ECC Blinded Diffie-Hellman security analysis

It is planned that EMV Next Generation will use an ECC (Elliptic Curve Cryptography) Key Agreement protocol called Blinded Diffie-Hellman. This was first presented by EMVCo in the EMV RFC

Below is a paper by Professor Nigel Smart that supplements the security analysis and proof given in:

Christina Brzuska, Nigel P. Smart, Bogdan Warinschi, and Gaven J. Watson. An analysis of the EMV channel establishment protocol. ACM Conference on Computer and Communications Security – ACM CCS 2013, 373–386, 2013
an earlier version of which can be found at

This paper addresses two questions regarding the EMV ECC Key Agreement protocol:

  • "Can the terminal go first?", and
  • "Must the blinding factor be full size?"

Publication DateVersionDescription Download
April 201515 March 2015Paper addressing two questions regarding the EMV ECC Key Agreement protocol Download