Skip to main content
SpringerLink
Log in

Blinded Diffie-Hellman

Preventing Eavesdroppers from Tracking Payments

  • Conference paper
Security Standardisation Research (SSR 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8893))

Included in the following conference series:

Abstract

In this paper we present a novel form of ECC Diffie-Hellman key agreement that provides privacy and anti-tracking for contactless payments. The payer’s device can be authenticated by a payment terminal using a static public key with associated certificates belonging to the payer’s device; however, a passive eavesdropper is unable to determine the static data and keys that might otherwise be used to identify and track the payer. The new protocol has better performance than alternative protocols; it avoids the payer’s device having to support signature algorithms with dedicated hashes and it has a security proof given in [3]. The new protocol does not appear in any standards known to the authors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman key agreement protocols. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 339–361. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  2. Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)

    Google Scholar 

  3. Brzuska, C., Smart, N.P., Warinschi, B., Watson, G.: An Analysis of the EMV Channel Establishment Protocol. In: ACM CCS 2013, pp. 373–386. ACM (2013)

    Google Scholar 

  4. Blackburn, S., Scott, S.: The discrete logarithm problem for exponents of bounded height. J. Computation and Mathematics 17(Special Issue A), 148–156 (2014)

    MathSciNet  Google Scholar 

  5. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Dagdelen, O., Fischlin, M., Gagliardoni, T., Marson, G.A., Mittelbach, A., Onete, C.: A Cryptographic Analysis of OPACITY (2013), http://www.iacr.org/2013/234

  7. EMVCo: EMV ECC Key Establishment Protocols. Draft, 1st edn. (2012), http://www.emvco.com/specifications.aspx?id=243

  8. Goldberg, G., Stebila, S., Ustaoglu, B.: Anonymity and one-way authentication. In: Key Exchange Protocols. Designs, Codes and Cryptography, vol. 67(2), pp. 245–269 (May 2013)

    Google Scholar 

  9. Kudla, C., Paterson, K.G.: Modular security proofs for key agreement protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 549–565. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer (2004) ISBN 0-387-95273-X

    Google Scholar 

  11. Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenti-cated key agreement, Dept. C & Q, Univ. of Waterloo, CORR 98-05 (1998)

    Google Scholar 

  12. Menezes, A., Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press (1997)

    Google Scholar 

  13. IEEE P1363: A standard for RSA, Diffie-Hellman, and Elliptic-Curve cryptography (1999)

    Google Scholar 

  14. IETF RFC 2631, Diffie-Hellman Key Agreement Method (June 1999)

    Google Scholar 

  15. IETF RFC 4492, Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) (2006)

    Google Scholar 

  16. Certicom Research, Standards for Efficient Cryptography (2000)

    Google Scholar 

  17. NIST Special Publication 800-38B, Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication (May 2005)

    Google Scholar 

  18. NIST Special Publication 800-56A, Recommendation for Pair-Wise Key Estab-lishment Schemes Using Discrete Logarithm Cryptography (Revised) (March 2007)

    Google Scholar 

  19. NIST Special Publication 800-56C, Recommendation for Key Derivation through Extraction-then-Expansion (November 2011)

    Google Scholar 

  20. NIST Special Publication 800-108, Recommendation for Key Derivation using Pseudorandom Functions (Revised) (October 2009)

    Google Scholar 

  21. ANSI X9.63, Public Key Cryptography for the Financial Services Industry Key Agreement and Key Transport Using Elliptic Curve Cryptography (2011)

    Google Scholar 

  22. ISO/IEC 9797-1: Information technology — Security techniques — Message authentication codes — Part 1: Mechanisms using a block cipher (2011)

    Google Scholar 

  23. ISO/IEC 11770-3: Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques (2008)

    Google Scholar 

  24. ISO/IEC CD 11770-6. Information technology — Security techniques — Key management — Part 6: Key derivation

    Google Scholar 

  25. ISO/IEC 14888-3: Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms (2006)

    Google Scholar 

  26. ISO/IEC 15946-1: Information technology — Security techniques — Cryptographic techniques based on elliptic curves (2008)

    Google Scholar 

  27. ISO/IEC 18033-2: Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers (2006)

    Google Scholar 

  28. ISO/IEC CD 18370-1. Information technology — Security techniques — Blind digital signatures — Part 1: General

    Google Scholar 

  29. ISO/IEC 19772: Information technology — Security techniques — Authenticated Encryption (2009)

    Google Scholar 

  30. ISO/IEC 20008-1: Information technology — Security techniques — Anonymous digital signatures — Part 1: General (2013)

    Google Scholar 

  31. ISO/IEC 20009-1: Information technology — Security techniques — Anonymous entity authentication — Part 1: General (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. EMVCo Security Working Group, UK

    Duncan Garrett & Michael Ward

Authors
  1. Duncan Garrett
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Ward
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. HP Labs, Bristol, UK

    Liqun Chen

  2. Information Security Group, University of London, Royal Holloway, TW20 0EX, Egham, Surrey, UK

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Garrett, D., Ward, M. (2014). Blinded Diffie-Hellman. In: Chen, L., Mitchell, C. (eds) Security Standardisation Research. SSR 2014. Lecture Notes in Computer Science, vol 8893. Springer, Cham. https://doi.org/10.1007/978-3-319-14054-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-14054-4_6

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-14053-7

  • Online ISBN: 978-3-319-14054-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation