New Cryptography Drafts

Consultation Period Ended 2007

INTRODUCTORY STATEMENT FOR NEW CRYPTOGRAPHY BOOK 2 DRAFTS

The EMVCo Security Working Group (SWG) is reviewing future cryptography options and in particular the offline cryptographic techniques that may ultimately supersede the current RSA-based mechanisms as defined in Book 2 of the EMV v4.1 ICC Specification for Payment Systems.

A new technique will need to be in place by the time the current 1984-bit keys expire. As an indication of when that could happen, the US National Institute of Standards & Technology (NIST) currently predicts that the use of RSA keys of this size be discontinued sometime between 2025 and 2030 (http://csrc.nist.gov/). EMVCo estimates that it will take 12 to 15 years for the infrastructure to be migrated in support of the new technique, which is why we are now conducting a review of various options.

The SWG has considered a number of techniques, and narrowed them down to three options:

  1. Continue using the RSA algorithm with expanded key lengths (up to twice the current maximum of 1984 bits) for the Payment System CA keys and the Issuer keys, but keep the current maximum length for the ICC keys.
  2. Continue using the RSA algorithm as per 1) but also extend the ICC key lengths.
  3. Replace the RSA cryptography with Elliptic Curve Cryptography (ECC).

EMVCo has created three new drafts of EMV v4.1 Book 2 - Security and Key Management, one for each of the three options listed above. These drafts are based on the Version 4.1 of the EMV Specification (June 2004), and do not contain any bulletin updates that have been published since June 2004.

EMVCo is also considering updating the underlying RSA-based mechanisms currently used for digital signatures (ISO/IEC 9796-2) and encryption (non-standard), but this upgrade is not included in the drafts. Symmetric algorithms will also be re-visited, and these are also not included in the drafts.

Each option has advantages and disadvantages and so we would like to solicit your input on these options during this stage of our assessment. We therefore welcome your comments regarding

  • General concepts presented
  • Implementation concerns
  • Performance concerns
  • IP considerations
  • Any other issues or concerns

If you have a preference for any one of these options, please indicate this as well as the rationale behind your preference.

Please note the following:

  • At this point in time, no option is favored over any other option and there is no certainty that the final choice will be one of these three proposals. Your input as well as the advantages and disadvantages of each will be further considered before a choice is made
  • If one of the current proposals is chosen, it should be expected that the final version will contain significant changes to the present draft.
  • Other than anticipating a 1984-bit key expiration date of 2025 or later, and realizing that it may take 12-15 years to migrate from the existing offline cryptography to new offline cryptography, no other timeline has been established
  • EMVCo realizes that the changing of Book 2 will have an impact on the other parts of the EMV specification, and these updates will be made when the new cryptography technique is chosen.

EMVCo solicits notification from any parties that may have Intellectual Property that may be infringed by any of the draft specifications. EMVCo further requests for any input provided that the author notifies EMVCo of any and all Intellectual Property that they believe may be infringed by the contribution or an implementation thereof.


Publication DateVersionDescription Download
June 2007v4.1x RSA+EMV ICC Specifications for Payment Systems v4.1x RSA+ Book 2 Download
June 20074.1y RSA++EMV ICC Specifications for Payment Systems v4.1y RSA++ Book 2 Download
June 20074.1z ECCEMV ICC Specifications for Payment Systems v4.1z ECC Book 2 Download