To address known privacy problems with the EMV standard, EMVCo have proposed a Blinded Diffie-Hellman key establishment protocol, which is intended to be part of a future 2nd Gen EMV protocol. We point out that active attackers were not previously accounted for in the privacy requirements of this proposal protocol, and demonstrate that an active attacker can compromise unlinkability within a distance of 100cm. Here, we adopt a strong definition of unlinkability that does account for active attackers and propose an enhancement of the protocol proposed by EMVCo. We prove that our protocol does satisfy strong unlinkability, while preserving authentication.
翻译:为解决以监查标准解决已知的隐私问题,监查中心提出了《盲人Diffie-Hellman关键成立协议》,旨在成为未来的第二个监查中心第二议定书的一部分,我们指出,主动攻击者以前没有列入本提案议定书的隐私要求,并表明主动攻击者可以在100厘米的距离内损害不可连接性。在这里,我们采纳了一个明确定义,说明主动攻击者的身份,并提议加强监查中心提议的议定书。我们证明,我们的议定书确实满足了很强的不可连接性,同时保留了认证。