CINXE.COM

<!doctype html> <html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="profile" href="https://gmpg.org/xfn/11" /> <title>Cryptography & Payments – Arthur Van Der Merwe</title> <script type="text/javascript"> WebFontConfig = {"google":{"families":["Source+Sans+Pro:r,i,b,bi:latin,latin-ext"]},"api_url":"https:\/\/fonts-api.wp.com\/css"}; (function() { var wf = document.createElement('script'); wf.src = 'https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js'; wf.type = 'text/javascript'; wf.async = 'true'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(wf, s); })(); </script><style id="jetpack-custom-fonts-css"></style> <meta name='robots' content='max-image-preview:large' /> <meta name="google-site-verification" content="Zw5b22p04kGoy8Ch3FcgAxEamB26jLd3FALtlnOF6RA" />  <script id="wpcom_remote_login_js"> var wpcom_remote_login_extra_auth = ''; function wpcom_remote_login_remove_dom_node_id( element_id ) { var dom_node = document.getElementById( element_id ); if ( dom_node ) { dom_node.parentNode.removeChild( dom_node ); } } function wpcom_remote_login_remove_dom_node_classes( class_name ) { var dom_nodes = document.querySelectorAll( '.' + class_name ); for ( var i = 0; i < dom_nodes.length; i++ ) { dom_nodes[ i ].parentNode.removeChild( dom_nodes[ i ] ); } } function wpcom_remote_login_final_cleanup() { wpcom_remote_login_remove_dom_node_classes( "wpcom_remote_login_msg" ); wpcom_remote_login_remove_dom_node_id( "wpcom_remote_login_key" ); wpcom_remote_login_remove_dom_node_id( "wpcom_remote_login_validate" ); wpcom_remote_login_remove_dom_node_id( "wpcom_remote_login_js" ); wpcom_remote_login_remove_dom_node_id( "wpcom_request_access_iframe" ); wpcom_remote_login_remove_dom_node_id( "wpcom_request_access_styles" ); } // Watch for messages back from the remote login window.addEventListener( "message", function( e ) { if ( e.origin === "https://r-login.wordpress.com" ) { var data = {}; try { data = JSON.parse( e.data ); } catch( e ) { wpcom_remote_login_final_cleanup(); return; } if ( data.msg === 'LOGIN' ) { // Clean up the login check iframe wpcom_remote_login_remove_dom_node_id( "wpcom_remote_login_key" ); var id_regex = new RegExp( /^[0-9]+$/ ); var token_regex = new RegExp( /^.*|.*|.*$/ ); if ( token_regex.test( data.token ) && id_regex.test( data.wpcomid ) ) { // We have everything we need to ask for a login var script = document.createElement( "script" ); script.setAttribute( "id", "wpcom_remote_login_validate" ); script.src = '/remote-login.php?wpcom_remote_login=validate' + '&wpcomid=' + data.wpcomid + '&token=' + encodeURIComponent( data.token ) + '&host=' + window.location.protocol + '//' + window.location.hostname + '&postid=318' + '&is_singular='; document.body.appendChild( script ); } return; } // Safari ITP, not logged in, so redirect if ( data.msg === 'LOGIN-REDIRECT' ) { window.location = 'https://wordpress.com/log-in?redirect_to=' + window.location.href; return; } // Safari ITP, storage access failed, remove the request if ( data.msg === 'LOGIN-REMOVE' ) { var css_zap = 'html { -webkit-transition: margin-top 1s; transition: margin-top 1s; } /* 9001 */ html { margin-top: 0 !important; } * html body { margin-top: 0 !important; } @media screen and ( max-width: 782px ) { html { margin-top: 0 !important; } * html body { margin-top: 0 !important; } }'; var style_zap = document.createElement( 'style' ); style_zap.type = 'text/css'; style_zap.appendChild( document.createTextNode( css_zap ) ); document.body.appendChild( style_zap ); var e = document.getElementById( 'wpcom_request_access_iframe' ); e.parentNode.removeChild( e ); document.cookie = 'wordpress_com_login_access=denied; path=/; max-age=31536000'; return; } // Safari ITP if ( data.msg === 'REQUEST_ACCESS' ) { console.log( 'request access: safari' ); // Check ITP iframe enable/disable knob if ( wpcom_remote_login_extra_auth !== 'safari_itp_iframe' ) { return; } // If we are in a "private window" there is no ITP. var private_window = false; try { var opendb = window.openDatabase( null, null, null, null ); } catch( e ) { private_window = true; } if ( private_window ) { console.log( 'private window' ); return; } var iframe = document.createElement( 'iframe' ); iframe.id = 'wpcom_request_access_iframe'; iframe.setAttribute( 'scrolling', 'no' ); iframe.setAttribute( 'sandbox', 'allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-top-navigation-by-user-activation' ); iframe.src = 'https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=request_access&origin=' + encodeURIComponent( data.origin ) + '&wpcomid=' + encodeURIComponent( data.wpcomid ); var css = 'html { -webkit-transition: margin-top 1s; transition: margin-top 1s; } /* 9001 */ html { margin-top: 46px !important; } * html body { margin-top: 46px !important; } @media screen and ( max-width: 660px ) { html { margin-top: 71px !important; } * html body { margin-top: 71px !important; } #wpcom_request_access_iframe { display: block; height: 71px !important; } } #wpcom_request_access_iframe { border: 0px; height: 46px; position: fixed; top: 0; left: 0; width: 100%; min-width: 100%; z-index: 99999; background: #23282d; } '; var style = document.createElement( 'style' ); style.type = 'text/css'; style.id = 'wpcom_request_access_styles'; style.appendChild( document.createTextNode( css ) ); document.body.appendChild( style ); document.body.appendChild( iframe ); } if ( data.msg === 'DONE' ) { wpcom_remote_login_final_cleanup(); } } }, false ); // Inject the remote login iframe after the page has had a chance to load // more critical resources window.addEventListener( "DOMContentLoaded", function( e ) { var iframe = document.createElement( "iframe" ); iframe.style.display = "none"; iframe.setAttribute( "scrolling", "no" ); iframe.setAttribute( "id", "wpcom_remote_login_key" ); iframe.src = "https://r-login.wordpress.com/remote-login.php" + "?wpcom_remote_login=key" + "&origin=aHR0cHM6Ly9hcnRodXJ2YW5kZXJtZXJ3ZS5jb20%3D" + "&wpcomid=70204527" + "&time=1732276505"; document.body.appendChild( iframe ); }, false ); </script> <link rel='dns-prefetch' href='//s1.wp.com' /> <link rel='dns-prefetch' href='//s2.wp.com' /> <link rel='dns-prefetch' href='//s0.wp.com' /> <link rel='dns-prefetch' href='//fonts-api.wp.com' /> <link rel='dns-prefetch' href='//s.pubmine.com' /> <link rel='dns-prefetch' href='//x.bidswitch.net' /> <link rel='dns-prefetch' href='//static.criteo.net' /> <link rel='dns-prefetch' href='//ib.adnxs.com' /> <link rel='dns-prefetch' href='//aax.amazon-adsystem.com' /> <link rel='dns-prefetch' href='//bidder.criteo.com' /> <link rel='dns-prefetch' href='//cas.criteo.com' /> <link rel='dns-prefetch' href='//gum.criteo.com' /> <link rel='dns-prefetch' href='//ads.pubmatic.com' /> <link rel='dns-prefetch' href='//gads.pubmatic.com' /> <link rel='dns-prefetch' href='//tpc.googlesyndication.com' /> <link rel='dns-prefetch' href='//ad.doubleclick.net' /> <link rel='dns-prefetch' href='//googleads.g.doubleclick.net' /> <link rel='dns-prefetch' href='//www.googletagservices.com' /> <link rel='dns-prefetch' href='//cdn.switchadhub.com' /> <link rel='dns-prefetch' href='//delivery.g.switchadhub.com' /> <link rel='dns-prefetch' href='//delivery.swid.switchadhub.com' /> <link rel='dns-prefetch' href='//a.teads.tv' /> <link rel='dns-prefetch' href='//prebid.media.net' /> <link rel='dns-prefetch' href='//adserver-us.adtech.advertising.com' /> <link rel='dns-prefetch' href='//fastlane.rubiconproject.com' /> <link rel='dns-prefetch' href='//prebid-server.rubiconproject.com' /> <link rel='dns-prefetch' href='//hb-api.omnitagjs.com' /> <link rel='dns-prefetch' href='//mtrx.go.sonobi.com' /> <link rel='dns-prefetch' href='//apex.go.sonobi.com' /> <link rel='dns-prefetch' href='//u.openx.net' /> <link rel="alternate" type="application/rss+xml" title="Cryptography & Payments » Feed" href="https://arthurvandermerwe.com/feed/" /> <link rel="alternate" type="application/rss+xml" title="Cryptography & Payments » Comments Feed" href="https://arthurvandermerwe.com/comments/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ function addLoadEvent(func) { var oldonload = window.onload; if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function () { oldonload(); func(); } } } /* ]]> */ </script> <script> window._wpemojiSettings = {"baseUrl":"https:\/\/s0.wp.com\/wp-content\/mu-plugins\/wpcom-smileys\/twemoji\/2\/72x72\/","ext":".png","svgUrl":"https:\/\/s0.wp.com\/wp-content\/mu-plugins\/wpcom-smileys\/twemoji\/2\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/s2.wp.com\/wp-includes\/js\/wp-emoji-release.min.js?m=1719498190i&ver=6.8-alpha-59438"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); </script> <link crossorigin='anonymous' rel='stylesheet' id='all-css-0-1' href='https://s2.wp.com/wp-content/blog-plugins/wordads/global.css?m=1561495466i&cssminify=yes' type='text/css' media='all' /> <style id='wp-emoji-styles-inline-css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-2-1' href='https://s0.wp.com/_static/??-eJydzMsOwiAQheEXEibEXtKF8VmATggVgcwMNby91U13LlyenHw/vKryJQtmgZpaiJkhtGM6pHA8hLCbRU96ANdiWsGl4h8qRUeWOrD0hNozX+Bn6KsYNpRqP9z20kQFiuu/CbISc+CT3583M1/NMg6zGbc3O1tP4A==&cssminify=yes' type='text/css' media='all' /> <style id='wp-block-library-inline-css'> .has-text-align-justify { text-align:justify; } .has-text-align-justify{text-align:justify;} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-4-1' href='https://s2.wp.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpoZmFkYGRuZGmQBAHPvL0Y=&cssminify=yes' type='text/css' media='all' /> <style id='jetpack-sharing-buttons-style-inline-css'> .jetpack-sharing-buttons__services-list{display:flex;flex-direction:row;flex-wrap:wrap;gap:0;list-style-type:none;margin:5px;padding:0}.jetpack-sharing-buttons__services-list.has-small-icon-size{font-size:12px}.jetpack-sharing-buttons__services-list.has-normal-icon-size{font-size:16px}.jetpack-sharing-buttons__services-list.has-large-icon-size{font-size:24px}.jetpack-sharing-buttons__services-list.has-huge-icon-size{font-size:36px}@media print{.jetpack-sharing-buttons__services-list{display:none!important}}.editor-styles-wrapper .wp-block-jetpack-sharing-buttons{gap:0;padding-inline-start:0}ul.jetpack-sharing-buttons__services-list.has-background{padding:1.25em 2.375em} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-6-1' href='https://s2.wp.com/wp-content/plugins/coblocks/2.18.1-simple-rev.4/dist/coblocks-style.css?m=1681832297i&cssminify=yes' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-8-1' href='https://s1.wp.com/_static/??/wp-content/mu-plugins/core-compat/wp-mediaelement.css,/wp-content/mu-plugins/wpcom-bbpress-premium-themes.css?m=1432920480j&cssminify=yes' type='text/css' media='all' /> <style id='global-styles-inline-css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--primary: #000000;--wp--preset--color--secondary: #3C8067;--wp--preset--color--foreground: #333333;--wp--preset--color--tertiary: #FAFBF6;--wp--preset--color--background: #FFFFFF;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--gradient--hard-diagonal: linear-gradient(to bottom right, #3C8067 49.9%, #FAFBF6 50%);--wp--preset--gradient--hard-diagonal-inverted: linear-gradient(to top left, #3C8067 49.9%, #FAFBF6 50%);--wp--preset--gradient--hard-horizontal: linear-gradient(to bottom, #3C8067 50%, #FAFBF6 50%);--wp--preset--gradient--hard-horizontal-inverted: linear-gradient(to top, #3C8067 50%, #FAFBF6 50%);--wp--preset--gradient--diagonal: linear-gradient(to bottom right, #3C8067, #FAFBF6);--wp--preset--gradient--diagonal-inverted: linear-gradient(to top left, #3C8067, #FAFBF6);--wp--preset--gradient--horizontal: linear-gradient(to bottom, #3C8067, #FAFBF6);--wp--preset--gradient--horizontal-inverted: linear-gradient(to top, #3C8067, #FAFBF6);--wp--preset--gradient--stripe: linear-gradient(to bottom, transparent 20%, #3C8067 20%, #3C8067 80%, transparent 80%);--wp--preset--font-size--small: 16px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 24px;--wp--preset--font-size--x-large: 42px;--wp--preset--font-size--tiny: 14px;--wp--preset--font-size--normal: 18px;--wp--preset--font-size--huge: 28px;--wp--preset--font-family--albert-sans: 'Albert Sans', sans-serif;--wp--preset--font-family--alegreya: Alegreya, serif;--wp--preset--font-family--arvo: Arvo, serif;--wp--preset--font-family--bodoni-moda: 'Bodoni Moda', serif;--wp--preset--font-family--bricolage-grotesque: 'Bricolage Grotesque', sans-serif;--wp--preset--font-family--cabin: Cabin, sans-serif;--wp--preset--font-family--chivo: Chivo, sans-serif;--wp--preset--font-family--commissioner: Commissioner, sans-serif;--wp--preset--font-family--cormorant: Cormorant, serif;--wp--preset--font-family--courier-prime: 'Courier Prime', monospace;--wp--preset--font-family--crimson-pro: 'Crimson Pro', serif;--wp--preset--font-family--dm-mono: 'DM Mono', monospace;--wp--preset--font-family--dm-sans: 'DM Sans', sans-serif;--wp--preset--font-family--dm-serif-display: 'DM Serif Display', serif;--wp--preset--font-family--domine: Domine, serif;--wp--preset--font-family--eb-garamond: 'EB Garamond', serif;--wp--preset--font-family--epilogue: Epilogue, sans-serif;--wp--preset--font-family--fahkwang: Fahkwang, sans-serif;--wp--preset--font-family--figtree: Figtree, sans-serif;--wp--preset--font-family--fira-sans: 'Fira Sans', sans-serif;--wp--preset--font-family--fjalla-one: 'Fjalla One', sans-serif;--wp--preset--font-family--fraunces: Fraunces, serif;--wp--preset--font-family--gabarito: Gabarito, system-ui;--wp--preset--font-family--ibm-plex-mono: 'IBM Plex Mono', monospace;--wp--preset--font-family--ibm-plex-sans: 'IBM Plex Sans', sans-serif;--wp--preset--font-family--ibarra-real-nova: 'Ibarra Real Nova', serif;--wp--preset--font-family--instrument-serif: 'Instrument Serif', serif;--wp--preset--font-family--inter: Inter, sans-serif;--wp--preset--font-family--josefin-sans: 'Josefin Sans', sans-serif;--wp--preset--font-family--jost: Jost, sans-serif;--wp--preset--font-family--libre-baskerville: 'Libre Baskerville', serif;--wp--preset--font-family--libre-franklin: 'Libre Franklin', sans-serif;--wp--preset--font-family--literata: Literata, serif;--wp--preset--font-family--lora: Lora, serif;--wp--preset--font-family--merriweather: Merriweather, serif;--wp--preset--font-family--montserrat: Montserrat, sans-serif;--wp--preset--font-family--newsreader: Newsreader, serif;--wp--preset--font-family--noto-sans-mono: 'Noto Sans Mono', sans-serif;--wp--preset--font-family--nunito: Nunito, sans-serif;--wp--preset--font-family--open-sans: 'Open Sans', sans-serif;--wp--preset--font-family--overpass: Overpass, sans-serif;--wp--preset--font-family--pt-serif: 'PT Serif', serif;--wp--preset--font-family--petrona: Petrona, serif;--wp--preset--font-family--piazzolla: Piazzolla, serif;--wp--preset--font-family--playfair-display: 'Playfair Display', serif;--wp--preset--font-family--plus-jakarta-sans: 'Plus Jakarta Sans', sans-serif;--wp--preset--font-family--poppins: Poppins, sans-serif;--wp--preset--font-family--raleway: Raleway, sans-serif;--wp--preset--font-family--roboto: Roboto, sans-serif;--wp--preset--font-family--roboto-slab: 'Roboto Slab', serif;--wp--preset--font-family--rubik: Rubik, sans-serif;--wp--preset--font-family--rufina: Rufina, serif;--wp--preset--font-family--sora: Sora, sans-serif;--wp--preset--font-family--source-sans-3: 'Source Sans 3', sans-serif;--wp--preset--font-family--source-serif-4: 'Source Serif 4', serif;--wp--preset--font-family--space-mono: 'Space Mono', monospace;--wp--preset--font-family--syne: Syne, sans-serif;--wp--preset--font-family--texturina: Texturina, serif;--wp--preset--font-family--urbanist: Urbanist, sans-serif;--wp--preset--font-family--work-sans: 'Work Sans', sans-serif;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}.has-albert-sans-font-family{font-family: var(--wp--preset--font-family--albert-sans) !important;}.has-alegreya-font-family{font-family: var(--wp--preset--font-family--alegreya) !important;}.has-arvo-font-family{font-family: var(--wp--preset--font-family--arvo) !important;}.has-bodoni-moda-font-family{font-family: var(--wp--preset--font-family--bodoni-moda) !important;}.has-bricolage-grotesque-font-family{font-family: var(--wp--preset--font-family--bricolage-grotesque) !important;}.has-cabin-font-family{font-family: var(--wp--preset--font-family--cabin) !important;}.has-chivo-font-family{font-family: var(--wp--preset--font-family--chivo) !important;}.has-commissioner-font-family{font-family: var(--wp--preset--font-family--commissioner) !important;}.has-cormorant-font-family{font-family: var(--wp--preset--font-family--cormorant) !important;}.has-courier-prime-font-family{font-family: var(--wp--preset--font-family--courier-prime) !important;}.has-crimson-pro-font-family{font-family: var(--wp--preset--font-family--crimson-pro) !important;}.has-dm-mono-font-family{font-family: var(--wp--preset--font-family--dm-mono) !important;}.has-dm-sans-font-family{font-family: var(--wp--preset--font-family--dm-sans) !important;}.has-dm-serif-display-font-family{font-family: var(--wp--preset--font-family--dm-serif-display) !important;}.has-domine-font-family{font-family: var(--wp--preset--font-family--domine) !important;}.has-eb-garamond-font-family{font-family: var(--wp--preset--font-family--eb-garamond) !important;}.has-epilogue-font-family{font-family: var(--wp--preset--font-family--epilogue) !important;}.has-fahkwang-font-family{font-family: var(--wp--preset--font-family--fahkwang) !important;}.has-figtree-font-family{font-family: var(--wp--preset--font-family--figtree) !important;}.has-fira-sans-font-family{font-family: var(--wp--preset--font-family--fira-sans) !important;}.has-fjalla-one-font-family{font-family: var(--wp--preset--font-family--fjalla-one) !important;}.has-fraunces-font-family{font-family: var(--wp--preset--font-family--fraunces) !important;}.has-gabarito-font-family{font-family: var(--wp--preset--font-family--gabarito) !important;}.has-ibm-plex-mono-font-family{font-family: var(--wp--preset--font-family--ibm-plex-mono) !important;}.has-ibm-plex-sans-font-family{font-family: var(--wp--preset--font-family--ibm-plex-sans) !important;}.has-ibarra-real-nova-font-family{font-family: var(--wp--preset--font-family--ibarra-real-nova) !important;}.has-instrument-serif-font-family{font-family: var(--wp--preset--font-family--instrument-serif) !important;}.has-inter-font-family{font-family: var(--wp--preset--font-family--inter) !important;}.has-josefin-sans-font-family{font-family: var(--wp--preset--font-family--josefin-sans) !important;}.has-jost-font-family{font-family: var(--wp--preset--font-family--jost) !important;}.has-libre-baskerville-font-family{font-family: var(--wp--preset--font-family--libre-baskerville) !important;}.has-libre-franklin-font-family{font-family: var(--wp--preset--font-family--libre-franklin) !important;}.has-literata-font-family{font-family: var(--wp--preset--font-family--literata) !important;}.has-lora-font-family{font-family: var(--wp--preset--font-family--lora) !important;}.has-merriweather-font-family{font-family: var(--wp--preset--font-family--merriweather) !important;}.has-montserrat-font-family{font-family: var(--wp--preset--font-family--montserrat) !important;}.has-newsreader-font-family{font-family: var(--wp--preset--font-family--newsreader) !important;}.has-noto-sans-mono-font-family{font-family: var(--wp--preset--font-family--noto-sans-mono) !important;}.has-nunito-font-family{font-family: var(--wp--preset--font-family--nunito) !important;}.has-open-sans-font-family{font-family: var(--wp--preset--font-family--open-sans) !important;}.has-overpass-font-family{font-family: var(--wp--preset--font-family--overpass) !important;}.has-pt-serif-font-family{font-family: var(--wp--preset--font-family--pt-serif) !important;}.has-petrona-font-family{font-family: var(--wp--preset--font-family--petrona) !important;}.has-piazzolla-font-family{font-family: var(--wp--preset--font-family--piazzolla) !important;}.has-playfair-display-font-family{font-family: var(--wp--preset--font-family--playfair-display) !important;}.has-plus-jakarta-sans-font-family{font-family: var(--wp--preset--font-family--plus-jakarta-sans) !important;}.has-poppins-font-family{font-family: var(--wp--preset--font-family--poppins) !important;}.has-raleway-font-family{font-family: var(--wp--preset--font-family--raleway) !important;}.has-roboto-font-family{font-family: var(--wp--preset--font-family--roboto) !important;}.has-roboto-slab-font-family{font-family: var(--wp--preset--font-family--roboto-slab) !important;}.has-rubik-font-family{font-family: var(--wp--preset--font-family--rubik) !important;}.has-rufina-font-family{font-family: var(--wp--preset--font-family--rufina) !important;}.has-sora-font-family{font-family: var(--wp--preset--font-family--sora) !important;}.has-source-sans-3-font-family{font-family: var(--wp--preset--font-family--source-sans-3) !important;}.has-source-serif-4-font-family{font-family: var(--wp--preset--font-family--source-serif-4) !important;}.has-space-mono-font-family{font-family: var(--wp--preset--font-family--space-mono) !important;}.has-syne-font-family{font-family: var(--wp--preset--font-family--syne) !important;}.has-texturina-font-family{font-family: var(--wp--preset--font-family--texturina) !important;}.has-urbanist-font-family{font-family: var(--wp--preset--font-family--urbanist) !important;}.has-work-sans-font-family{font-family: var(--wp--preset--font-family--work-sans) !important;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} </style> <link rel='stylesheet' id='seedlet-fonts-css' href='https://fonts-api.wp.com/css?family=Fira+Sans%3Aital%2Cwght%400%2C400%3B0%2C500%3B1%2C400%7CPlayfair+Display%3Aital%2Cwght%400%2C400%3B0%2C700%3B1%2C400&subset=latin%2Clatin-ext' media='all' /> <link crossorigin='anonymous' rel='stylesheet' id='all-css-12-1' href='https://s0.wp.com/_static/??/wp-content/themes/pub/seedlet/style.css,/wp-content/themes/pub/seedlet/assets/css/style-navigation.css?m=1720456615j&cssminify=yes' type='text/css' media='all' /> <link crossorigin='anonymous' rel='stylesheet' id='print-css-13-1' href='https://s2.wp.com/wp-content/themes/pub/seedlet/assets/css/print.css?m=1603804565i&cssminify=yes' type='text/css' media='print' /> <link crossorigin='anonymous' rel='stylesheet' id='all-css-14-1' href='https://s0.wp.com/_static/??-eJx9y0EOwjAMRNELYQyiBbFAnKU1JgQ5dlQ7qnp7yq5s2M2X5uFcgUyDNTBeXNixthGd+SEcmJVwrmQFPBbhPbnvcENKgyotZXWceBRL60y4vjb5DyU2EKMhsulPwFOGPH3pvdyO/bU7dOdLf3p/AANwQOQ=&cssminify=yes' type='text/css' media='all' /> <style id='jetpack-global-styles-frontend-style-inline-css'> :root { --font-headings: unset; --font-base: unset; --font-headings-default: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif; --font-base-default: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif;} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-16-1' href='https://s2.wp.com/wp-content/themes/h4/global.css?m=1420737423i&cssminify=yes' type='text/css' media='all' /> <script id="wpcom-actionbar-placeholder-js-extra"> var actionbardata = {"siteID":"70204527","postID":"0","siteURL":"https:\/\/arthurvandermerwe.com","xhrURL":"https:\/\/arthurvandermerwe.com\/wp-admin\/admin-ajax.php","nonce":"bb6ea3788c","isLoggedIn":"","statusMessage":"","subsEmailDefault":"instantly","proxyScriptUrl":"https:\/\/s0.wp.com\/wp-content\/js\/wpcom-proxy-request.js?ver=20211021","i18n":{"followedText":"New posts from this site will now appear in your <a href=\"https:\/\/wordpress.com\/read\">Reader<\/a>","foldBar":"Collapse this bar","unfoldBar":"Expand this bar"}}; </script> <script id="jetpack-mu-wpcom-settings-js-before"> var JETPACK_MU_WPCOM_SETTINGS = {"assetsUrl":"https:\/\/s1.wp.com\/wp-content\/mu-plugins\/jetpack-mu-wpcom-plugin\/moon\/vendor\/automattic\/jetpack-mu-wpcom\/src\/build\/"}; </script> <script crossorigin='anonymous' type='text/javascript' src='https://s1.wp.com/_static/??/wp-content/js/rlt-proxy.js,/wp-content/blog-plugins/wordads-classes/js/cmp/v2/cmp-non-gdpr.js?m=1720530689j'></script> <script id="rlt-proxy-js-after"> rltInitialize( {"token":null,"iframeOrigins":["https:\/\/widgets.wp.com"]} ); </script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://arthurvandermerwe.wordpress.com/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress.com" /> <link rel='shortlink' href='https://wp.me/4Kzp5' />  <meta property="og:type" content="website" /> <meta property="og:title" content="Cryptography & Payments" /> <meta property="og:description" content="Arthur Van Der Merwe" /> <meta property="og:url" content="https://arthurvandermerwe.com/" /> <meta property="og:site_name" content="Cryptography & Payments" /> <meta property="og:image" content="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=200" /> <meta property="og:image:width" content="200" /> <meta property="og:image:height" content="200" /> <meta property="og:image:alt" content="" /> <meta property="og:locale" content="en_US" />  <link rel='openid.server' href='https://arthurvandermerwe.com/?openidserver=1' /> <link rel='openid.delegate' href='https://arthurvandermerwe.com/' /> <link rel="search" type="application/opensearchdescription+xml" href="https://arthurvandermerwe.com/osd.xml" title="Cryptography & Payments" /> <link rel="search" type="application/opensearchdescription+xml" href="https://s1.wp.com/opensearch.xml" title="WordPress.com" /> <style type="text/css"> .recentcomments a { display: inline !important; padding: 0 !important; margin: 0 !important; } table.recentcommentsavatartop img.avatar, table.recentcommentsavatarend img.avatar { border: 0px; margin: 0; } table.recentcommentsavatartop a, table.recentcommentsavatarend a { border: 0px !important; background-color: transparent !important; } td.recentcommentsavatarend, td.recentcommentsavatartop { padding: 0px 0px 1px 0px; margin: 0px; } td.recentcommentstextend { border: none !important; padding: 0px 0px 2px 10px; } .rtl td.recentcommentstextend { padding: 0px 10px 2px 0px; } td.recentcommentstexttop { border: none; padding: 0px 0px 0px 10px; } .rtl td.recentcommentstexttop { padding: 0px 10px 0px 0px; } </style> <meta name="application-name" content="Cryptography & Payments" /><meta name="msapplication-window" content="width=device-width;height=device-height" /><meta name="msapplication-tooltip" content="Arthur Van Der Merwe" /><meta name="description" content="Arthur Van Der Merwe" /> <script> var wa_smart = { 'network_id': 3905, 'site_id': 560111, 'page_id': 1700829, 'blog_id': 70204527, 'post_id': null, 'theme': 'pub/seedlet', 'target': 'wp_blog_id=70204527;language=en', '_': { 'title': 'Advertisement', 'privacy_settings': 'Privacy Settings' }, 'top': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135099 }, 'inline': { 'enabled': false, 'adflow_enabled': true, 'format_id': 110354, 'max_slots': 20, 'max_blaze_slots': 20 }, 'belowpost': { 'enabled': false, 'adflow_enabled': true, 'format_id': 134071 }, 'bottom_sticky': { 'enabled': false, 'adflow_enabled': true, 'format_id': 117571 }, 'sidebar': { 'enabled': false, 'adflow_enabled': true, 'format_id': 134686 }, 'sidebar_sticky_right': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135281 }, 'gutenberg_rectangle': { 'enabled': false, 'adflow_enabled': true, 'format_id': 134788 }, 'gutenberg_leaderboard': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135073 }, 'gutenberg_mobile_leaderboard': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135098 }, 'gutenberg_skyscraper': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135088 } }; wa_smart.cmd = []; </script> <script type="text/javascript"> function __ATA_CC() {var v = document.cookie.match('(^|;) ?personalized-ads-consent=([^;]*)(;|$)');return v ? 1 : 0;} var __ATA_PP = { 'pt': 0, 'ht': 1, 'tn': 'seedlet', 'uloggedin': 0, 'amp': false, 'consent': __ATA_CC(), 'gdpr_applies': false, 'ad': { 'label': { 'text': 'Advertisements' }, 'reportAd': { 'text': 'Report this ad' } }, 'disabled_slot_formats': [], 'siteid': 70204527, 'afp_ad_client': 'pub-6694573643007653' }; var __ATA = __ATA || {}; __ATA.cmd = __ATA.cmd || []; __ATA.criteo = __ATA.criteo || {}; __ATA.criteo.cmd = __ATA.criteo.cmd || []; </script> <script type="text/javascript"> (function(){var g=Date.now||function(){return+new Date};function h(a,b){a:{for(var c=a.length,d="string"==typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a)){b=e;break a}b=-1}return 0>b?null:"string"==typeof a?a.charAt(b):a[b]};function k(a,b,c){c=null!=c?"="+encodeURIComponent(String(c)):"";if(b+=c){c=a.indexOf("#");0>c&&(c=a.length);var d=a.indexOf("?");if(0>d||d>c){d=c;var e=""}else e=a.substring(d+1,c);a=[a.substr(0,d),e,a.substr(c)];c=a[1];a[1]=b?c?c+"&"+b:b:c;a=a[0]+(a[1]?"?"+a[1]:"")+a[2]}return a};var l=0;function m(a,b){var c=document.createElement("script");c.src=a;c.onload=function(){b&&b(void 0)};c.onerror=function(){b&&b("error")};a=document.getElementsByTagName("head");var d;a&&0!==a.length?d=a[0]:d=document.documentElement;d.appendChild(c)}function n(a){var b=void 0===b?document.cookie:b;return(b=h(b.split("; "),function(c){return-1!=c.indexOf(a+"=")}))?b.split("=")[1]:""}function p(a){return"string"==typeof a&&0<a.length} function r(a,b,c){b=void 0===b?"":b;c=void 0===c?".":c;var d=[];Object.keys(a).forEach(function(e){var f=a[e],q=typeof f;"object"==q&&null!=f||"function"==q?d.push(r(f,b+e+c)):null!==f&&void 0!==f&&(e=encodeURIComponent(b+e),d.push(e+"="+encodeURIComponent(f)))});return d.filter(p).join("&")}function t(a,b){a||((window.__ATA||{}).config=b.c,m(b.url))}var u=Math.floor(1E13*Math.random()),v=window.__ATA||{};window.__ATA=v;window.__ATA.cmd=v.cmd||[];v.rid=u;v.createdAt=g();var w=window.__ATA||{},x="s.pubmine.com"; w&&w.serverDomain&&(x=w.serverDomain);var y="//"+x+"/conf",z=window.top===window,A=window.__ATA_PP&&window.__ATA_PP.gdpr_applies,B="boolean"===typeof A?Number(A):null,C=window.__ATA_PP||null,D=z?document.referrer?document.referrer:null:null,E=z?window.location.href:document.referrer?document.referrer:null,F,G=n("__ATA_tuuid");F=G?G:null;var H=window.innerWidth+"x"+window.innerHeight,I=n("usprivacy"),J=r({gdpr:B,pp:C,rid:u,src:D,ref:E,tuuid:F,vp:H,us_privacy:I?I:null},"","."); (function(a){var b=void 0===b?"cb":b;l++;var c="callback__"+g().toString(36)+"_"+l.toString(36);a=k(a,b,c);window[c]=function(d){t(void 0,d)};m(a,function(d){d&&t(d)})})(y+"?"+J);}).call(this); </script> <script> var sas_fallback = sas_fallback || []; sas_fallback.push( { tag: "<div id="atatags-702045271-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-702045271-{{unique_id}}\',location: 120,formFactor: \'001\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'belowpost' }, { tag: "<div id="atatags-702045271-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-702045271-{{unique_id}}\',location: 310,formFactor: \'001\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'inline' }, { tag: "<div id="atatags-702045271-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-702045271-{{unique_id}}\',location: 140,formFactor: \'003\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'sidebar' }, { tag: "<div id="atatags-702045271-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-702045271-{{unique_id}}\',location: 110,formFactor: \'002\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'top' } ); </script><link rel="icon" href="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=32" sizes="32x32" /> <link rel="icon" href="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=192" sizes="192x192" /> <link rel="apple-touch-icon" href="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=180" /> <meta name="msapplication-TileImage" content="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=270" /> </head> <body class="home blog wp-embed-responsive customizer-styles-applied hfeed has-main-navigation jetpack-reblog-enabled"> <div id="page" class="site"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a> <header id="masthead" class="site-header header_classes has-title-and-tagline has-menu" role="banner"> <div class="site-branding"> <h1 class="site-title"><a href="https://arthurvandermerwe.com/" rel="home">Cryptography & Payments</a></h1> <p class="site-description"> Arthur Van Der Merwe </p> </div> <nav id="site-navigation" class="primary-navigation" role="navigation" aria-label="Main"> <button id="primary-close-menu" class="button close"> <span class="dropdown-icon close">Close <svg class="svg-icon" width="24" height="24" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12 10.9394L5.53033 4.46973L4.46967 5.53039L10.9393 12.0001L4.46967 18.4697L5.53033 19.5304L12 13.0607L18.4697 19.5304L19.5303 18.4697L13.0607 12.0001L19.5303 5.53039L18.4697 4.46973L12 10.9394Z" fill="currentColor"/></svg></span> <span class="hide-visually collapsed-text">collapsed</span> </button> <div class="primary-menu-container"><ul id="menu-financial-switching-1" class="menu-wrapper"><li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-239"><a href="https://arthurvandermerwe.com/category/hsm/">HSM</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-240"><a href="https://arthurvandermerwe.com/category/cryptography-2/">Cryptography</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-241"><a href="https://arthurvandermerwe.com/category/financial-switching/">Financial Switching</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-242"><a href="https://arthurvandermerwe.com/category/atm-tracing/">ATM Tracing</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-27"><a href="https://arthurvandermerwe.com/downloads/">Downloads</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-5"><a href="https://arthurvandermerwe.com/about/">About</a></li> </ul></div> </nav> <div class="menu-button-container"> <button id="primary-open-menu" class="button open"> <span class="dropdown-icon open">Menu <svg class="svg-icon" width="24" height="24" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M4.5 6H19.5V7.5H4.5V6ZM4.5 12H19.5V13.5H4.5V12ZM19.5 18H4.5V19.5H19.5V18Z" fill="currentColor"/></svg></span> <span class="hide-visually expanded-text">expanded</span> </button> </div> <div class="menu-button-container"> </div> </header> <div id="content" class="site-content"> <section id="primary" class="content-area"> <main id="main" class="site-main" role="main"> <article id="post-318" class="post-318 post type-post status-publish format-standard sticky hentry category-cryptography-2 category-financial-switching entry"> <header class="entry-header default-max-width"> <span class="sticky-post">Featured</span><h2 class="entry-title"><a href="https://arthurvandermerwe.com/2020/02/16/a-brief-comparison-of-as2805-and-key-blocks/" rel="bookmark">A brief comparison of AS2805 and (TR-31) Key Blocks</a></h2> </header> <div class="entry-content"> <p>Recently PCI-SSC released PCI industry standards and clarifying.FAQ’s mandating that encryption keys should be managed in structures called Key Blocks. Key Blocks are defined in the ANSI TR-31 Technical Report and ISO 20038 Standard. Similarly, there are concerns about the use of key variants in some regions. Late in 2019 PCI-SSC also published a process of obtaining “equivalency” with Key Blocks. Requirements 18-3 in the PCI-PIN Standard captures this neatly:</p> <hr /> <p>18-3 Encrypted symmetric keys must be managed in structures called key blocks. The key usage must be cryptographically bound to the key using accepted methods.</p> <p>The phased implementation dates are as follows:</p> <ul> <li>Phase 1 – Implement Key Blocks for internal connections and key storage within Service Provider Environments – this would include all applications and databases connected to hardware security modules (HSM). Effective date: 1 June 2019.</li> <li>Phase 2 – Implement Key Blocks for external connections to Associations and Networks. Effective date: 1 June 2021.</li> <li>Phase 3 – Implement Key Block to extend to all merchant hosts, point-of-sale (POS) devices and ATMs. Effective date: 1 June 2023. Acceptable methods of implementing the integrity requirements include, but are not limited to:</li> </ul> <ul> <li>A MAC computed over the concatenation of the clear-text attributes and the enciphered portion of the key block, which includes the key itself,</li> </ul> <ul> <li>A digital signature computed over that same data,</li> </ul> <ul> <li>An integrity check that is an implicit part of the key-encryption process such as that which is used in the AES key-wrap process specified in ANSI X9.102.<br /> <hr /> </li> </ul> <p>Changing key management schemes is obviously a big program of work for both terminal manufacturers and acquirers, especially for countries whose entire local debit system is based on variants and do not use Key Blocks. This would certainly have catastrophic consequences. We could possibly see local debit systems, like EFTPOS in Australia, being excluded from transaction processing. That is unless they comply with this requirement. We have to keep in mind that PCI creates industry standards, applied in various regions. Some regions use fixed keys, don’t implement dynamic key exchange models and rely on the expertise of PCI and their industry standards. However, some regions like Australia created dynamic key exchange standards, like in AS2805, and enforced these standards, though the Payments System Self Regulator, Australian Payments Network (APCA). PCI has recognized the potential issue for excluding players in the payments ecosystem and has created a process for defining “equivalency” against Key Blocks. I will attempt to answer three questions in this blog:</p> <ol> <li>What is equivalent to Key Blocks?</li> <li>Why are variants so insecure.</li> <li>Australian Standards (AS2805) use variants?</li> </ol> <p>Before we start, I have to clarify a few points:</p> <ol> <li>The Payment Card Industry Security Standards Council (PCI-SSC) is not a standards body. PCI-SSC is a commercial company wholly owned by the card schemes (Mastercard, Visa, Amex and others). Participation in PCI-SSC is not open to industry players, all industry standards published at PCI are approved by the management members of the card schemes who may change standards as they see fit. Only card scheme participants have voting rights, and the standard consensus is conducted under a non-collusion policy. The PCI-SSC publish industry standards but do not enforce them. Card Schemes enforce PCI Standards and may wave requirements as they see fit.</li> <li>AS2805 -Australian Standards is a standards-setting body, and its participants sit on international standard bodies, ISO/IEC. Participation in Australian Standards is open to industry participants. Standards are published by participant consensus. AS2805 standards are enforced by the Australian Payments Network and implemented by all Acquirers and Issuers in Australia. Other regions use AS2805, such as New Zealand, Fiji, and others. AusPayNet does not wave any security requirements and run a compliance program to monitor Acquirers and Issuers.</li> </ol> <h2>What is equivalent to Key Blocks?</h2> <p>In January 2020 PCI-SSC released an FAQ to clarify the process of determining equivalency against Key blocks. This is captured by Q26:</p> <hr /> <p>Equivalent methods must be subject to an independent expert review and said review is publicly available:</p> <p>▪ The review by the independent expert must include proof that in the equivalent method the encrypted key and its attributes in the Key Block have integrity protection such that it is computationally infeasible for the key to be used if the key or its attributes have been modified. The modification includes, but is not limited to:</p> <p>o Changing or replacing any bit(s) in the attributes or encrypted key</p> <p>o Interchanging any bits of the protected Key Block with bits from another part of the block</p> <ul> <li>The independent expert must be qualified via a combination of education, training and experience in cryptology to provide objective technical evaluations that are independent of any ties to vendors and special interests. Independent expert is further defined below.</li> <li>The PTS laboratory will validate that any device vendors implementing this methodology have done so following all guidelines of said evaluation and peer review, including any recommendations for associated key management.</li> </ul> <p>An Independent Expert possesses the following qualifications:</p> <ul> <li>Holds one or more professional credentials applicable to the field, e.g., doctoral-level qualifications in a relevant discipline or government certification in cryptography by an authoritative body (e.g., NSA, CES, or GCHQ) and</li> <li>▪ Has ten or more years of experience in the relevant subject and</li> <li>▪ Has published at least two articles in peer-reviewed publications on the relevant subject or</li> <li>▪ Is recognized by his/her peers in the field (e.g., awarded the Fellow or Distinguished Fellow or similar professional recognition by an appropriate body, e.g., ACM, BCS, IEEE, IET, IACR) and</li> </ul> <p>Subscribes to an ethical code of conduct and would be subject to an ethics compliance process if warranted. Independence requires that the entity is not subject to control, restriction, modification, or limitation from a given outside source. Specifically, independence requires that a person, firm or corporation who holds itself out for employment as a cryptologist or similar expert to more than one client company is not a regular employee of that company, does not work exclusively for one company and were paid, is paid in each case assigned for time consumed and expenses incurred.</p> <hr /> <p>Let me first note the first paragraph in the TR-31 Standard:</p> <p>From the introduction, “The retail financial transactions industry has in the past lacked an interoperable method for secure key exchange. While this has always been an issue, the move from Single DES to Triple DEA (TDEA) encryption made this issue more acute, as methods for the secure exchange of TDEA keys are non-obvious. This Technical Report is intended to give the reader an implementation that meets the requirements for secure key management as set forth in ANS X9.24 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques.”</p> <hr /> <p>And Later in the standard, we see:</p> <hr /> <p>“This document is not a security standard and is not intended to establish security requirements. It is intended instead to provide an interoperable method of implementing security requirements and policies.”</p> <hr /> <p>It would appear that equivalency is confused with interoperability. If the intention of Key Blocks is to provide a global interoperable method then it would certainly foster innovation and remove regional boundaries. The PCI FAQ sadly does not reflect this, instead, it cites security concerns with no proof. Yet, we should prove cryptographic schemes are “equivalent” to an interoperability standard. Does this sound fair? Additionally, the TR-31 scheme is a technical report, far from a security standard, however, I believe that ANSI is working on a formal TR-31 Standard probably due to increased pressure from PCI. The TR-31 Standards also say that the patent holder will provide a license to use the scheme for a reasonable fee. Who is this license holder? Where should we buy this license if we are to comply? Let us see if AS2805 is equivalent to Key Blocks. To prove equivalency we need three things:</p> <ol> <li>Message Integrity, a MAC computed on the key and its attributes or a digital signature.</li> <li>The purpose of the key bounded to the key itself, such that the MAC will fail if the attributes are modified.</li> <li>A mode of operation that prevents bit interchangement, such as CBC or GCM.</li> </ol> <p>So let’s review TR-31 Key Blocks. Focusing on key generation, a system would generate a Key Block Protection Key (KBPK), and then derive a Key Block Encryption Key (KBEK) and a Key Block Authentication Key (KBAK). If one wants to protect a key in the payments system, you first need to define the purpose of the key and additional header information. The key is then encrypted, and a MAC is computed over the key and its clear text attributes. These operations occur in an HSM or payment terminal. If a system (like an HSM or a Terminal) wants to use the key they would verify the MAC, then ensure the purpose of the key matches the operation being performed. This sounds simple. Any system that implements Key Blocks would be able to use the key effectively systems would be interoperable. Based on the equivalency requirements we can see that the MAC provides integrity protection and the clear text attributes specify the key attributes and will fail if the attributes are modified. The mode of operation is implicit in the key protection mechanism.</p> <p>In AS2805, we apply a MAC on every transaction message binding all transaction attributes to the key usage. The key purpose of the key is enforced by applying a purpose bit to the encryption key by a xor operation. This operation binds the key with its purpose. The AS2805 Standards refer to this as a “variant bit”. AS2805 enforces the use of CBC mode of operation for all symmetric encryption.</p> <p>So let’s review the equivalence requirements:</p> <ol> <li>MAC – Keys have integrity protection in transaction messages.</li> <li>Key Purpose is enforced by a key purpose bit applied to the key.</li> <li>AS2805 enforces the use of CBC mode of operation.</li> </ol> <p>The only place where there is a mismatch between AS2805 and TR-31 is in host stored keys. AS2805 does not enforce integrity on stored keys, this is largely left to vendors and their HSM implementations. Thales HSM’s only use host stored keys, while Gemalto HSM’s store keys inside the HSM, which is accessible via indexes. Gemalto Payments HSM’s enforce integrity protection for HSM stored keys, while this may be implemented by a Thales host function.</p> <p>What does this mean? does the absence of a MAC in host stored keys make the system vulnerable? Can you change the purpose of a key? Well Yes, if you have access to it.</p> <p>For a host stored key <img src="https://s0.wp.com/latex.php?latex=K+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=K+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=K+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="K " class="latex" /> encrypted under the LMK <img src="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P" class="latex" />, with a purpose-bit <img src="https://s0.wp.com/latex.php?latex=B+%5Coplus+%28K_P%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=B+%5Coplus+%28K_P%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=B+%5Coplus+%28K_P%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="B \oplus (K_P)" class="latex" /> where <img src="https://s0.wp.com/latex.php?latex=B+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=B+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=B+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="B " class="latex" />is the PIN Encryption purpose-bit. We can change the purpose if we have Data Decryption purpose-bit <img src="https://s0.wp.com/latex.php?latex=D+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=D+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=D+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="D " class="latex" />. To do this we apply <img src="https://s0.wp.com/latex.php?latex=%28+B%C2%A0%5Coplus%28K_P%29%29+%5Coplus+B+%3D+K_P&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%28+B%C2%A0%5Coplus%28K_P%29%29+%5Coplus+B+%3D+K_P&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%28+B%C2%A0%5Coplus%28K_P%29%29+%5Coplus+B+%3D+K_P&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="( B \oplus(K_P)) \oplus B = K_P" class="latex" /> to cancel out the applied purpose-bit, then apply <img src="https://s0.wp.com/latex.php?latex=%28D+%5Coplus+K_P%29+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%28D+%5Coplus+K_P%29+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%28D+%5Coplus+K_P%29+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="(D \oplus K_P) " class="latex" /> to change the purpose. If the key is used as input to a data decryption function we could decrypt PIN data. Effectively we compute <img src="https://s0.wp.com/latex.php?latex=%28B+%5Coplus+%28K_P%29+%5Coplus+B%29+%5Coplus+D+%3D+D%28K_P%29+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%28B+%5Coplus+%28K_P%29+%5Coplus+B%29+%5Coplus+D+%3D+D%28K_P%29+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%28B+%5Coplus+%28K_P%29+%5Coplus+B%29+%5Coplus+D+%3D+D%28K_P%29+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="(B \oplus (K_P) \oplus B) \oplus D = D(K_P) " class="latex" /> The problem with this attack is the fact that an attacker would need access to the HSM where the LMK <img src="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P" class="latex" /> is loaded and have access to run arbitrary functions. Dual control requirements are certainly a set of controls that could mitigate this, but what else can be done. We see in Thales that host stored keys are encrypted using the Local Master Key (LMK), we could have an additional LMK which we could use to generate MAC’s and store the MAC with host stored keys and validate the MAC on each key before executing an HSM function. This method would, in fact, invalidate the attack and make key storage equivalent to the Key Block mechanisms. In the meantime, this attack to repurpose keys is possible and well known.</p> <p>The question remains: Is AS2805 equivalent to Key Blocks? I would say NO, the same protections are applied to keys in transit, but not in storage. An attacker can change the purpose of the keys but would have great difficulty using them. But the important question is: Is it interoperable? Well, that’s a big NO. Once Key Blocks are enabled on an HSM, variants are not able to run. (in Thales) In Gemalto HSMs variant and key blocks are handled by two different MFKs and translating between them is not allowed. If the LMK is in key blocks then ALL. keys are in Key Blocks. This in effect means that an organisation who need to run both Key Blocks and non-key blocks need duplicate systems. The AS2805 key scheme is, however, interoperable in Australia where all participants use the same key management standard. Anyone running Key Blocks cannot transact in Australia. The Australian key scheme pre-dates PCI-SSC and we have not seen a breach of the cryptographical standards since the inception. Even though this attack is well known. Card Systems in Australia has some of the lowest fraud rates in the world. I do however have to note that the use of 3DES is drawing to a close, as the usage should not continue after 2030 (as per ISO). Australian Standards and industry partners are working on defining the use of AES cryptography in payments and have recently adopted AS 20038 Key Blocks as part of their program of work. We would certainly see industry movements to adopt a new key management scheme where changing a key purpose is infeasible.</p> <h2>Why are variants so insecure.</h2> <p>A key variant is a public mechanism to compute encryption keys from a master key. This process is reversible. i.e. if an attacker knows a key, he can compute other variants of the key. Additionally, if he knows the variants then he can change the applied variant. We see that DUKPT use variants to compute future keys derived from an IPEK and additional information. The additional information is normally private and not subject to the same attacks. Many organizations advocate the depreciation of variants because of the reversibility, and rightly so. Any key scheme that breaks both forward and backward security is not a good key scheme. This brings me to my final question.</p> <h2>Do Australian Standards (AS2805) use variants?</h2> <p>Everywhere in the AS2805 series, variants are mentioned, but is this really variants? The AS2805.5.4 Standard use “variants” to calculate master keys, but if you inspect this closely you would see that the method of calculation is, in fact, one-way for KEK keys only. The one-way function is a non-reversible method of merging a key and data to produce an output of the same length, where all of the output data depends on the input data. Even if the output and parts of the input variables, key or data, are known it remains infeasible to. reconstruct the remainder of the inputs except by exhaustion.</p> <p>So to answer the heading: Australia does not use variants? YES, confused? Australia uses variant bits applied to keys to derive keys for different purposes, KEK keys are generated by a non-reversible method, called a one-way function (OWF). Session keys that protect data and PIN blocks are in fact variants.</p> <p>The key purpose-bit used to restrict encryption keys are normally referred to as key variants. This is because a key may have multiple variants. i.e. if a key is used for data encryption we apply one variant and MAC calculation another variant. The reference to the variants and OWF is certainly confusing, especially for individuals and organizations who are not familiar with the Australian Key Scheme. I hope there would be a push to remove “variants” from the Australian Standards and replace it with “non-reversible key calculation” or random keys.</p> <h2>In Closing</h2> <p>Changing a key purpose have been a problem since the inception of cryptographic standards in Australia, but due to the strong compliance programs run by Payments self Regulators, there has not been a single attack. The eHub and local debit systems all use the same AS2805 cryptographical standard. Moving all systems to key blocks would be a billion-dollar industry project, as it may require new infrastructure and running duplicate systems while maintaining interoperability with existing networks. This is certainly a long term project, with broad stakeholder participation. In the meantime, strict key management controls, dynamic key exchange models and strong self-regulation have mitigated any attacks on the Australian Card Payment Systems. So the question is: Should Australia move to key blocks and AES? If I can put it simply, Yes.</p> <p>I have written an acedemic paper on this topic showing that there is no ‘equivelency’ between TR-31 and AS 2805.</p> <p><a title="Security_in_banking" href="https://www.researchgate.net/publication/343982561_Security_in_banking">Security in banking – preprint</a></p> <p>Hopefully, it will be published in a journal soon..</p> <p>This article is my opinion and does not reflect the position of any industry regulator or standards body.</p> <p>Easy as pie.</p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2020/02/16/a-brief-comparison-of-as2805-and-key-blocks/" rel="bookmark"><time class="entry-date published" datetime="2020-02-16T19:55:54+11:00">February 16, 2020</time><time class="updated" datetime="2020-10-06T16:33:10+11:00">October 6, 2020</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/cryptography-2/" rel="category tag">Cryptography</a>, <a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2020/02/16/a-brief-comparison-of-as2805-and-key-blocks/#comments">1 Comment<span class="screen-reader-text"> on A brief comparison of AS2805 and (TR-31) Key Blocks</span></a></span> </footer> </article> <article id="post-200" class="post-200 post type-post status-publish format-standard sticky hentry category-cryptography-2 category-financial-switching category-hsm tag-cryptography tag-zmk tag-zpk entry"> <header class="entry-header default-max-width"> <span class="sticky-post">Featured</span><h2 class="entry-title"><a href="https://arthurvandermerwe.com/2016/09/04/importing-zpk-and-zmk-into-thales-payshield-9000-hsm/" rel="bookmark">Importing ZPK and ZMK into Thales Payshield 9000 HSM</a></h2> </header> <div class="entry-content"> <p><strong>ZMK</strong></p> <p>Zone Master Key (ZMK) also known as an <strong>Interchange key (IK)</strong>, is a key-encrypting key which is distributed manually between two communicating sites, within a shared network, in order that further keys can be exchanged automatically. The ZMK is used to encrypt keys of a lower level (e.g. ZPK) for transmission.</p> <p>The ZMK is exchanged using secured methods and Split knowledge policy. The IK is split into two components that are sent by two separate physical couriers to two nominated Security Officers of the other party. This is one of the most secure way to do it since no single person gains knowledge of the clear ZMK.</p> <p>Here is the detailed Process. please note values indicated here are for testing only, in live environment the values will be exchanged securely.</p> <hr /> <p><strong>Build ZMK Key manually:</strong></p> <p>This key is generated by two components, lets call them K1 and K2. To obtain the ZMK Key,</p> <div class="highlighter-rouge"> <pre class="highlight"><code>ZMK = K1 XOR K2 </code></pre> </div> <p>Test values provided,</p> <div class="highlighter-rouge"> <pre class="highlight"><code>K1 (clear) = 6D6B E51F 04F7 6167 4915 54FE 25F7 ABEF K2 (clear) = 6749 9B2C F137 DFCB 9EA2 8FF7 57CD 10A7 ZMK (clear) key = K1 XOR K2 = 0A227E33F5C0BEACD7B7DB09723ABB48; KCV = 05EE1D </code></pre> <hr /> </div> <p><strong>Import ZMK into HSM</strong></p> <div class="highlighter-rouge"> <pre class="highlight"><code>FK Key length [1,2,3]: 2 Key Type: 000 Key Scheme: U Component type [X,H,E,S]: X Enter number of components (2-9): 2 Enter component #1: 6D6BE51F04F76167491554FE25F7ABEF Enter component #2: 67499B2CF137DFCB9EA28FF757CD10A7 Encrypted key: U E685 8676 0A16 3026 C297 1007 3AB2 D7BE Key check value: 05EE1D </code></pre> </div> <p><strong>ZPK</strong></p> <p>Zone PIN Key (ZPK) also known as a A <strong>PIN Protection Key (PPK)</strong>, is a data encrypting key which is distributed automatically and is used to encrypt PINs. For security and protocol reasons the HSM where this key generated, never exposes the ZPK in clear. But it can be exported using another key called ZMK (Interchange Key). In this context exports actually means use the ZMK Key to encrypt the ZPK and give back to the user.</p> <hr /> <p><strong>Import ZPK</strong></p> <p>The following ZPK shared by communicating party, is encrypted under ZMK</p> <div class="highlighter-rouge"> <pre class="highlight"><code>ZPK encrypted under ZMK: AC4D3C5F603C1B502E5F45668A155C25 KCV: AFDA4F </code></pre> </div> <p>From the host application, send the <strong>A6</strong> commands with required arguments as following,</p> <p>HSM Command:</p> <div class="highlighter-rouge"> <pre class="highlight"><code>0000A6001UE68586760A163026C29710073AB2D7BEXAC4D3C5F603C1B502E5F45668A155C25U00 </code></pre> </div> <p>Where,</p> <blockquote><p>Atalla Variant = 00<br /> Encrypted PPK Key = AC4D…….5C25<br /> Key Scheme= X<br /> Key Scheme LMK= U<br /> Key Type = 001<br /> ZMK = E68586760……..D7BE<br /> ZMK Scheme = U</p></blockquote> <div class="highlighter-rouge"> <pre class="highlight"><code>Response: 0000A700U5F2DC42E10C92B16BA54802314CE95F5AFDA4F ZPK under LMK: U5F2DC42E10C92B16BA54802314CE95F5 KCV: AFDA4F </code></pre> </div> <p>Here we can compare KCV (AFDA4F) to check if key is imported successfully.</p> <hr /> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2016/09/04/importing-zpk-and-zmk-into-thales-payshield-9000-hsm/" rel="bookmark"><time class="entry-date published" datetime="2016-09-04T14:13:40+10:00">September 4, 2016</time><time class="updated" datetime="2016-12-19T06:23:08+11:00">December 19, 2016</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/cryptography-2/" rel="category tag">Cryptography</a>, <a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a>, <a href="https://arthurvandermerwe.com/category/hsm/" rel="category tag">HSM</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/cryptography/" rel="tag">cryptography</a>, <a href="https://arthurvandermerwe.com/tag/zmk/" rel="tag">ZMK</a>, <a href="https://arthurvandermerwe.com/tag/zpk/" rel="tag">ZPK</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2016/09/04/importing-zpk-and-zmk-into-thales-payshield-9000-hsm/#comments">2 Comments<span class="screen-reader-text"> on Importing ZPK and ZMK into Thales Payshield 9000 HSM</span></a></span> </footer> </article> <article id="post-138" class="post-138 post type-post status-publish format-standard sticky hentry category-financial-switching category-uncategorized tag-ans-x9-24 tag-bdk tag-desdecrypt tag-desencrypt tag-iksns tag-ipek tag-ksn tag-tripledesdecrypt tag-tripledesencrypt entry"> <header class="entry-header default-max-width"> <span class="sticky-post">Featured</span><h2 class="entry-title"><a href="https://arthurvandermerwe.com/2015/05/30/dukpt-explained-with-examples/" rel="bookmark">DUKPT Explained with examples</a></h2> </header> <div class="entry-content"> <p>Derived Unique Key Per Transaction (DUKPT) process that’s described in Annex A of ANS X9.24-2004.</p> <p>It’s generally considered to be complex, but I’ve simplified it slightly with the help of online resources.</p> <h2>Key Management<br /> <a id="user-content-usage" class="anchor" href="#usage"></a></h2> <p>Here’s a basic outline of the technique:</p> <ol> <li>You’re given a Base Derivation Key (BDK), which you assign to a swiper (note that the same BDK <em>can</em> be assigned to multiple swipers).</li> <li>You’ll use the BDK along with the device’s own unique Key Serial Number (KSN) to generate an Initial PIN Encryption Key (IPEK) for the device.</li> <li>You’ll assign this IPEK to a swiper, which uses it to irreversibly generate a list of future keys, which it’ll use to encrypt its messages.</li> <li>The swiper’s KSN is used along with one of its future keys to encrypt a message, and after each swipe it’ll increment the value of its KSN.</li> <li>Whenever a swiper takes a card it formats the card’s information into a series of tracks, each track having a particular set of information (e.g. card number, holder’s name, expiration date).</li> <li>The swiper usually encrypts these tracks using one of its generated future keys (called the “Session Key”) along with its current KSN. It’ll then increment the value of its KSN and discard the future key it used.</li> <li>At this point you’ll probably have an encrypted track along with the KSN the swiper used to encrypt it.</li> <li>It’s your responsibility to determine what BDK was used to initialize this device, and from there you’ll use the BDK and KSN to rederive the IPEK, which is used to rederive the Session Key, which is finally used to decrypt the message.</li> </ol> <p>There’s a lot of technical information to be said about key management, but this isn’t the place for that. In some cases your provider/manufacturer (e.g. MagTek) will supply you with swipers that need to be initialized with an IPEK, and your supplier will usually have a manual that walks you through that process. If you’re doing encryption/decryption through a third party who also supplies swipers, they may have already loaded the devices with that information; what’s more is they may not even given you the BDK that belongs to your device in order to reduce the risk of security threats.</p> <hr /> <p><strong>Note:</strong> Key management is beyond the scope of this explanation. Whatever you do with your keys, just make sure it’s secure.</p> <hr /> <p>One methodology I’ve seen that’ll allow you to associate a particular KSN to a BDK is to take the current KSN you’ve been given, mask it to retrieve the Initial Key Serial Number (IKSN), and look up the BDK in a table that maps IKSNs to BDKs:</p> <p>Example:</p> <pre><code>ksn = FFFF9876543210E00008 iksn = ksn & FFFFFFFFFFFFFFE00000 // FFFF9876543210E00000 </code></pre> <p>You’d then have a table that looks like:</p> <table> <thead> <tr> <th align="center">IKSN</th> <th align="center">BDK</th> </tr> </thead> <tbody> <tr> <td align="center">0xFFFF9876543210E00000</td> <td align="center">0123456789ABCDEFFEDCBA9876543210</td> </tr> <tr> <td align="center">…</td> <td align="center">…</td> </tr> </tbody> </table> <p>From which you could easily grab the BDK <code>0123456789ABCDEFFEDCBA9876543210</code>.</p> <h2><a id="user-content-algorithm" class="anchor" href="#algorithm"></a>Algorithm</h2> <hr /> <p><strong>Note:</strong> Assume that all numeric values are hexadecimal numbers, or the representation of a sequence of bytes as a hexadecimal number.</p> <hr /> <p>The following are the BDK, KSN, and encrypted track message (cryptogram) we’ve been given:</p> <pre><code>bdk = 0123456789ABCDEFFEDCBA9876543210 ksn = FFFF9876543210E00008 cryptogram = C25C1D1197D31CAA87285D59A892047426D9182EC11353C051ADD6D0F072A6CB3436560B3071FC1FD11D9F7E74886742D9BEE0CFD1EA1064C213BB55278B2F12 </code></pre> <p>Here’s an example of the unencrypted track 1 data (cryptogram above), and below that is its value in hex; this is what we’ll get after successfully decrypting the cryptogram:</p> <pre><code>%B5452300551227189^HOGAN/PAUL ^08043210000000725000000? 2542353435323330303535313232373138395E484F47414E2F5041554C2020202020205E30383034333231303030303030303732353030303030303F00000000 </code></pre> <hr /> <p><strong>Note:</strong> As you’re probably already aware, this algorithm is best described using big numbers, which can’t be represented as literals in some programming languages (like Java or C#). However, many languages have classes that allow you to represent big numbers in other ways (e.g., java.math.BigInteger, System.Numerics.BigInteger). It’s your job to adapt this algorithm so that it can be represented in your language of choice. Two small problems I encountered were ensuring the correct endianness and signedness were being used (this algorithm requires the byte order to be big endian and that unsigned integers are used). I made a utility class called BigInt to do this for me.</p> <hr /> <p>First, let’s define a few standard functions:</p> <ul> <li><a href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">DES</a> and <a href="http://en.wikipedia.org/wiki/Triple_DES">Triple DES</a> refer to their respective cryptographic algorithms. Most programming languages have access to some implementation of these ciphers either through OpenSSL or Bouncy Castle. These ciphers are initialized with a zeroed out IV of 8 bytes, they’re zero-padded, and use Cipher-Block Chaining (CBC). Let’s define the signatures for these standard functions that’ll be used throughout this algorithm: <ul> <li><code>DesEncrypt(key, message) -> returns cryptogram</code></li> <li><code>DesDecrypt(key, cryptogram) -> returns message</code></li> <li><code>TripleDesEncrypt(key, message) -> returns cryptogram</code></li> <li><code>TripleDesDecrypt(key, cryptogram) -> returns message</code></li> </ul> </li> </ul> <p>First we must create the IPEK given then KSN and BDK:</p> <pre><code>CreateIpek(ksn, bdk) { return TripleDesEncrypt(bdk, (ksn & KsnMask) >> 16) << 64 | TripleDesEncrypt(bdk ^ KeyMask, (ksn & KsnMask) >> 16) } </code></pre> <p>Now we can get the IPEK:</p> <pre><code>ipek = CreateIpek(ksn, bdk) = CreateIpek(FFFF9876543210E00008, 0123456789ABCDEFFEDCBA9876543210) = 6AC292FAA1315B4D858AB3A3D7D5933A </code></pre> <p>After that we need a way to get the Session Key (this one is more complicated):</p> <pre><code>CreateSessionKey(ipek, ksn) { return DeriveKey(ipek, ksn) ^ FF00000000000000FF } </code></pre> <p>The DeriveKey method finds the IKSN and generates session keys until it gets to the one that corresponds to the current KSN. We define this method as:</p> <pre><code>DeriveKey(ipek, ksn) { ksnReg = ksn & FFFFFFFFFFE00000 curKey = ipek for (shiftReg = 0x100000; shiftReg > 0; shiftReg >>= 1) if ((shiftReg & ksn & 1FFFFF) > 0) curKey = GenerateKey(curKey, ksnReg |= shiftReg) return curKey } </code></pre> <p>Where the GenerateKey method looks like:</p> <pre><code>GenerateKey(key, ksn) { return EncryptRegister(key ^ KeyMask, ksn) << 64 | EncryptRegister(key, ksn) } </code></pre> <p>And EncryptRegister looks like:</p> <pre><code>EncryptRegister(key, reg) { return (key & FFFFFFFFFFFFFFFF) ^ DesEncrypt((key & FFFFFFFFFFFFFFFF0000000000000000) >> 64, key & FFFFFFFFFFFFFFFF ^ reg) } </code></pre> <p>Then you can generate the Session Key given the IPEK and KSN:</p> <pre><code>key = CreateSessionKey(ipek, ksn) = CreateSessionKey(6AC292FAA1315B4D858AB3A3D7D5933A, FFFF9876543210E00008) = 27F66D5244FF621EAA6F6120EDEB427F </code></pre> <p>Which can be used to decrypt the cryptogram:</p> <pre><code>message = TripleDesDecrypt(key, cryptogram) = TripleDesDecrypt(27F66D5244FF621EAA6F6120EDEB427F, C25C1D1197D31CAA87285D59A892047426D9182EC11353C051ADD6D0F072A6CB3436560B3071FC1FD11D9F7E74886742D9BEE0CFD1EA1064C213BB55278B2F12) = 2542353435323330303535313232373138395E484F47414E2F5041554C2020202020205E30383034333231303030303030303732353030303030303F00000000 = %B5452300551227189^HOGAN/PAUL ^08043210000000725000000? </code></pre> <p>That’s it, you’re done!</p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/05/30/dukpt-explained-with-examples/" rel="bookmark"><time class="entry-date published" datetime="2015-05-30T15:30:52+10:00">May 30, 2015</time><time class="updated" datetime="2015-05-30T15:37:00+10:00">May 30, 2015</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a>, <a href="https://arthurvandermerwe.com/category/uncategorized/" rel="category tag">Uncategorized</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/ans-x9-24/" rel="tag">ANS X9.24</a>, <a href="https://arthurvandermerwe.com/tag/bdk/" rel="tag">BDK</a>, <a href="https://arthurvandermerwe.com/tag/desdecrypt/" rel="tag">DesDecrypt</a>, <a href="https://arthurvandermerwe.com/tag/desencrypt/" rel="tag">DesEncrypt</a>, <a href="https://arthurvandermerwe.com/tag/iksns/" rel="tag">IKSNs</a>, <a href="https://arthurvandermerwe.com/tag/ipek/" rel="tag">IPEK</a>, <a href="https://arthurvandermerwe.com/tag/ksn/" rel="tag">KSN</a>, <a href="https://arthurvandermerwe.com/tag/tripledesdecrypt/" rel="tag">TripleDesDecrypt</a>, <a href="https://arthurvandermerwe.com/tag/tripledesencrypt/" rel="tag">TripleDesEncrypt</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/05/30/dukpt-explained-with-examples/#comments">18 Comments<span class="screen-reader-text"> on DUKPT Explained with examples</span></a></span> </footer> </article> <article id="post-131" class="post-131 post type-post status-publish format-standard sticky hentry category-financial-switching tag-3574932 tag-1799144 tag-diy tag-kca tag-kek1 tag-kek2 tag-keks tag-ki tag-kia tag-kmach tag-management-information tag-pksp tag-pos-terminal tag-ppasn tag-ppid tag-rsa tag-sktcu tag-tcu tag-terminal-manufacturer entry"> <header class="entry-header default-max-width"> <span class="sticky-post">Featured</span><h2 class="entry-title"><a href="https://arthurvandermerwe.com/2015/05/28/eftpos-initialisation-using-rsa-cryptography/" rel="bookmark">EFTPOS Initialisation using RSA Cryptography</a></h2> </header> <div class="entry-content"> <p>Before you start with RSA, you should generate a public and private key pair using your HSM. These can be group keys or specific to the terminal you need to connect. Your terminal manufacturer will also provide its public key and modulus. Using these keys you will be able to calculate the TMK1 and TMK2 and also your session keys. The process is in fact very simple.</p> <p>Here is an example of how to create these keys using a Thales HSM</p> <p>Generating an 1536 bit RSA Key</p> <p>Input</p> <pre><span style="color:#999999;"><em>001-EI2153601</em></span></pre> <p>Output</p> <pre><span style="color:#999999;">001-EJ00</span></pre> <pre><span style="color:#000000;">Public Key</span> <span style="color:#999999;">3081C80281C0A0FAFB1789B87F6F075B04FE60B5F20AC9D658E6C9B9B4E82AD41FD748A5A00CAF0A5691D2D01726AB073AFB7B91810430F240244E0D4737A397C747FC67C622B12E3654DCDF4F58EE29241616AE7EBA08A1E16DB79E09529FB6CA92213F2DFAB3F677793BF977D640107FBF9833842A0BFBF5F871709E78EE5A152E0BBBBBDDED80D193BAC3033FE412B3C420532A8B309942E76F7A9FB4475B8EDEFDDADC4C101FF02F74BEE0261C681E314124654C39411E2CE56FE719A45CA7592B8431D30203010001</span></pre> <pre><span style="color:#000000;">Private key length</span> <span style="color:#999999;">0488</span></pre> <pre><span style="color:#000000;">Private Key</span> <span style="color:#999999;">4E79F95F16AFF16278A893722DA94C8EBFEB013126EC0E98C9CBCBD99DB6D4E82336BD33631CB859D0506D4C2B69DAB818AEE965E73417006774DD746033A6F6EEC1AE3C823E3E20561C84B26885D9D9AE66A552864C75E2B8759B6909DA13CFE70FCB31358A56711549FB2ECC20E4EC3227309D074AE85307C98CF234AF115183716461A701E9FF877F118A5187C27D96B33BE88851ED75D71760DF671CBBA15F1EA7F54CC6205B6997669B6ED9C7448C3D0F451E229E44CC5474462D161A5A89E3D6A473080A8C734E4D5440D2E2A6530D5A848B8B2A0EE637ECF8F604D89449EA9922E115885C8024F6B765C16285C2FC5631CC8C437885170E96CD1D2CB748E4B7FE7FC40517705BC96C22C278BD15CEB51E4D49A722C09237E164D5091EBE847629488180972A1EF6626619B7A16F720D725EFB5C1164E44F915024414BEBF6CE6D258275398D35F38FDC2354F16CEECB7DA77D0E5EC3317D05B351D6938C888A88A9B588C8E88518EFD7581075CD6AA206690E865CA528D5BED5151B9BCAB892CCA49F43349F9F28C5502FC8CA5D2B6D84E57169AAD665961F28797995891B6520822134DBC92ADE13F4D154F520B5BD6EBEBF3620C3CEF941CF7A2302431FEB68C0093A0EE7CF14433F2E9E1A403E545FA96B4BF580D4C17FC26C6E93DADC23738B37E917</span></pre> <p>Generate a <span style="color:#333333;">MAC</span> on 1536 RSA key</p> <p>Input</p> <pre><span style="color:#999999;">002-EO01<3081C80281C0A0FAFB1789B87F6F075B04FE60B5F20AC9D658E6C9B9B4E82AD41FD748A5A00CAF0A5691D2D01726AB073AFB7B91810430F240244E0D4737A397C747FC67C622B12E3654DCDF4F58EE29241616AE7EBA08A1E16DB79E09529FB6CA92213F2DFAB3F677793BF977D640107FBF9833842A0BFBF5F871709E78EE5A152E0BBBBBDDED80D193BAC3033FE412B3C420532A8B309942E76F7A9FB4475B8EDEFDDADC4C101FF02F74BEE0261C681E314124654C39411E2CE56FE719A45CA7592B8431D30203010001></span></pre> <p>Output</p> <pre><span style="color:#999999;">002-EP00<<span style="color:#333333;">C905141E</span>><3081C80281C0A0FAFB1789B87F6F075B04FE60B5F20AC9D658E6C9B9B4E82AD41FD748A5A00CAF0A5691D2D01726AB073AFB7B91810430F240244E0D4737A397C747FC67C622B12E3654DCDF4F58EE29241616AE7EBA08A1E16DB79E09529FB6CA92213F2DFAB3F677793BF977D640107FBF9833842A0BFBF5F871709E78EE5A152E0BBBBBDDED80D193BAC3033FE412B3C420532A8B309942E76F7A9FB4475B8EDEFDDADC4C101FF02F74BEE0261C681E314124654C39411E2CE56FE719A45CA7592B8431D30203010101></span></pre> <p>This is a generic version of RSA encryption using POS pinheads, there are variations in the field. Please keep that in mind when reading this.</p> <p>Now when a POS terminal logs on for the first time it shall always logon using a 9820 message with a network management information code of 191, containing the TCU public key signed by the manufacturer’s secret key, and the un-enciphered PPID.</p> <p>The Financial Switch shall respond with a 9830 message with the same network management information code, communicating the public key of the sponsor host (PKsp), and a random number.</p> <p>The PIN Pad shall then generate the KI and send a 9820 message with a network management information code of 192 to the Financial Switch, containing the KI, PPID, date & time stamp, the random number and user data enciphered under the Financial Switch’s public key (PKsp) and signed by the TCU’s secret key (SKtcu). You will need to extract this information using your HSM H8 command, example below:</p> <p>Input Data:</p> <pre><span style="color:#999999;"><em>001-H801<FDC694A6></em></span> <span style="color:#999999;"><em><30550250AB378F98E373BBC6FA5E698F4F095A6D693A851E53C35CC9633947399C09D70932776DBEA5F2F0F0C4DAB4693CACB4D07B19242FF0435C55E3D4E28EFD563457F7EBA31BE1123DEA78CEC1573716130B020103></em></span> <span style="color:#999999;"><em>;990192</em></span> <span style="color:#999999;"><em><99658789F42672E7C51CB6ECAF3F061BBABCD954D4113E1CD9BD7BD4DF1BD94E6CBC10F497E9AE68265E87F77BFF293AA2D9FDE9C1A8F12A04D9B4D8DB9F5EAEE4690883838DEF670174E70C79E674F97E2457DD85EEEB346A17DD1F39CB3E8B2D69949436051994F8687F0FEE6558F28180D5A63946CD60604B1C82F6AE14454F5824CBFDCEE07478D2F0239299B64CD900DFF7559423E98F0C7AB8229933E4DD5A5E0BD736F8172668676949493577E323FC8EC592437F6DF20EDB5FBB6E92></em></span> <span style="color:#999999;"><em>;0080</em></span> <span style="color:#999999;"><em><7C9DDD3AEFF1D50BAFD11DBAF240BE827BAA156F9E8BB555CC019E183B3708F26EBE6C94702A9AD7CC1D2159CF587437532969D113C70BD622EB81AFC06E9408F1B69F3ED838A9EADFB41FB0E6E4202E></em></span> <span style="color:#999999;"><em>;1234567890123456;000</em></span></pre> <p>Response:</p> <pre><span style="color:#999999;"><em>001-H900</em></span> <span style="color:#999999;"><em>H604A678C8C78E1B9CFD415220D418E76</em></span> <span style="color:#999999;"><em>U9912C5D8B113B5E9D6787D57EE9E43BA</em></span> <span style="color:#999999;"><em>1122334455</em></span> <span style="color:#999999;"><em>9876543210987654</em></span></pre> <p> </p> <p>The Financial Switch shall check the PPID and random number. If the check fails, it will respond with a 9830 with a response code of “63”.</p> <p>Where the Financial Switch is satisfied with the contents of the second 9820 message, it shall respond with the KCA and the KMACH enciphered under KI and its AIIC in the clear. When the PIN Pad has deciphered KCA and KMACH, it shall erase KI.</p> <p>At this time the PIN Pad shall calculate the KIA. When the KIA has been calculated, the PIN Pad shall erase KCA.</p> <p>The POS terminal shall then generate a 9820 message with a network management information code of 193 to the Financial Switch containing the PPID and the Financial Switch shall respond with a 9830 response containing the two initial KEKs and the PPASN.</p> <p>You can generate this using the C0/C1 HSM command.</p> <p>The POS terminal shall validate the MAC on the two KEKs and the PPASN and, if the MAC is valid, shall install KEK1, KEK2 and the PPASN and shall calculate the single length DES key KMACI. These keys are the terminal initial keys, that will updated in the season key exchange.</p> <p>Once this has been carried out, the PIN Pad shall erase the KIA.</p> <p>When these tasks have been completed, the POS terminal shall carry out its normal logon and session key installation with the Financial Switch. As the processing (initial logon then normal logon and session key installation) completes, the POS terminal will move into the “Ready” state.</p> <p>easy as pie!</p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/05/28/eftpos-initialisation-using-rsa-cryptography/" rel="bookmark"><time class="entry-date published" datetime="2015-05-28T13:04:40+10:00">May 28, 2015</time><time class="updated" datetime="2015-05-28T13:24:54+10:00">May 28, 2015</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/9820/" rel="tag">9820</a>, <a href="https://arthurvandermerwe.com/tag/9830/" rel="tag">9830</a>, <a href="https://arthurvandermerwe.com/tag/diy/" rel="tag">DIY</a>, <a href="https://arthurvandermerwe.com/tag/kca/" rel="tag">KCA</a>, <a href="https://arthurvandermerwe.com/tag/kek1/" rel="tag">KEK1</a>, <a href="https://arthurvandermerwe.com/tag/kek2/" rel="tag">KEK2</a>, <a href="https://arthurvandermerwe.com/tag/keks/" rel="tag">KEKs</a>, <a href="https://arthurvandermerwe.com/tag/ki/" rel="tag">KI</a>, <a href="https://arthurvandermerwe.com/tag/kia/" rel="tag">KIA</a>, <a href="https://arthurvandermerwe.com/tag/kmach/" rel="tag">KMACH</a>, <a href="https://arthurvandermerwe.com/tag/management-information/" rel="tag">management information</a>, <a href="https://arthurvandermerwe.com/tag/pksp/" rel="tag">PKsp</a>, <a href="https://arthurvandermerwe.com/tag/pos-terminal/" rel="tag">POS terminal</a>, <a href="https://arthurvandermerwe.com/tag/ppasn/" rel="tag">PPASN</a>, <a href="https://arthurvandermerwe.com/tag/ppid/" rel="tag">PPID</a>, <a href="https://arthurvandermerwe.com/tag/rsa/" rel="tag">RSA</a>, <a href="https://arthurvandermerwe.com/tag/sktcu/" rel="tag">SKtcu</a>, <a href="https://arthurvandermerwe.com/tag/tcu/" rel="tag">TCU</a>, <a href="https://arthurvandermerwe.com/tag/terminal-manufacturer/" rel="tag">terminal manufacturer</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/05/28/eftpos-initialisation-using-rsa-cryptography/#comments">1 Comment<span class="screen-reader-text"> on EFTPOS Initialisation using RSA Cryptography</span></a></span> </footer> </article> <article id="post-121" class="post-121 post type-post status-publish format-standard sticky hentry category-atm-tracing category-financial-switching tag-3des tag-atm tag-thales tag-tmk tag-tpk entry"> <header class="entry-header default-max-width"> <span class="sticky-post">Featured</span><h2 class="entry-title"><a href="https://arthurvandermerwe.com/2015/05/20/atm-pin-encryption-using-3des/" rel="bookmark">ATM Pin encryption using 3DES</a></h2> </header> <div class="entry-content"> <h2>Introduction</h2> <p>Most modern ATM’s use a Triple Des algorithm to encrypt the pin and send it to a host server for processing. Once the host system receives the pin, it does a translation of the pin from one encryption key to another, and sends it to a bank. In this post I will attempt to explain the process and how it is done in the real world.</p> <h2>Overview of the Triple Data Encryption Standard</h2> <p>What we all call Triple DES is EDE (encrypt, decrypt, encrypt). The way that it works is that you take three 56-bit keys, and encrypt with K1, decrypt with K2 and encrypt with K3. There are two-key and three-key versions. Think of the two-key version as merely one where K1=K3. Note that if K1=K2=K3, then Triple DES is really Single DES.</p> <p>Triple DES was created back when DES was getting a bit weaker than people were comfortable with. As a result, they wanted an easy way to get more strength. In a system dependent on DES, making a composite function out of multiple DESes is likely to be easier than bolting in a new cipher and sidesteps the political issue of arguing that the new cipher is better than DES.</p> <p>As it turns out, when you compose a cipher into a new one, you can’t use a double enciphering. There is a class of attacks called meet-in-the-middle attacks, in which you encrypt from one end, decrypt from the other, and start looking for collisions (things that give you the same answer). With sufficient memory, Double DES (or any other cipher) would only be twice as strong as the base cipher — or one bit more in strength.</p> <p>There’s more to it. If the cipher forms a group, then encrypting twice with two keys is equivalent to encrypting once with some key. Now, it’s not trivial to know what that other key is, but it means that a brute-force attack would find that third key as it tried all possible single-keys. So if the cipher’s a group, then multiple-ciphering is merely a waste of time.</p> <p>Applying this encryption in Python is trivial as there are plenty of tested libraries that can provide the functionality like pyDes and Crypto :</p> <pre>import os from Crypto.Cipher import DES3 def encrypt_file(in_filename, out_filename, chunk_size, key, iv): des3 = DES3.new(key, DES3.MODE_CFB, iv) with open(in_filename, 'r') as in_file: with open(out_filename, 'w') as out_file: while True: chunk = in_file.read(chunk_size) if len(chunk) == 0: break elif len(chunk) % 16 != 0: chunk += ' ' * (16 - len(chunk) % 16) out_file.write(des3.encrypt(chunk)) def decrypt_file(in_filename, out_filename, chunk_size, key, iv): des3 = DES3.new(key, DES3.MODE_CFB, iv) with open(in_filename, 'r') as in_file: with open(out_filename, 'w') as out_file: while True: chunk = in_file.read(chunk_size) if len(chunk) == 0: break out_file.write(des3.decrypt(chunk))</pre> <p> </p> <h2>ATM Internals and how they calculate the keys</h2> <p>When you have an ATM, you typically need to provide it with a set of encryption keys from your host, or HSM. These keys are clear text keys and it’s not encrypted in any way. Your host will link them to your terminal number, and when the ATM encrypts the pin; the host will know what keys are used so it can decrypt / translate them to the bank. The clear keys are never stored by the host, only the LMK encrypted keys.</p> <p>Lets assume your host provides the following keys to you as the ‘ATM Encryption Key’ :</p> <pre>Clear component A: <strong>67C4 A719 1ADA FD08 6432 CE0D D638 4AB</strong></pre> <pre>Key check value: 20D40B</pre> <pre>Clear component B: <strong>8A89 6D4C 4625 5E2A 1A75 2002 07A7 D35E</strong></pre> <pre>Key check value: 4EC801</pre> <pre>Combined Check Value: <strong>2B547D</strong></pre> <p>Now typically you would enter the clear components into the ATM, as Encryption keys, and the ATM will combine them (Basically XOR Them) and derive the check value. If the check value match, then all is good.</p> <p>What happens at your host end is the following:</p> <p>Your host will also combine the keys and encrypt them under the LMK (Local Master Key). It will then use this key to encrypt all other keys that are sent to the ATM.</p> <p>Now the ATM have a Terminal Master Key that it can use to decrypt all keys that are sent to it from the host.</p> <h2>ATM Configuration Request (Key Exchange)</h2> <p>Now when an ATM starts up, the first thing it does it send a configuration request to the host. This request is to get the Third key used in Triple DES. The Host will generate a random Terminal Pin Key and encrypt it under the Terminal Master Key (TMK). Since the ATM has the Terminal Master Key, it can decrypt the encrypted TPK, and use all 3 Keys now for the Triple DES operations. (it actually uses 2)</p> <p>The Host would generally execute the A0 Thales command to get this key. He would store the key in the key database to do the decryption / translation later.</p> <p> </p> <h2>Pin Encryption / Decryption</h2> <p>When a ATM gets ready to transmit a transaction it does the 3DES operation on the Pin only. the cypher text is now transmitted to the host. The host never knows the pin code, and only does a translation of the pin from the terminal keys to the bank keys.</p> <blockquote><p>The Host will have the following:</p> <p>(ZPK) Zone Pin Key – from the Bank during Host to Bank Key exchange</p> <p>(TPK) Terminal Pin Key – from Terminal using Terminal Configuration Request</p> <p>(PAN) Account Number – from Transaction transmitted.</p></blockquote> <p>With these values, the Host can translate the pin using a HSM, below is an example of the D4 Command.</p> <pre> Res = KeyGenerator.TranslatePIN_TDES(TerminalPINKey=self.Crypto["TPK_LMK"], PINEncryptionKey=self.HostKeys["ZPK_LMK"], PINBlock=self.iso.getBit(52), AccountNumber=track2["PAN"][-13:-1]) def get_commandTPKPinBlock(self, TerminalPINKey, PINEncryptionKey, PINBlock, AccountNumber): command_code = 'D4' KTP = TerminalPINKey KPE = PINEncryptionKey PinBlock = PINBlock PAN = AccountNumber message = command_code message += KTP message += KPE message += PinBlock message += PAN return message #transmit to HSM</pre> <p>The transaction can now be transmitted to the acquiring bank with the translated pin for processing.</p> <p>Sometimes the ATM requires a Message Authentication Code, this will be covered in another post.</p> <p>easy as pie</p> <p> </p> <p> </p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/05/20/atm-pin-encryption-using-3des/" rel="bookmark"><time class="entry-date published" datetime="2015-05-20T11:30:55+10:00">May 20, 2015</time><time class="updated" datetime="2015-05-20T11:54:32+10:00">May 20, 2015</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/atm-tracing/" rel="category tag">ATM Tracing</a>, <a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/3des/" rel="tag">3DES</a>, <a href="https://arthurvandermerwe.com/tag/atm/" rel="tag">ATM</a>, <a href="https://arthurvandermerwe.com/tag/thales/" rel="tag">Thales</a>, <a href="https://arthurvandermerwe.com/tag/tmk/" rel="tag">TMK</a>, <a href="https://arthurvandermerwe.com/tag/tpk/" rel="tag">TPK</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/05/20/atm-pin-encryption-using-3des/#respond">Leave a comment<span class="screen-reader-text"> on ATM Pin encryption using 3DES</span></a></span> </footer> </article> <article id="post-92" class="post-92 post type-post status-publish format-standard sticky hentry category-financial-switching category-hsm category-uncategorized tag-as2805-6 tag-generate-kekr-validation-response tag-generate-keks-validation-request tag-kek tag-kekr tag-keks tag-key-exchange tag-krr tag-krs tag-thales-e0-command tag-thales-e2-command tag-thales-oi-command tag-thales-ok-command tag-translate-a-set-of-zone-keys tag-zakr tag-zaks tag-zpk tag-zpks tag-rn entry"> <header class="entry-header default-max-width"> <span class="sticky-post">Featured</span><h2 class="entry-title"><a href="https://arthurvandermerwe.com/2015/03/03/implementing-as2805-part-3-using-a-thales-9000-and-python/" rel="bookmark">Implementing AS2805 Part 6 Host to Host Encryption using a Thales 9000 and Python</a></h2> </header> <div class="entry-content"> <h3>Introduction</h3> <p>The AS2805.6 Standard specifies communication security between two nodes during a financial transaction. These nodes needs to have a specific set of encryption algorithms, and needs to follow a specific process.</p> <p>The specification is not very clear on what exactly needs to happen, so I intend to clarify the exact steps, with the HSM functions. Now in order to do this I will assume you have a Thales 9000 HSM, as well as you need to know how to properly operate it. All commands defined are in the 1270A547-015 Australian Standards LIC003 v2.3a.pdf Manual provided by Thales when purchasing the device.</p> <h3>Source Code</h3> <p>a Copy of this Manual can be found here [<a href="https://arthurvandermerwe.com/wp-content/uploads/2014/12/1270a547-015-australian-standards-lic003-v2-3a.pdf">Thales 9000 Australian Standards LIC003 v2.3a</a>]</p> <p>a Copy of my AS2805 parser is located <a title="Python AS2805" href="https://github.com/Arthurvdmerwe/AS2805_Python_Implementation.git" target="_blank">here</a></p> <p>a Copy of my Thales commands class is located <a title="Thales Commands" href="https://github.com/Arthurvdmerwe/ThalesAS205Commands.git" target="_blank">here</a></p> <p>a Full version of a AS2805 Interchange Node is located <a href="https://github.com/Arthurvdmerwe/AS2805_HostNode_Server.git" target="_blank">here</a></p> <h3>KEK Process (Level 1)</h3> <p>For this process:</p> <ol> <li>you need to go to your HSM and generate 2 Clear components, you then need to form a KEKs key from these components. This can be done using the UI of the HSM manger, or with the FK console command.</li> <li>Store the <strong><span style="color:#ff0000;">KEKs</span></strong> formed from the clear components in your switch database.</li> <li>Your connecting node / host will then provide you with a set of clear components, you need to generate a key again, but in this case a <strong><span style="color:#ff0000;">KEKr</span></strong></li> <li>You need to provide you host with your key components you generated in Step 1,so they can generate their corresponding KEKs.</li> </ol> <p>Now you have a KEKr and a KEKs in your database as well as your host read, for Level2</p> <h3>Session and MAC key Initialisation (Level 2)</h3> <p>This Level has 2 separate steps, the first step (Logon) validating the KEKr and KEKs so that both nodes know that the correct keys are being used. The second step (Key Exchange) is to create temporary keys that are changed every 60 minutes or 256 transactions.</p> <h5>Logon Process</h5> <p> </p> <p>During the logon process your HSM will need to generate 2 things:</p> <ol> <li>a Random Number (RN)</li> <li>an Inverted Random Number (~RN)</li> </ol> <p>These numbers will be returned encrypted under the KEKr and KEKs, and you will need to validate them, this is also called end of proof point validation.</p> <p>The Logon process is a 2 step process outlined in the image below.</p> <h6><img data-attachment-id="94" data-permalink="https://arthurvandermerwe.com/2015/03/03/implementing-as2805-part-3-using-a-thales-9000-and-python/logon_process/" data-orig-file="https://arthurvandermerwe.com/wp-content/uploads/2015/02/logon_process.png" data-orig-size="1062,1170" data-comments-opened="1" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="Logon_process" data-image-description="" data-image-caption="" data-medium-file="https://arthurvandermerwe.com/wp-content/uploads/2015/02/logon_process.png?w=272" data-large-file="https://arthurvandermerwe.com/wp-content/uploads/2015/02/logon_process.png?w=620" class=" wp-image-94 aligncenter" src="https://arthurvandermerwe.com/wp-content/uploads/2015/02/logon_process.png?w=255&h=281" alt="Logon_process" width="255" height="281" srcset="https://arthurvandermerwe.com/wp-content/uploads/2015/02/logon_process.png?w=272 272w, https://arthurvandermerwe.com/wp-content/uploads/2015/02/logon_process.png?w=255 255w, https://arthurvandermerwe.com/wp-content/uploads/2015/02/logon_process.png?w=510 510w, https://arthurvandermerwe.com/wp-content/uploads/2015/02/logon_process.png?w=136 136w" sizes="(max-width: 255px) 100vw, 255px" /></h6> <h6>Step 1</h6> <p>When you connect to your host you will receive a logon request, bit number 48 will be populated with a <span style="color:#ff0000;"><strong>KRs</strong></span> from the host that you will need to validate with your KEKr.</p> <p>Generating a KEKr Validation Response you would need your <strong><span style="color:#ff0000;">KRs</span></strong> received in this request, and you KEKr that you generated from your host components.</p> <p><span style="text-decoration:underline;">E2 Command Definition: </span>To receive a random key (KRs) encrypted under a variant of a double length Key Encrypting Key (KEKr), compute from KRs another value, denoted KRr and encrypt it under another variant of the KEKr</p> <p>Your HSM command will look as follows: >HEADE2{KEKr}{KRs} and you output will generate a <strong><span style="color:#ff0000;">KEKr</span></strong>. Your response to the host will need to include this value in bit number 48.</p> <h6>Step 2</h6> <p>You now need to send the host a logon request with bit 48 set with your <strong><span style="color:#ff0000;">KRs</span></strong></p> <p><span style="text-decoration:underline;">E0 Command Definition</span>:To generate a random key (KRs) and encrypt it with a variant of a double length Key Encrypting Key (KEKs). In addition, KRs is inverted (to form KRr) and the result encrypted with another variant of the KEKs.</p> <p>Your HSM command will look as follows: >HEADE0{KEKs} and the output will generate a <strong><span style="color:#ff0000;">KRs</span></strong>. Your host will validate this request, and return with a response.</p> <p>Once both steps are complete, both you and the host has been validated that you are using the same keys.</p> <p>An Example of this process is outlined below in Python:</p> <p> </p> <pre> def __signon__Part1__(self): self.log.info("====Sign-On Process Started ====") self.__setState('signing_on') cur = self.con_switch.cursor(MySQLdb.cursors.DictCursor) try: self.log.info("Waiting for 0800 Request") self.s.settimeout(20.0) length_indicator = self.s.recv(2) if length_indicator == '': self.log.critical('Received a blank length indicator from switch... might be a disconnect') self.__setState("blank_response") else: size = struct.unpack('!H', length_indicator)[0] payload = self.s.recv(size) payload = ByteUtils.ByteToHex(payload) d = datetime.now() self.log.info(" Getting Sign-On Request 0800 = [%s]" % payload) if payload == '': self.log.critical('Received a blank response from switch... might be a disconnect') self.__setState("blank_response") else: iso_ans = AS2805(debug=False) iso_ans.setIsoContent(payload) self.__storeISOMessage(iso_ans, {"date_time_received": d.strftime("%Y-%m-%d %H:%M:%S")}) if iso_ans.getMTI() == '0800': if iso_ans.getBit(70) == '001': #log.info("Logon Started with KEKr = %s, KEKs = %s" % ( self.KEKr, self.KEKs)) KRs = iso_ans.getBit(48) #log.info("KRs %s Received from Host" % (KRs)) #print "Generating a E0 Command with KEKr=%s, and KRs=%s" % (self.KEKr, KRs) self.ValidationResponse = KeyGenerator.Generate_KEKr_Validation_Response(KEKr=self.KEKr, KRs=KRs) #print self.ValidationResponse if self.ValidationResponse["ErrorCode"] == '00': #log.info("KRs Validation Response %s generated" % (self.ValidationResponse["KRr"])) d = datetime.now() iso_resp = AS2805(debug=False) iso_resp.setMTI('0810') iso_resp.setBit(7, d.strftime("%m%d%H%M%S")) iso_resp.setBit(11, iso_ans.getBit(11)) iso_resp.setBit(33, self.Switch_IIN) iso_resp.setBit(39, '303') iso_resp.setBit(48, self.ValidationResponse["KRr"]) iso_resp.setBit(70, '0001') iso_resp.setBit(100, self.Switch_IIN) iso_send = iso_resp.getNetworkISO() iso_send_hex = ByteUtils.HexToByte(iso_send[2:]) self.log.info("Sending Sign-On Response 0810 [%s]" % ReadableAscii(iso_send)) self.__send_message(iso_send_hex) self.__storeISOMessage(iso_resp, {"date_time_sent": d.strftime("%Y-%m-%d %H:%M:%S")}) self.__setState('signed_on') else: self.log.error("0810 KRr Response Code = %s, Login Failed" % (self.ValidationResponse["ErrorCode"],)) #TODO: Send Decline to the Partner else: self.log.error("Could not login with 0810") except InvalidAS2805, ii: self.log.error(ii) except socket.error as e: pass self.log.debug("nothing from host [%s]" % (e)) except: #self.__signoff() self.log.exception("signon_failed") self.__setState("singon_failed") finally: cur.close() def __signon_Part2__(self): try: self.s.settimeout(20.0) self.ValidationRequest = KeyGenerator.Generate_KEKs_Validation_Request(KEKs=self.KEKs) d = datetime.now() iso_resp = AS2805(debug=False) iso_resp.setMTI('0800') iso_resp.setBit(7, d.strftime("%m%d%H%M%S")) iso_resp.setBit(11, self.__getNextStanNo()) iso_resp.setBit(33, self.HostIIN) iso_resp.setBit(48, self.ValidationRequest["KRs"]) iso_resp.setBit(70, '001') iso_resp.setBit(100, self.HostIIN) iso_send = iso_resp.getNetworkISO() iso_send_hex = ByteUtils.HexToByte(iso_send[2:]) self.log.info("Sending Sign-On Request 0800 [%s]" % ReadableAscii(iso_send)) self.__send_message(iso_send_hex) self.__storeISOMessage(iso_resp, {"date_time_sent": d.strftime("%Y-%m-%d %H:%M:%S")}) self.log.info("Waiting for 0810 Response") a = self.s.recv(8192) payload = ByteUtils.ByteToHex(a[2:]) d = datetime.now() self.log.info(" Getting Sign-On Response 0810 = [%s]" % payload) iso_ans = AS2805(debug=False) iso_ans.setIsoContent(payload) self.log.debug(iso_ans.dumpFields()) self.__storeISOMessage(iso_ans, {"date_time_received": d.strftime("%Y-%m-%d %H:%M:%S")}) if iso_ans.getBit(39) == '3030': self.log.info("====Sign-On Sequence Completed Successfully====") self.__setState("signed_on_dual") else: #self.__signoff() self.log.error("Could not login with 0800") self.__setState("singon_failed") except InvalidAS2805, ii: self.log.info(ii) except socket.error as e: self.log.info("nothing from host [%s]" % (e)) except: #self.__signoff() self.log.exception("signon_failed") self.__setState("singon_failed")</pre> <p> </p> <h3>Key Exchange (Level 2)</h3> <p>In the Key Exchange process, you will generate session keys for your node as well as MAC keys. Now when generating these keys, you need to remember that they need to be the same type as you partner node. (simply ask your processor for a trace if you want to confirm)</p> <p>So right after a successful logon, you would need to wait for a key exchange request, (0820 with field 30 as 303) this key exchange request will have a ZAK and a ZPK in field 48, these are encrypted under the KEKr generated on your host from their components. You would need to translate these keys using your KEKr under your LMK and generate check values for verification.</p> <p>The command will look like follows: >HEADOK{KEKr}21H{ZPK}1H{ZAK}0H11111111111111111111111111111111</p> <p>These keys are known as your: <strong>RECEIVE KEYS</strong></p> <p>Where the KEKr is the KEKr generated from your components, ZPK and ZAK is the ZPK and ZAK received. This will output the following:</p> <pre>def Translate_a_Set_of_Zone_Keys(KEKr, ZPK, ZAK, ZEK): response = KeyClass.execute_Translate_a_Set_of_Zone_Keys(KEKr, ZPK, ZAK, ZEK) #print response TranslatedZoneKeys = {} TranslatedZoneKeys["Header"] = response[2:6] TranslatedZoneKeys["ResponseCode"] = response[6:8] TranslatedZoneKeys["ErrorCode"] = response[8:10] if TranslatedZoneKeys["ErrorCode"] == '00': TranslatedZoneKeys["KCV Processing Flag"] = response[10:11] TranslatedZoneKeys["ZPK(LMK)"] = response[11:44] TranslatedZoneKeys["ZPK Check Value"] = response[44:50] TranslatedZoneKeys["ZAK(LMK)"] = response[50:83] TranslatedZoneKeys["ZAK Check Value"] = response[83:89] TranslatedZoneKeys["ZEK(LMK)"] = response[89:122] TranslatedZoneKeys["ZEK Check Value"] = response[122:128] return TranslatedZoneKeys</pre> <p>In other words, you need to generate the same keys, but under your LMK and store them in your key database</p> <p>Now whenever you get a request from your host with a mac you can validate the mac using the ZAK(LMK), and when you get encrypted values from your host you can translate the values using the ZPK(LMK)</p> <p>So, when you respond to the key exchange process you put the check values in field 40. Your host will validate the check values, and then wait for you to send a request using your KEKs.</p> <p>Here is an implementation using Python:</p> <pre>def __key_exchange_listen(self): self.log.info("===== Key Exchange process Started =======") self.s.settimeout(20.0) length_indicator = self.s.recv(2) if length_indicator == '': self.log.critical('Received a blank length indicator from switch... might be a disconnect') self.__setState("blank_response") else: size = struct.unpack('!H', length_indicator)[0] payload = self.s.recv(size) payload = ByteUtils.ByteToHex(payload) d = datetime.now() self.log.info(" Receiving Key Exchange Request = [%s]" % payload) if payload == '': self.log.critical('Received a blank response from switch... might be a disconnect') self.__setState("blank_response") else: iso_ans = AS2805(debug=False) iso_ans.setIsoContent("%s" % (payload)) self.log.debug(iso_ans.dumpFields()) self.__storeISOMessage(iso_ans, {"date_time_received": d.strftime("%Y-%m-%d %H:%M:%S")}) if iso_ans.getMTI() == '0820' and iso_ans.getBit(70) == '0101': Value = iso_ans.getBit(48) self.ZAK = Value[:32] self.ZPK = Value[32:] self.node_number = iso_ans.getBit(53) log.info("Recieve Keys under ZMK : ZAK= %s, ZPK = %s" % (self.ZAK, self.ZPK )) self.ZoneKeySet2 = KeyGenerator.Translate_a_Set_of_Zone_Keys(self.KEKr,ZPK=self.ZPK, ZAK=self.ZAK, ZEK='11111111111111111111111111111111') cur = self.con_switch.cursor(MySQLdb.cursors.DictCursor) sql = """UPDATE sessions_as2805 set ZPK_LMK = '%s', ZPK_ZMK = '%s', ZPK_Check ='%s', ZAK_LMK = '%s' , ZAK_ZMK = '%s', ZAK_Check = '%s', ZEK_LMK = '%s', ZEK_Check = '%s', keyset_number = '%s' WHERE host_id = '%s' and keyset_description = 'Recieve' """ %\ ( self.ZoneKeySet2["ZPK(LMK)"], self.ZPK, self.ZoneKeySet2["ZPK Check Value"], self.ZoneKeySet2["ZAK(LMK)"], self.ZAK, self.ZoneKeySet2["ZAK Check Value"], self.ZoneKeySet2["ZEK(LMK)"], self.ZoneKeySet2["ZEK Check Value"], self.node_number, self.host_id) log.info("Recieve Keys under LMK : ZAK= %s, ZAK Check Value: %s ZPK = %s, ZPK Check Value: %s" % (self.ZoneKeySet2["ZAK(LMK)"], self.ZoneKeySet2["ZAK Check Value"], self.ZoneKeySet2["ZPK(LMK)"], self.ZoneKeySet2["ZPK Check Value"])) cur.execute(sql) self.log.debug("Records=%s" % (cur.rowcount,)) iso_req = AS2805(debug=False) iso_req.setMTI('0830') iso_req.setBit(7, iso_ans.getBit(7)) iso_req.setBit(11, iso_ans.getBit(11)) iso_req.setBit(33, iso_ans.getBit(33)) iso_req.setBit(39, '303') iso_req.setBit(48, self.ZoneKeySet2["ZAK Check Value"] + self.ZoneKeySet2["ZPK Check Value"]) iso_req.setBit(53, iso_ans.getBit(53)) iso_req.setBit(70, iso_ans.getBit(70)) iso_req.setBit(100, iso_ans.getBit(100)) self.__storeISOMessage(iso_req, {"date_time_sent": d.strftime("%Y-%m-%d %H:%M:%S")}) try: iso_send = iso_req.getNetworkISO() iso_send_hex = ByteUtils.HexToByte(iso_send[2:]) self.log.debug(iso_req.dumpFields()) self.log.info("Sending Key Exchange Response = [%s]" % ReadableAscii(iso_send)) self.__send_message(iso_send_hex) self.node_number = iso_ans.getBit(53) except: self.log.exception("key_exchange_failed") self.__setState('key_exchange_failed') finally: cur.close()</pre> <p> </p> <p>These Keys are known as your <strong>SEND KEYS</strong></p> <p>So when you send a key exchange request you would need to generate a set of zone keys, this command on your HSM would look like this;</p> <p>>HEADOI{KEKs};HU;1</p> <p>Where the KEKs is the KEKs that you generated from your components, and your output will be the following:</p> <pre>def Generate_a_Set_of_Zone_Keys(KEKs): response = KeyClass.execute_get_a_Set_of_Zone_Keys(KEKs) #print response ZoneKeys = {} ZoneKeys["Header"] = response[2:6] ZoneKeys["ResponseCode"] = response[6:8] ZoneKeys["ErrorCode"] = response[8:10] if ZoneKeys["ErrorCode"] == '00': ZoneKeys["ZPK(LMK)"] = response[10:43] ZoneKeys["ZPK(ZMK)"] = response[43:76] ZoneKeys["ZPK Check Value"] = response[76:82] ZoneKeys["ZAK(LMK)"] = response[82:115] ZoneKeys["ZAK(ZMK)"] = response[115:148] ZoneKeys["ZAK Check Value"] = response[148:154] ZoneKeys["ZEK(LMK)"] = response[154:187] ZoneKeys["ZEK(ZMK)"] = response[187:220] ZoneKeys["ZEK Check Value"] = response[220:226] return ZoneKeys</pre> <p>Now when sending your 0820 request, you need to set field 40 as ZAK(ZMK) + ZPK(ZMK). Your host will do a Validation request (same as you did in step 1) and send you the check values. you need to compare this to the check values generated by your OI command, and if they match then you have successfully exchanged keys.</p> <p>Below is an implementation using Python:</p> <p> </p> <pre> def __keyExchange__(self): self.__setState("key_exchange") self.__key_exchange_listen() cur = self.con_switch.cursor(MySQLdb.cursors.DictCursor) d = datetime.now() self.ZoneKeySet1 = {} self.ZoneKeySet2 = {} self.ZoneKeySet1 = KeyGenerator.Generate_a_Set_of_Zone_Keys(self.KEKs) iso_req = AS2805(debug=False) iso_req.setMTI('0820') iso_req.setBit(7, d.strftime("%m%d%H%M%S")) iso_req.setBit(11, self.__getNextStan()) iso_req.setBit(33, self.HostIIN) iso_req.setBit(48, self.ZoneKeySet1["ZAK(ZMK)"][1:] + self.ZoneKeySet1["ZPK(ZMK)"][1:]) iso_req.setBit(53, self.node_number) iso_req.setBit(70, '101') iso_req.setBit(100, self.SwitchLink_IIN) self.__storeISOMessage(iso_req, {"date_time_sent": d.strftime("%Y-%m-%d %H:%M:%S")}) log.info("Send Keys under LMK : ZAK= %s, ZAK Check Value: %s ZPK = %s, ZPK Check Value: %s" % (self.ZoneKeySet1["ZAK(LMK)"], self.ZoneKeySet1["ZAK Check Value"], self.ZoneKeySet1["ZPK(LMK)"], self.ZoneKeySet1["ZPK Check Value"])) try: # send the Send Keys iso_send = iso_req.getNetworkISO() iso_send_hex = ByteUtils.HexToByte(iso_send[2:]) self.log.debug(iso_req.dumpFields()) self.log.info("Sending Key Exchange Request = [%s]" % ReadableAscii(iso_send)) self.__send_message(iso_send_hex) self.s.settimeout(20.0) length_indicator = self.s.recv(2) if length_indicator == '': self.log.critical('Received a blank length indicator from switch... might be a disconnect') self.__setState("blank_response") else: size = struct.unpack('!H', length_indicator)[0] payload = self.s.recv(size) payload = ByteUtils.ByteToHex(payload) d = datetime.now() self.log.info(" Receiving Key Exchange Response = [%s]" % payload) if payload == '': self.log.critical('Received a blank response from switch... might be a disconnect') self.__setState("blank_response") else: iso_ans = AS2805(debug=False) iso_ans.setIsoContent(payload) self.log.debug(iso_ans.dumpFields()) self.__storeISOMessage(iso_ans, {"date_time_received": d.strftime("%Y-%m-%d %H:%M:%S")}) if iso_ans.getMTI() == '0830': if iso_ans.getBit(39) == '3030': Value = iso_ans.getBit(48) self.KMACs_KVC = Value[:6] self.KPEs_KVC = Value[6:] #self.log.info("KMACs_KVC = %s, KPEs_KVC = %s" % (self.KMACs_KVC, self.KPEs_KVC)) if self.KMACs_KVC == self.ZoneKeySet1["ZAK Check Value"] and self.KPEs_KVC == self.ZoneKeySet1["ZPK Check Value"]: self.log.info("0820 Key Exchange successful: Check Values Match, ZAK Check Value= %s , ZPK Check Value = %s" % (self.ZoneKeySet1["ZAK Check Value"], self.ZoneKeySet1["ZPK Check Value"])) sql = """UPDATE sessions_as2805 SET ZPK_LMK = '%s', ZPK_ZMK = '%s', ZPK_Check= '%s' , ZAK_LMK= '%s', ZAK_ZMK = '%s', ZAK_Check ='%s', ZEK_LMK = '%s' , ZEK_ZMK = '%s', ZEK_Check = '%s', keyset_number = '%s' WHERE host_id = '%s' and keyset_description = 'Send' """%\ ( self.ZoneKeySet1["ZPK(LMK)"], self.ZoneKeySet1["ZPK(ZMK)"], self.ZoneKeySet1["ZPK Check Value"], self.ZoneKeySet1["ZAK(LMK)"], self.ZoneKeySet1["ZAK(ZMK)"], self.ZoneKeySet1["ZAK Check Value"], self.ZoneKeySet1["ZEK(LMK)"], self.ZoneKeySet1["ZEK(ZMK)"], self.ZoneKeySet1["ZEK Check Value"], self.node_number, self.host_id) cur.execute(sql) self.log.debug("Records=%s" % (cur.rowcount,)) self.__setState("key_exchanged") self.__setState('session_key_ok') self.log.info("==== Key Exchange Sequence Completed Successfully====") self.last_key_exchange = datetime.now() else: self.log.error("Generate_a_Set_of_Zone_Keys: KVC Check Failed!!") else: self.log.error("0820 Response Code = %s, Key Exchange Failed" % (iso_ans.getBit(39))) except InvalidAS2805, ii: self.log.error(ii) self.s.close() self.s = None self.__setState("session_key_fail") except: self.log.exception("key_exchange_failed") self.__setState('key_exchange_failed') </pre> <p> </p> <p>Now that keys have successfully been exchanged, you can start submitting transactions.</p> <p>When sending transactions encrypt data (pin / field) Send Keys, and when receiving data translate / decrypt using your receive keys, Generate MAC using Send MAC and Verify using Receive MAC.</p> <ul> <li>TAK – Your key to generate and verify MACs</li> <li>TEK – Your key to encrypt data and decrypt / translate</li> </ul> <p>This concludes the implementation of Node to Node interfaces using AS2805 Standards.</p> <p>Easy as Pie!</p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/03/03/implementing-as2805-part-3-using-a-thales-9000-and-python/" rel="bookmark"><time class="entry-date published" datetime="2015-03-03T09:06:38+11:00">March 3, 2015</time><time class="updated" datetime="2015-07-29T08:23:33+10:00">July 29, 2015</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a>, <a href="https://arthurvandermerwe.com/category/hsm/" rel="category tag">HSM</a>, <a href="https://arthurvandermerwe.com/category/uncategorized/" rel="category tag">Uncategorized</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/as2805-6/" rel="tag">AS2805.6</a>, <a href="https://arthurvandermerwe.com/tag/generate-kekr-validation-response/" rel="tag">Generate KEKr Validation Response</a>, <a href="https://arthurvandermerwe.com/tag/generate-keks-validation-request/" rel="tag">Generate KEKs Validation Request</a>, <a href="https://arthurvandermerwe.com/tag/kek/" rel="tag">KEK</a>, <a href="https://arthurvandermerwe.com/tag/kekr/" rel="tag">KEKr</a>, <a href="https://arthurvandermerwe.com/tag/keks/" rel="tag">KEKs</a>, <a href="https://arthurvandermerwe.com/tag/key-exchange/" rel="tag">Key Exchange</a>, <a href="https://arthurvandermerwe.com/tag/krr/" rel="tag">KRr</a>, <a href="https://arthurvandermerwe.com/tag/krs/" rel="tag">KRs</a>, <a href="https://arthurvandermerwe.com/tag/thales-e0-command/" rel="tag">Thales E0 Command</a>, <a href="https://arthurvandermerwe.com/tag/thales-e2-command/" rel="tag">Thales E2 Command</a>, <a href="https://arthurvandermerwe.com/tag/thales-oi-command/" rel="tag">Thales OI Command</a>, <a href="https://arthurvandermerwe.com/tag/thales-ok-command/" rel="tag">Thales OK Command</a>, <a href="https://arthurvandermerwe.com/tag/translate-a-set-of-zone-keys/" rel="tag">Translate a Set of Zone Keys</a>, <a href="https://arthurvandermerwe.com/tag/zakr/" rel="tag">ZAKr</a>, <a href="https://arthurvandermerwe.com/tag/zaks/" rel="tag">ZAKs</a>, <a href="https://arthurvandermerwe.com/tag/zpk/" rel="tag">ZPK</a>, <a href="https://arthurvandermerwe.com/tag/zpks/" rel="tag">ZPKs</a>, <a href="https://arthurvandermerwe.com/tag/rn/" rel="tag">~RN</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/03/03/implementing-as2805-part-3-using-a-thales-9000-and-python/#comments">4 Comments<span class="screen-reader-text"> on Implementing AS2805 Part 6 Host to Host Encryption using a Thales 9000 and Python</span></a></span> </footer> </article> <article id="post-84" class="post-84 post type-post status-publish format-standard sticky hentry category-financial-switching category-hsm category-uncategorized tag-as2805-6-1 tag-interchange-receive-kek tag-kekr tag-keks tag-kmacr1 tag-kmacr2 tag-kmacs1 tag-kmacs2 tag-kper1 tag-kpes1 tag-kpes2 tag-kvcs tag-mac tag-mac-key tag-pin-protect-key tag-session-keys entry"> <header class="entry-header default-max-width"> <span class="sticky-post">Featured</span><h2 class="entry-title"><a href="https://arthurvandermerwe.com/2015/01/04/typical-cryptography-in-as2805-explained/" rel="bookmark">Typical Cryptography in AS2805 Explained</a></h2> </header> <div class="entry-content"> <p>Key Management conforms to AS 2805 part 6.1.</p> <h3>KEK Establishment</h3> <p>Each interchange node contains an Interchange Send Key Encrypting Key (KEKs) and an Interchange Receive Key Encrypting Key (KEKr). The Interchange Send KEK is the same key as the Interchange Receive KEK in the partnering node, similarly the Interchange Receive KEK is the same as the Interchange Send KEK in the partnering node.</p> <p>The Interchange Key Encrypting Keys are used to encipher and decipher the session keys when they are transmitted between the nodes and in the proof of end points process.</p> <p>Interchange Key Encrypting Keys is statistically unique and shall be changed, at a minimum, once every two years.</p> <p> </p> <table style="height:100%;" width="100%"> <tbody> <tr> <td colspan="2"><strong>Node A </strong></td> <td colspan="2"><strong>Node B </strong></td> </tr> <tr> <td>KEKs</td> <td colspan="2">=</td> <td width="84">KEKr</td> </tr> <tr> <td width="84">KEkr</td> <td colspan="2" width="84">=</td> <td width="84">KEKs</td> </tr> <tr> <td width="84"></td> <td width="42"></td> <td width="42"></td> <td width="84"></td> </tr> </tbody> </table> <h3>Session Keys</h3> <p>Each node keeps four sets of session keys, two send sets and two receive sets.</p> <p>Each set of session keys consists of two keys, MAC Key, PIN Protect Key. Each session key is 128-bits long and stored in a secure manner.</p> <p>The send session key sets are generated by the sending node and numbered “1” or “2”. The send session key sets are then forwarded to the receiving node to be used as the receive session key sets.</p> <p>The receive session key sets are received in a 0820 Network Management Advice message with bit ‘070’ equal to 101 from the sending node. The set number of either “1” or “2” contained in bit 53 indicates the receive session key set used by the receiving node to verify the MAC, decipher the data and translate or verify the PIN.</p> <p>One set of send session keys is used at a time and all Transactions sent from the sending node will generate the MAC and encipher the PIN, if present, using the MAC Generator Key and PIN Protect Key, respectively, from the same send session key set. The send session key set used is indicated by bit 53 (contains “1” or “2”) in each message. Session Keys must be statistically unique and replaced, at a minimum, once every hour or on every 256 Transactions, whichever occurs first.</p> <p> </p> <p> </p> <table> <tbody> <tr> <td colspan="2" width="173"><strong>Node A </strong></td> <td colspan="2" width="173"><strong>Node B </strong></td> </tr> <tr> <td colspan="2" width="173"><span style="text-decoration:underline;">Send Session Keys Set 1</span></td> <td colspan="2" width="173"><span style="text-decoration:underline;">Receive Session Keys Set 1</span></td> </tr> <tr> <td width="116">MAC Key (KMACs1)</td> <td colspan="2" width="116">=</td> <td width="116">MAC Verification Key (KMACr1)</td> </tr> <tr> <td width="116">PIN Protect Key (KPEs1)</td> <td colspan="2" width="116">=</td> <td width="116">PIN Protect Key (KPEr1)</td> </tr> <tr> <td colspan="2" width="173"><span style="text-decoration:underline;">Send Session Keys Set 2</span></td> <td colspan="2" width="173"><span style="text-decoration:underline;">Receive Session Keys Set 2</span></td> </tr> <tr> <td width="116">MAC Key (KMACs2)</td> <td colspan="2" width="116">=</td> <td width="116">MAC Verification Key (KMACr2)</td> </tr> <tr> <td width="116">PIN Protect Key (KPEs2)</td> <td colspan="2" width="116">=</td> <td width="116">PIN Protect Key (KPEr2)</td> </tr> <tr> <td colspan="2" width="173"><span style="text-decoration:underline;">Receive Session Keys Set 1</span></td> <td colspan="2" width="173"><span style="text-decoration:underline;">Send Session Keys Set 1</span></td> </tr> <tr> <td width="116">MAC Verification Key (KMACr1)</td> <td colspan="2" width="116">=</td> <td width="116">MAC Key (KMACs1)</td> </tr> <tr> <td width="116">PIN Protect Key (KPEr1)</td> <td colspan="2" width="116">=</td> <td width="116">PIN Protect Key (KPEs1)</td> </tr> <tr> <td colspan="2" width="173"><span style="text-decoration:underline;">Receive Session Keys Set 2</span></td> <td colspan="2" width="173"><span style="text-decoration:underline;">Send Session Keys Set 2</span></td> </tr> <tr> <td width="116">MAC Verification Key (KMACr2)</td> <td colspan="2" width="116">=</td> <td width="116">MAC Key (KMACs2)</td> </tr> <tr> <td width="116">PIN Protect Key (KPEr2)</td> <td colspan="2" width="116">=</td> <td width="116">PIN Protect Key (KPEs2)</td> </tr> <tr> <td width="116"></td> <td width="58"></td> <td width="58"></td> <td width="116"></td> </tr> </tbody> </table> <p> </p> <p>When enciphered for transmission, each session key type will use a unique variant of the Key Enciphering Key in accordance with AS 2805 part 6.1 request response (logon) from the other before starting any other message exchange. When ready to logon, a party should attempt to logon and continue to attempt to logon until a successful response has been received. Upon receipt of an unsolicited logon (i.e. receiving a logon message when in an assumed logged on state) or a message with a response code indicating an irrecoverable error, a party should send an immediate logoff message and attempts to logon should be made as soon as possible. All logon response messages should be inspected to ensure that the response code indicates a successful logon</p> <h3>Changing Session keys</h3> <p>While one set of send session keys is being used, the other send session key set is randomly generated by the sending node and their KVCs generated, the keys are then enciphered under the Interchange Send KEK and transmitted to the receiving node in a 0820 Network Management Advice message.</p> <p>When a 0820 message is received by the receiving node, the session keys are deciphered using the Interchange Receive KEK. These deciphered keys are set up as the set of receive keys specified by the set number contained in bit 53 of the 0820 message. The Key Verification Codes (KVCs) are calculated by the receiving node and transmitted to the sending node in bit 48 of the 0830 message.</p> <p>When the 0830 Network Management Advice response message is received at the node initiating the key change, the KVCs contained in the 0830 message are validated. If the KVCs are correct, the new send session key set can be used immediately. If the KVCs are invalid, new send session key set must be generated and the whole process is repeated.</p> <p> </p> <h3>Sign off</h3> <p>Either node may terminate the transmission of financial messages by sending a Sign Off Advice. A Sign Off is accomplished by the transmission of a 0820 Network Management Advice Message with a NMIC (Bit 70) equal to ‘002’.</p> <p> </p> <h3>Key change during normal processing</h3> <p>A session key change can occur at any time; each node independently initiates the change of their send keys. The sender will advise their sending session keys to the receiver using a 0820 Network Management Advice message with a NMIC equal to ‘101’ indicating key change. Once a valid response (0830 message) is received and the KVCs confirmed, the new keys can be used.</p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/01/04/typical-cryptography-in-as2805-explained/" rel="bookmark"><time class="entry-date published" datetime="2015-01-04T00:56:47+11:00">January 4, 2015</time><time class="updated" datetime="2015-03-11T16:55:11+11:00">March 11, 2015</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a>, <a href="https://arthurvandermerwe.com/category/hsm/" rel="category tag">HSM</a>, <a href="https://arthurvandermerwe.com/category/uncategorized/" rel="category tag">Uncategorized</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/as2805-6-1/" rel="tag">AS2805 6.1</a>, <a href="https://arthurvandermerwe.com/tag/interchange-receive-kek/" rel="tag">Interchange Receive KEK</a>, <a href="https://arthurvandermerwe.com/tag/kekr/" rel="tag">KEKr</a>, <a href="https://arthurvandermerwe.com/tag/keks/" rel="tag">KEKs</a>, <a href="https://arthurvandermerwe.com/tag/kmacr1/" rel="tag">KMACr1</a>, <a href="https://arthurvandermerwe.com/tag/kmacr2/" rel="tag">KMACr2</a>, <a href="https://arthurvandermerwe.com/tag/kmacs1/" rel="tag">KMACs1</a>, <a href="https://arthurvandermerwe.com/tag/kmacs2/" rel="tag">KMACs2</a>, <a href="https://arthurvandermerwe.com/tag/kper1/" rel="tag">KPEr1</a>, <a href="https://arthurvandermerwe.com/tag/kpes1/" rel="tag">KPEs1</a>, <a href="https://arthurvandermerwe.com/tag/kpes2/" rel="tag">KPEs2</a>, <a href="https://arthurvandermerwe.com/tag/kvcs/" rel="tag">KVCs</a>, <a href="https://arthurvandermerwe.com/tag/mac/" rel="tag">MAC</a>, <a href="https://arthurvandermerwe.com/tag/mac-key/" rel="tag">MAC Key</a>, <a href="https://arthurvandermerwe.com/tag/pin-protect-key/" rel="tag">PIN Protect Key</a>, <a href="https://arthurvandermerwe.com/tag/session-keys/" rel="tag">session keys</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/01/04/typical-cryptography-in-as2805-explained/#comments">3 Comments<span class="screen-reader-text"> on Typical Cryptography in AS2805 Explained</span></a></span> </footer> </article> <article id="post-75" class="post-75 post type-post status-publish format-standard sticky hentry category-financial-switching category-hsm tag-as-2805-part-3 tag-as2805 tag-as2805-pk-command tag-c2-command tag-c4-command tag-dea2 tag-dea3 tag-dukpt tag-ei-host-command tag-eo-command tag-h2-command tag-h4-command tag-h6-command tag-h8-command tag-interchange tag-kca tag-kek tag-kekr tag-keks tag-kti tag-mac tag-oi-command tag-ok-command tag-ou-command tag-ow-command tag-pi-command tag-po-host-command tag-rsa tag-session-keys tag-tmk1 tag-tmk2 tag-triple-des entry"> <header class="entry-header default-max-width"> <span class="sticky-post">Featured</span><h2 class="entry-title"><a href="https://arthurvandermerwe.com/2014/12/02/thales-9000-and-as2805-interchange-commands/" rel="bookmark">Thales 9000 with AS2805 Interchange & RSA EFTPOS Commands.</a></h2> </header> <div class="entry-content"> <h3><b>Interchange Cryptographic Keys </b></h3> <p>Interchange keys are used to protect financial transactions initiated at Acquirer eftpos / ATM Terminals while in transit to the Issuer institution. Interchange keys may be either:</p> <p>(a) PIN encrypting keys – used to protect the customer PIN from the point of origin to the point of authorisation. PIN encrypting keys are a specific instance of session keys;</p> <p>(b) Session keys – used to secure, validate and protect the financial message. Session keys can be further qualified into those used in the terminal to Acquirer environment (terminal session keys) or on node to node links (interchange session keys);</p> <p>(c) Key Encrypting Keys (KEK) – used to protect other keys (e.g. session keys) during exchange; or</p> <p>(d) Transport Keys – used to protect keys (e.g. KEKs) during transport to the partner institution.</p> <h3><b>Cryptographic Algorithms </b></h3> <p>DEA3 and DEA2 are the only approved algorithms for the protection of interchange information (full details of these algorithms may be found in the Australian standard AS 2805 part 5).</p> <p>DEA3 keys are 128 bits in length (effectively 112 bits) and are generally referred to as triple DES or 3DES keys (the corresponding encryption algorithm is specified in AS 2805 part 5.4). Triple DES may also be acceptably implemented using a key length of 192 bits (effectively 168 bits).</p> <p>DEA3 with a key length of 128 bits and DEA2 with key lengths equal to, or greater than 2048 bits are the minimum acceptable requirements for the effective protection of interchange information at the time of the issuance of this document.</p> <p>In accordance with AS 2805 part 3, DEA3 must be used for PIN encipherment.</p> <h3><b> Interchange Links </b></h3> <p>For all Interchange Links, Issuers and Acquirers must ensure that:</p> <p>(a) Security for Transactions processed over that Interchange Link complies with AS2805 Part 6;</p> <p>(b) Message formats comply with AS2805 Part 2;</p> <p>(c) Security of transactions from terminal to Acquirer and from Acquirer to Issuer complies with AS2805 Part 6;</p> <p>(d) PIN security and encryption complies with AS2805 Parts 3 and 5.4;</p> <p>(e) Key management practices comply with AS2805 Part 6.1;</p> <p>In each case and as more particularly set out in Part 8:</p> <p>(a) Message Authentication must apply to all Interchange Links;</p> <p>(b) The Message Authentication Code (MAC) must be calculated using, as a minimum, a DEA 3 (128-bit) key, Triple DES and an algorithm conforming to AS2805 Part 4; and</p> <p>(c) all interchange PIN and MAC cryptographic functions must be performed within a Tamper-responsive SCM</p> <h3>The Actual process using an Thales 9000 HSM (CECS Approved)</h3> <p>Now what we are clear on the actual requirements of CECS and APCA, lets attempt to do this using a Thales 9000.</p> <p><strong>Generate a Sponsor RSA key pair</strong></p> <p>This command is the first step as would be required to do this for all terminal commands.</p> <ul> <li>This is done my using the <strong>HSM EI host Command</strong>, from the HSM base manual. <ul> <li>The input is the length of the RSA key set required, and the length go the public key modulus.</li> </ul> </li> <li>The Public Key Verification Code should now be generated. This is done using the <strong>HSM H2 Command</strong> from the Australian Standards Support Manual.</li> </ul> <p>The Public Key and the PVC are sent to your Interchange Partner via different paths, as per their direction. (lets call this <strong>OUR-Key</strong> and <strong>OUR-PVC</strong>)</p> <p>Your Interchange partner will now do the same process and provide you with a Public Key and a PVC. (lets call this <strong>THEIR-Key</strong> and <strong>THEIR-PVC</strong>)</p> <p>When we receive this Public Key from our Interchange Partner, the following should happen:</p> <ul> <li>The PVC for the Key should be generated using the<strong> HSM H2 Command</strong> from the Australian Standards Support Manual.</li> <li>The MAC for the Key should be generated using the <strong>HSM EO command</strong> from the HSM Base Manual.</li> </ul> <p>We now have public keys exchanged and have them ready for use!!</p> <p>Our Database should be looking like this:</p> <p>|<strong>OUR-Key|OUR-PVC|THEIR-Key|THEIR-PVC|THEIR-MAC|GEN-PVC|</strong></p> <p>Now we have the Public keys exchanged and ready for use, we can generate our KEKs & send to Interchange Partner, and receive our KEKr from Interchange Partner;</p> <ul> <li>To send our KEKs we will use the<strong> H4 command</strong> from the Australian Standards support manual.</li> <li>To receive our KEKr we will use the <strong>H6 command</strong> from the Australian Standards support manual.</li> </ul> <p>Once these are decrypted and stored in our key database we can generate and exchange our session MAC and PIN keys.</p> <ol> <ul> <li>To generate and store our send keys we use the <strong>OI command</strong> from the Australian Standards support manual.</li> <li>To receive and store our receive keys we use the <strong>OK command</strong> from the Australian Standards support manual.</li> </ul> </ol> <p>Now we have all the keys in place we can start to process transactions.</p> <ol> <ul> <li>To generate the MAC on a message there are a number of commands available, however as we are using the AS2805 standards we always recommend our customers use the <strong>C2 command</strong> from the Australian Standards support manual. This provides all the options required for the Australian environment.</li> </ul> </ol> <p>Similarly to verify the MAC on a message there are a number of commands available, however as we are using the AS2805 standards we always recommend our customers use the <strong>C4 command</strong> from the Australian Standards support manual. This provides all the options required for the Australian environment.</p> <h4>Terminal Commands</h4> <p>Terminal Manufacturer will be injecting into the PINpads their Manufacturer Public Key. The MPK will be transmitted to SPONSOR securely. The MPK validity should be checked by verifying the PVC, this is achieved by generating a Public Key Verification Code This is done using the <strong>H2 command</strong> from the Australian Standards support manual. And the two values compared.</p> <ul> <li>We also need to generate a PPASN, this is achieved using the AS2805 <strong>PK command</strong>.</li> <li>The host will now send the SPK to the PINpad, the PINpad will now generate the KI (also known as KTI), and send to the host. This is recovered using the AS2805 <strong>host H8 command</strong>, which also returns the KCA, the KCA is encrypted under the LMK and the KTI.</li> <li>Now we have the MPK and have verified it is genuine, we now need to generate a MAC for the Public Key, this is achieved using the <strong>Host EO command</strong>, this is used in subsequent processing. Note: this command is only available when the HSM is in Authorised State. We can now recover the PINpad Public from the MSK. This is achieved using the AS2805 H0 host command.</li> <li>KCA is now used to create the TMK1 and TMK2 (also known as KEK1 & KEK2). These are generated using the C0 command.</li> <li>Now we have the TMK’s in place we can use the TMK update commands.</li> </ul> <p>Updating the Keys</p> <ul> <li>When updating only TMK1 the AS2805 <strong>OU command</strong> is used.</li> <li>When updating both TMK1 and TMK2 then the <strong>OW command</strong> is used.</li> </ul> <p>Now we have the TMK’s in place and able to be updated, we can generate the Session Keys to be used for the PIN, MAC & optional encryption keys if required.</p> <p>This is achieved using the AS2805 PI command. The <strong>PI command</strong> will generate the PIN, MAC, and optional Encryption keys.</p> <ul> <li>Now we can have the session keys in place we can Decrypt the data, verify the MAC & verify the pin. The decrypt data & verify MAC steps depend on how it has been handled by the terminal. Has the terminal done the MAC first then encrypted the required data or has the terminal encrypted the data & then done the MAC. We have assumed that the Encrypt was done first.</li> </ul> <ul> <li>Verify the MAC’s on the transactions from the terminal using the AS2805 <strong>C4</strong>.</li> </ul> <ul> <li>Once the MAC has been verified we can then decrypt the required data with the AS2805 host command PW.</li> </ul> <ul> <li>Now we have the required decrypted data you will need to either verify the PIN or Translate the PIN, to translate the PIN assuming the transaction is a debit card transaction. This is achieved using the AS2805 <strong>PO host command</strong>. To verify the PIN will use one of the following <strong>F0 or F2</strong>.</li> </ul> <p>If you have translated the PIN we can form the message and generate a MAC for the message to be sent to Interchange Partner, this is achieved using the <strong>C2 command</strong> as detailed above in the Interchange messages.</p> <p><em>The biggest problem we see with this are around the KEKs & KEKr is people get them around the wrong way. Your KEKs becomes the remote KEKr & vice versa. The AS2805 commands are designed to swap them over automatically. </em></p> <p><em>The other gotcha is we split the terminal side & the interchange side of the HSM, TMK (terminal master key) is like a KEK (ZMK (Zone master key)) but used on the terminal side of the network where a ZMK (KEKs & KEKr) is used for interchange side of the network.</em></p> <p><em> easy as Pie!