Security Investigate

On the Joint Security of Encryption and Signature in EMV

Download now Free registration required

Executive Summary

The authors provide an analysis of current and future algorithms for signature and encryption in the EMV standards in the case where a single key-pair is used for both signature and encryption. They give a theoretical attack for EMV's current RSA-based algorithms, showing how access to a partial decryption oracle can be used to forge a signature on a freely chosen message. They show how the attack might be integrated into EMV's CDA protocol flow, enabling an attacker with a wedge device to complete an offline transaction without knowing the cardholder's PIN.

  • Format: PDF
  • Size: 394.45 KB