Unlinkability of an Improved Key Agreement Protocol for EMV 2nd Gen Payments. (arXiv:2105.02029v2 [cs.CR] UPDATED)

To address known privacy problems with the EMV standard, EMVCo have proposed
a Blinded Diffie-Hellman key establishment protocol, which is intended to be
part of a future 2nd Gen EMV protocol. We point out that active attackers were
not previously accounted for in the privacy requirements of this proposal
protocol, and demonstrate that an active attacker can compromise unlinkability
within a distance of 100cm. Here, we adopt a strong definition of unlinkability
that does account for active attackers and propose …

emv key payments