Skip to main content
SpringerLink
Log in

Post-Quantum Protocols for Banking Applications

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13820))

Abstract

With the NIST competition for Post-Quantum (PQ) algorithms standardization coming to an end, it is urgent to address the question of integrating PQ cryptography in real-world protocols to anticipate difficulties and allow a smooth transition. This is especially true for banking applications where the ecosystem composed of a variety of cards and terminals is heterogeneous. Providing solutions to ensure efficiency and some kind of backward compatibility is mandatory. In this work, we provide the first analysis of card-based payments with respect to these questions. We integrate post-quantum algorithms in existing protocols, and propose hybrid versions. We implement them on banking smart-cards and analyse the impacts on various aspects of the product, from production to actual transactions with terminals. Our work shows that such products are possible, but we identify several issues to overcome in the near feature in order to keep the same level of usability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Albrecht, M.R., et al.: Classic McEliece: conservative code-based cryptography. Technical report (2020). https://classic.mceliece.org/

  2. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: NewHope without reconciliation. Cryptology ePrint Archive, Report 2016/1157 (2016). https://eprint.iacr.org/2016/1157

  3. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - A new hope. In: Holz, T., Savage, S. (eds.) USENIX Security 2016, pp. 327–343. USENIX Association (2016)

    Google Scholar 

  4. ANSSI: ANSSI views on the Post-Quantum Cryptography transition (2022). https://www.ssi.gouv.fr/en/publication/anssi-views-on-the-post-quantum-cryptography-transition/

  5. Avanzi, R., et al.: CRYSTALS-Kyber - Algorithm specifications and supporting documentation. Technical report (2021). https://pq-crystals.org/kyber/index.shtml, version 3.2

  6. Bai, S., et al.: CRYSTALS-dilithium - algorithm specifications and supporting documentation. Technical report (2021). https://pq-crystals.org/dilithium/, version 3.1

  7. Basso, A., et al.: SABER: Mod-LWR based KEM (Round 3 Submission). Technical report. https://www.esat.kuleuven.be/cosic/pqcrypto/saber/

  8. Beullens, W.: Improved cryptanalysis of UOV and rainbow. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 348–373. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_13

    Chapter  Google Scholar 

  9. Beullens, W.: Breaking rainbow takes a weekend on a laptop. IACR Cryptol. ePrint Arch, p. 214 (2022). https://eprint.iacr.org/2022/214

  10. Bindel, N., Herath, U., McKague, M., Stebila, D.: Transitioning to a quantum-resistant public key infrastructure. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 384–405. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_22

    Chapter  MATH  Google Scholar 

  11. Bos, J.W., Carlson, B., Renes, J., Rotaru, M., Sprenkels, D., Waters, G.P.: Post-quantum secure boot on vehicle network processors. Cryptology ePrint Archive, Paper 2022/635 (2022). https://eprint.iacr.org/2022/635

  12. Braithwaite, M.: (2016). https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html

  13. van den Breekel, J., Ortiz-Yepes, D.A., Poll, E., de Ruiter, J.: EMV in a nutshell (2016). https://www.cs.ru.nl/ erikpoll/papers/EMVtechreport.pdf

  14. Brzuska, C., Smart, N.P., Warinschi, B., Watson, G.J.: An analysis of the EMV channel establishment protocol. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 373–386. ACM Press (2013). https://doi.org/10.1145/2508859.2516748

  15. Chen, C., et al.: NTRU - algorithm specifications and supporting documentation. Technical report (2020). https://ntru.org/

  16. Chen, M.S., et al.: Rainbow. Technical report (2020). https://www.pqcrainbow.org/

  17. Cooper, D.A., Apon, D.C., Dang, Q.H., Miller, M.S.D.M.J.D.C.A.: Recommendation for stateful hash-based signature schemes. Technical report, NIST (2020). https://doi.org/10.6028/NIST.SP.800-208

  18. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2, 107–125 (1992)

    Article  Google Scholar 

  19. EMVCo: EMV - Integrated Circuit Card Specifications for Payment Systems - Common Payment Application Specification (2005). version 1.0

    Google Scholar 

  20. EMVCo: EMV - Integrated Circuit Card Specifications for Payment Systems - Book 2 - Security and Key Management (2011). version 4.3

    Google Scholar 

  21. EMVCo: EMV - Integrated Circuit Card Specifications for Payment Systems - Book 3 - Application Specification (2011). version 4.3

    Google Scholar 

  22. EMVCo: EMV ECC Key Establishment Protocols (2012)

    Google Scholar 

  23. Fouque, P.A., et al.: Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU. Technical report (2020). https://falcon-sign.info/

  24. Garrett, D., Ward, M.: Blinded Diffie-Hellman. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 79–92. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-14054-4_6

    Chapter  Google Scholar 

  25. Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: testing and benchmarking NIST PQC on ARM cortex-m4. IACR Cryptol. ePrint Arch, p. 844 (2019). https://eprint.iacr.org/2019/844

  26. National Institute for Standards and Technology: Post-Quantum Cryptography Standardization. https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization

  27. Paul, S., Scheible, P.: Towards post-quantum security for cyber-physical systems: integrating PQC into industrial M2M communication. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12309, pp. 295–316. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_15

    Chapter  Google Scholar 

  28. Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 20, pp. 1461–1480. ACM Press (2020). https://doi.org/10.1145/3372297.3423350

  29. Stadler, S., Sakaguti, V., Kaur, H., Fehlhaber, A.L.: Hybrid signal protocol for post-quantum email encryption. Cryptology ePrint Archive, Paper 2021/875 (2021). https://eprint.iacr.org/2021/875, https://eprint.iacr.org/2021/875

Download references

Author information

Authors and Affiliations

  1. IDEMIA, Courbevoie, France

    Luk Bettale & Marco De Oliveira

  2. IDEMIA, Pessac, France

    Emmanuelle Dottax

Authors
  1. Luk Bettale
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco De Oliveira
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emmanuelle Dottax
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emmanuelle Dottax .

Editor information

Editors and Affiliations

  1. Radboud University, Nijmegen, The Netherlands

    Ileana Buhan

  2. NXP Semiconductors, Gratkorn, Austria

    Tobias Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bettale, L., De Oliveira, M., Dottax, E. (2023). Post-Quantum Protocols for Banking Applications. In: Buhan, I., Schneider, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2022. Lecture Notes in Computer Science, vol 13820. Springer, Cham. https://doi.org/10.1007/978-3-031-25319-5_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25319-5_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25318-8

  • Online ISBN: 978-3-031-25319-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation