### On the Joint Security of Encryption and Signature in EMV

Jean Paul Degabriele, Anja Lehmann, Kenneth G. Paterson, Nigel P. Smart, and Mario Strefler

##### Abstract

We provide an analysis of current and future algorithms for signature and encryption in the EMV standards in the case where a single key-pair is used for both signature and encryption. We give a theoretical attack for EMV's current RSA-based algorithms, showing how access to a partial decryption oracle can be used to forge a signature on a freely chosen message. We show how the attack might be integrated into EMV's CDA protocol flow, enabling an attacker with a wedge device to complete an offline transaction without knowing the cardholder's PIN. Finally, the elliptic curve signature and encryption algorithms that are likely to be adopted in a forthcoming version of the EMV standards are analyzed in the single key-pair setting, and shown to be secure.

Note: Correction of "1968" to "1984" in Table 1 and text.

Available format(s)
Category
Applications
Publication info
Published elsewhere. An abridged version of this work appears at CT-RSA 2012. This is the full version.
Keywords
EMVsignatureencryptionattack
Contact author(s)
kenny paterson @ rhul ac uk
History
2011-12-16: last of 4 revisions
See all versions
Short URL
https://ia.cr/2011/615

CC BY

BibTeX

@misc{cryptoeprint:2011/615,
author = {Jean Paul Degabriele and Anja Lehmann and Kenneth G.  Paterson and Nigel P.  Smart and Mario Strefler},
title = {On the Joint Security of Encryption and Signature in EMV},
howpublished = {Cryptology ePrint Archive, Paper 2011/615},
year = {2011},
note = {\url{https://eprint.iacr.org/2011/615}},
url = {https://eprint.iacr.org/2011/615}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.