On the joint security of encryption and signature in EMV
Topics in Cryptology–CT-RSA 2012: The Cryptographers' Track at the RSA …, 2012•Springer
We provide an analysis of current and future algorithms for signature and encryption in the
EMV standards in the case where a single key-pair is used for both signature and
encryption. We give a theoretical attack for EMV's current RSA-based algorithms, showing
how access to a partial decryption oracle can be used to forge a signature on a freely
chosen message. We show how the attack might be integrated into EMV's CDA protocol
flow, enabling an attacker with a wedge device to complete an offline transaction without …
EMV standards in the case where a single key-pair is used for both signature and
encryption. We give a theoretical attack for EMV's current RSA-based algorithms, showing
how access to a partial decryption oracle can be used to forge a signature on a freely
chosen message. We show how the attack might be integrated into EMV's CDA protocol
flow, enabling an attacker with a wedge device to complete an offline transaction without …
Abstract
We provide an analysis of current and future algorithms for signature and encryption in the EMV standards in the case where a single key-pair is used for both signature and encryption. We give a theoretical attack for EMV’s current RSA-based algorithms, showing how access to a partial decryption oracle can be used to forge a signature on a freely chosen message. We show how the attack might be integrated into EMV’s CDA protocol flow, enabling an attacker with a wedge device to complete an offline transaction without knowing the cardholder’s PIN. Finally, the elliptic curve signature and encryption algorithms that are likely to be adopted in a forthcoming version of the EMV standards are analyzed in the single key-pair setting, and shown to be secure.
Springer
以上显示的是最相近的搜索结果。 查看全部搜索结果