler

Authors
  1. Jean Paul Degabriele
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anja Lehmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kenneth G. Paterson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nigel P. Smart
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mario Strefler
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Haifa, 31905, Haifa, Israel

    Orr Dunkelman

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Degabriele, J.P., Lehmann, A., Paterson, K.G., Smart, N.P., Strefler, M. (2012). On the Joint Security of Encryption and Signature in EMV. In: Dunkelman, O. (eds) Topics in Cryptology – CT-RSA 2012. CT-RSA 2012. Lecture Notes in Computer Science, vol 7178. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27954-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27954-6_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27953-9

  • Online ISBN: 978-3-642-27954-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics