@inproceedings{2001504,
author={Jean-Paul Degabriele and  Anja Lehmann and  Kenny Paterson and  Nigel Smart and Mario Strefler},
title={On the Joint Security of Encryption and Signature in EMV},
booktitle={Topics in Cryptology - CT-RSA 2012},
publisher={Springer LNCS 7178},
pages={116--135},
month={February},
year={2012},
abstract={
We provide an analysis of current and future algorithms for signature and encryption in the EMV standards in the case where a single key-pair is used for both signature and encryption. We give a theoretical attack for EMV's current RSA-based algorithms, showing how access to a partial decryption oracle can be used to forge a signature on a freely chosen message. We show how the attack might be integrated into EMV's CDA protocol flow, enabling an attacker with a wedge device to complete an offline transaction without knowing the cardholder's PIN. Finally, the elliptic curve signature and encryption algorithms that are likely to be adopted in a forthcoming version of the EMV standards are analyzed in the single key-pair setting, and shown to be secure.},
abstract-url={http://www.cs.bris.ac.uk/Publications/pub_master.jsp?id=2001504},
keyword={Cryptography},
pubtype={102}
}