</em></p> <div id="geo-post-75" class="geo geo-post" style="display: none"> <span class="latitude">-33.787535</span> <span class="longitude">151.200220</span> </div> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2014/12/02/thales-9000-and-as2805-interchange-commands/" rel="bookmark"><time class="entry-date published" datetime="2014-12-02T13:09:50+11:00">December 2, 2014</time><time class="updated" datetime="2015-05-30T15:40:30+10:00">May 30, 2015</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a>, <a href="https://arthurvandermerwe.com/category/hsm/" rel="category tag">HSM</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/as-2805-part-3/" rel="tag">AS 2805 part 3</a>, <a href="https://arthurvandermerwe.com/tag/as2805/" rel="tag">AS2805</a>, <a href="https://arthurvandermerwe.com/tag/as2805-pk-command/" rel="tag">AS2805 PK command</a>, <a href="https://arthurvandermerwe.com/tag/c2-command/" rel="tag">C2 command</a>, <a href="https://arthurvandermerwe.com/tag/c4-command/" rel="tag">C4 command</a>, <a href="https://arthurvandermerwe.com/tag/dea2/" rel="tag">DEA2</a>, <a href="https://arthurvandermerwe.com/tag/dea3/" rel="tag">DEA3</a>, <a href="https://arthurvandermerwe.com/tag/dukpt/" rel="tag">dukpt</a>, <a href="https://arthurvandermerwe.com/tag/ei-host-command/" rel="tag">EI host Command</a>, <a href="https://arthurvandermerwe.com/tag/eo-command/" rel="tag">EO command</a>, <a href="https://arthurvandermerwe.com/tag/h2-command/" rel="tag">H2 Command</a>, <a href="https://arthurvandermerwe.com/tag/h4-command/" rel="tag">H4 command</a>, <a href="https://arthurvandermerwe.com/tag/h6-command/" rel="tag">H6 command</a>, <a href="https://arthurvandermerwe.com/tag/h8-command/" rel="tag">H8 command</a>, <a href="https://arthurvandermerwe.com/tag/interchange/" rel="tag">Interchange</a>, <a href="https://arthurvandermerwe.com/tag/kca/" rel="tag">KCA</a>, <a href="https://arthurvandermerwe.com/tag/kek/" rel="tag">KEK</a>, <a href="https://arthurvandermerwe.com/tag/kekr/" rel="tag">KEKr</a>, <a href="https://arthurvandermerwe.com/tag/keks/" rel="tag">KEKs</a>, <a href="https://arthurvandermerwe.com/tag/kti/" rel="tag">KTI</a>, <a href="https://arthurvandermerwe.com/tag/mac/" rel="tag">MAC</a>, <a href="https://arthurvandermerwe.com/tag/oi-command/" rel="tag">OI command</a>, <a href="https://arthurvandermerwe.com/tag/ok-command/" rel="tag">OK command</a>, <a href="https://arthurvandermerwe.com/tag/ou-command/" rel="tag">OU command</a>, <a href="https://arthurvandermerwe.com/tag/ow-command/" rel="tag">OW command</a>, <a href="https://arthurvandermerwe.com/tag/pi-command/" rel="tag">PI command</a>, <a href="https://arthurvandermerwe.com/tag/po-host-command/" rel="tag">PO host command</a>, <a href="https://arthurvandermerwe.com/tag/rsa/" rel="tag">RSA</a>, <a href="https://arthurvandermerwe.com/tag/session-keys/" rel="tag">session keys</a>, <a href="https://arthurvandermerwe.com/tag/tmk1/" rel="tag">TMK1</a>, <a href="https://arthurvandermerwe.com/tag/tmk2/" rel="tag">TMK2</a>, <a href="https://arthurvandermerwe.com/tag/triple-des/" rel="tag">Triple DES</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2014/12/02/thales-9000-and-as2805-interchange-commands/#comments">4 Comments<span class="screen-reader-text"> on Thales 9000 with AS2805 Interchange & RSA EFTPOS Commands.</span></a></span> </footer> </article> <article id="post-317" class="post-317 post type-post status-publish format-quote hentry category-uncategorized post_format-post-format-quote entry"> <header class="entry-header default-max-width"> <h2 class="entry-title"><a href="https://arthurvandermerwe.com/2020/01/19/what-is-the-random-oracle-model-and-why-should-you-care-part-5-a-few-thoughts-on-cryptographic-engineering/" rel="bookmark">What is the random oracle model and why should you care? (Part 5) — A Few Thoughts on Cryptographic Engineering</a></h2> </header> <div class="entry-content"> <p><a href="http://blog.cryptographyengineering.com/2020/01/05/what-is-the-random-oracle-model-and-why-should-you-care-part-5/"><img src="https://matthewdgreen.files.wordpress.com/2020/01/3357797069_d63ee832b0_o.jpg?quality=80&strip=info&w=1600" alt="" /></a></p> <blockquote><p>This is part five of a series on the Random Oracle Model. See here for the previous posts: Part 1: An introduction Part 2: The ROM formalized, a scheme and a proof sketch Part 3: How we abuse the ROM to make our security proofs work Part 4: Some more examples of where the ROM […]</p></blockquote> <p>via <a href="http://blog.cryptographyengineering.com/2020/01/05/what-is-the-random-oracle-model-and-why-should-you-care-part-5/">What is the random oracle model and why should you care? (Part 5) — A Few Thoughts on Cryptographic Engineering</a></p> <div id="atatags-702045271-67407119c94ac"></div> <script> __ATA.cmd.push(function() { __ATA.initDynamicSlot({ id: 'atatags-702045271-67407119c94ac', location: 120, formFactor: '001', label: { text: 'Advertisements', }, creative: { reportAd: { text: 'Report this ad', }, privacySettings: { text: 'Privacy', } } }); }); </script> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2020/01/19/what-is-the-random-oracle-model-and-why-should-you-care-part-5-a-few-thoughts-on-cryptographic-engineering/" rel="bookmark"><time class="entry-date published updated" datetime="2020-01-19T09:56:34+11:00">January 19, 2020</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/uncategorized/" rel="category tag">Uncategorized</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2020/01/19/what-is-the-random-oracle-model-and-why-should-you-care-part-5-a-few-thoughts-on-cryptographic-engineering/#respond">Leave a comment<span class="screen-reader-text"> on What is the random oracle model and why should you care? (Part 5) — A Few Thoughts on Cryptographic Engineering</span></a></span> </footer> </article> <article id="post-311" class="post-311 post type-post status-publish format-quote hentry category-uncategorized post_format-post-format-quote entry"> <header class="entry-header default-max-width"> <h2 class="entry-title"><a href="https://arthurvandermerwe.com/2019/02/21/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function-a-few-thoughts-on-cryptographic-engineering/" rel="bookmark">Attack of the week: searchable encryption and the ever-expanding leakage function — A Few Thoughts on Cryptographic Engineering</a></h2> </header> <div class="entry-content"> <p><a href="http://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/"><img alt="" src="https://matthewdgreen.files.wordpress.com/2019/02/leakage.png?quality=80&strip=info&w=800" /></a></p> <blockquote><p>A few days ago I had the pleasure of hosting Kenny Paterson, who braved snow and historic cold (by Baltimore standards) to come talk to us about encrypted databases. Kenny’s newest result is with first authors Paul Grubbs, Marie-Sarah Lacharité and Brice Minaud (let’s call it GLMP). It isn’t so much about building encrypted databases, as it […]</p></blockquote> <p>via <a href="http://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/">Attack of the week: searchable encryption and the ever-expanding leakage function — A Few Thoughts on Cryptographic Engineering</a></p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2019/02/21/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function-a-few-thoughts-on-cryptographic-engineering/" rel="bookmark"><time class="entry-date published updated" datetime="2019-02-21T14:56:13+11:00">February 21, 2019</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/uncategorized/" rel="category tag">Uncategorized</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2019/02/21/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function-a-few-thoughts-on-cryptographic-engineering/#respond">Leave a comment<span class="screen-reader-text"> on Attack of the week: searchable encryption and the ever-expanding leakage function — A Few Thoughts on Cryptographic Engineering</span></a></span> </footer> </article> <article id="post-249" class="post-249 post type-post status-publish format-standard hentry category-cryptography-2 tag-bi-linear-maps tag-cryptography entry"> <header class="entry-header default-max-width"> <h2 class="entry-title"><a href="https://arthurvandermerwe.com/2017/12/29/from-bi-linear-maps-to-searchable-encryption/" rel="bookmark">From Bi-Linear Maps to Searchable Encryption</a></h2> </header> <div class="entry-content"> <h2>Pairings-Based Cryptography</h2> <h3>Introduction</h3> <p>Theoretical research into pairings-based cryptography has been a well-researched area over the last few years, this cryptography scheme is based on the mapping of two cryptographical groups which allows for a new cryptographical scheme based on a trapdoor permutation between the groups with some interesting complexity properties.</p> <p>These two groups are called a Gap Groups in many instances, where the Decisional Diffie-Helman problem is easy, but the Computational Diffie-Helman still is hard to solve. Weil and Tate pairings are used in implementations but requires complex mathematics, this is why in this section we will use a slightly more abstract means to explain bilinear maps..</p> <h3>Bilinear Maps</h3> <p>Mostly all constructions of pairings-based cryptosystems use bilinear maps, for this we consider two groups <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> or a prime order <img src="https://s0.wp.com/latex.php?latex=q&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=q&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=q&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="q" class="latex" />. We can denote <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> using additive notation and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> using multiplicative notation, even as the group operations of <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> are very different, <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> can also be written as a multiplicative group operation in some literature.</p> <p>If we consider two generators of group <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> as <img src="https://s0.wp.com/latex.php?latex=%5C+P&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5C+P&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5C+P&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\ P" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=Q&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Q&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Q&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Q" class="latex" />, we can write:</p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=aP%5C+%3D%5C+P%2BP%2B%5C+..P%5C+%5C%7D%5C+a&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=aP%5C+%3D%5C+P%2BP%2B%5C+..P%5C+%5C%7D%5C+a&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=aP%5C+%3D%5C+P%2BP%2B%5C+..P%5C+%5C%7D%5C+a&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="aP\ =\ P+P+\ ..P\ \}\ a" class="latex" /> times</p> <p>Using this we can also consider a map <img src="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e" class="latex" /> as follows: <img src="https://s0.wp.com/latex.php?latex=%7Be%3A%5C+G%7D_1%5C+%5Ctimes+G_1%5C+%5Cto+%5C+%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%7Be%3A%5C+G%7D_1%5C+%5Ctimes+G_1%5C+%5Cto+%5C+%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%7Be%3A%5C+G%7D_1%5C+%5Ctimes+G_1%5C+%5Cto+%5C+%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="{e:\ G}_1\ \times G_1\ \to \ \ G_2" class="latex" /></p> <p>This type of bilinear map has a main group <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> and a shadow group <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> where we map two group elements in the first group to the second group would need have properties between them in order for it to be useful, Bilinearity, non-degenerate and computable.</p> <p><span style="text-decoration:underline;">Bilinearity:</span></p> <p>For Group <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> using generators <img src="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=%5C+Q&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5C+Q&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5C+Q&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\ Q" class="latex" /> we can define a map to <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" />, where the additive operation in group <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> equals the multiplicative operation in <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" />:</p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=%5Cforall+P%2C%5C+Q%5Cin+G_1%2C+%5Cforall+a%2C%5C+b%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q%2C&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Cforall+P%2C%5C+Q%5Cin+G_1%2C+%5Cforall+a%2C%5C+b%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q%2C&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Cforall+P%2C%5C+Q%5Cin+G_1%2C+%5Cforall+a%2C%5C+b%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q%2C&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\forall P,\ Q\in G_1, \forall a,\ b\ \in {\mathbb{Z}}^*_q," class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=Map%3Ae%5Cleft%28aP%2C%5C+bQ%5Cright%29%3De%28P%2C%5C+Q%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Map%3Ae%5Cleft%28aP%2C%5C+bQ%5Cright%29%3De%28P%2C%5C+Q%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Map%3Ae%5Cleft%28aP%2C%5C+bQ%5Cright%29%3De%28P%2C%5C+Q%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Map:e\left(aP,\ bQ\right)=e(P,\ Q)^{ab}" class="latex" /></p> <p>If G1 and G2 where both multiplicative groups then the Bilinearity property would be the following:</p> <ul> <li><img src="https://s0.wp.com/latex.php?latex=%5Cforall+P%2C%5C+Q%5Cin+G_1%2C%5C+%5Cforall+a%2C%5C+b%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q%2C&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Cforall+P%2C%5C+Q%5Cin+G_1%2C%5C+%5Cforall+a%2C%5C+b%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q%2C&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Cforall+P%2C%5C+Q%5Cin+G_1%2C%5C+%5Cforall+a%2C%5C+b%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q%2C&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\forall P,\ Q\in G_1,\ \forall a,\ b\ \in {\mathbb{Z}}^*_q," class="latex" /></li> <li><img src="https://s0.wp.com/latex.php?latex=Map%3Ae%5Cleft%28P%5Ea%2C%5C+Q%5Eb%5Cright%29%3De%28P%2C%5C+Q%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Map%3Ae%5Cleft%28P%5Ea%2C%5C+Q%5Eb%5Cright%29%3De%28P%2C%5C+Q%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Map%3Ae%5Cleft%28P%5Ea%2C%5C+Q%5Eb%5Cright%29%3De%28P%2C%5C+Q%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Map:e\left(P^a,\ Q^b\right)=e(P,\ Q)^{ab}" class="latex" /></li> </ul> <p>This has an interesting property whereby it beaks the decisional Diffie-Helman problem, but this will be discussed in more details later.</p> <p><span style="text-decoration:underline;">Non-Degeneracy:</span></p> <p>If all the elements map to the identity of the group then if would not have any additional computational aspects to explore. It is therefore important not to create a map with the identity of either of the groups.<br /> <img src="https://s0.wp.com/latex.php?latex=%5Cforall+P%5C+%5Cin+G_1%2C%5C+P%5C+%5Cneq+0%5C+%5C+%5Cleft%5Clangle+e%5Cleft%28P%2C%5C+P%5Cright%29%5Cright%5Crangle+%3DG_2%5C+%28e%5Cleft%28P%2C%5C+P%5Cright%29%5C+generates%5C+G_2%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Cforall+P%5C+%5Cin+G_1%2C%5C+P%5C+%5Cneq+0%5C+%5C+%5Cleft%5Clangle+e%5Cleft%28P%2C%5C+P%5Cright%29%5Cright%5Crangle+%3DG_2%5C+%28e%5Cleft%28P%2C%5C+P%5Cright%29%5C+generates%5C+G_2%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Cforall+P%5C+%5Cin+G_1%2C%5C+P%5C+%5Cneq+0%5C+%5C+%5Cleft%5Clangle+e%5Cleft%28P%2C%5C+P%5Cright%29%5Cright%5Crangle+%3DG_2%5C+%28e%5Cleft%28P%2C%5C+P%5Cright%29%5C+generates%5C+G_2%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\forall P\ \in G_1,\ P\ \neq 0\ \ \left\langle e\left(P,\ P\right)\right\rangle =G_2\ (e\left(P,\ P\right)\ generates\ G_2)" class="latex" /><br /> Such that: <img src="https://s0.wp.com/latex.php?latex=P%5C+%5Cneq+0%5C+%5CRightarrow+e%5Cleft%28P%2C%5C+P%5Cright%29%5Cneq+1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P%5C+%5Cneq+0%5C+%5CRightarrow+e%5Cleft%28P%2C%5C+P%5Cright%29%5Cneq+1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P%5C+%5Cneq+0%5C+%5CRightarrow+e%5Cleft%28P%2C%5C+P%5Cright%29%5Cneq+1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P\ \neq 0\ \Rightarrow e\left(P,\ P\right)\neq 1" class="latex" /></p> <p><span style="text-decoration:underline;">Computability:</span> <img src="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e" class="latex" /> should be efficiently computable, there are some constructions of maps that are hard to compute.</p> <p>The construction of these bilinear pairs has been proven by Wei and Tate pairings, where <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> is a typical elliptic curve group, and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> is a finite field. These have proven to provide complex problems across these groups to construct cryptographical schemes.</p> <h3>Complex Problems</h3> <p>For the usage of bilinear maps in cryptographical schemes, we define a one-way function using two problems, the Decisional Diffie-Helman problem and the discrete log problem.</p> <p><strong>Theorem 1: The Discrete Log Problem in <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> is no harder than the Discrete Log Problem in <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" />.</strong></p> <p>Proof 1: If we use our additive notation and consider that <img src="https://s0.wp.com/latex.php?latex=Q%5C+%3D%5C+aP&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Q%5C+%3D%5C+aP&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Q%5C+%3D%5C+aP&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Q\ =\ aP" class="latex" />, we then need to solve <img src="https://s0.wp.com/latex.php?latex=a&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=a&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=a&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="a" class="latex" />, which is random, for a given <img src="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P" class="latex" /> and a random <img src="https://s0.wp.com/latex.php?latex=Q&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Q&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Q&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Q" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=e%5Cleft%28P%2C%5C+Q%5Cright%29%3De%5Cleft%28P%2C%5C+aP%5Cright%29%3De%28P%2C%5C+P%29%5Ea&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%5Cleft%28P%2C%5C+Q%5Cright%29%3De%5Cleft%28P%2C%5C+aP%5Cright%29%3De%28P%2C%5C+P%29%5Ea&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%5Cleft%28P%2C%5C+Q%5Cright%29%3De%5Cleft%28P%2C%5C+aP%5Cright%29%3De%28P%2C%5C+P%29%5Ea&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e\left(P,\ Q\right)=e\left(P,\ aP\right)=e(P,\ P)^a" class="latex" /></p> <p>With this we can effectively reduce the Discrete Log Problem in <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> to the Discrete Log Problem in <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" />, if we are given <img src="https://s0.wp.com/latex.php?latex=P%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P\in G_1" class="latex" /> and a random <img src="https://s0.wp.com/latex.php?latex=Q%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Q%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Q%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Q\in G_1" class="latex" /> then the mapping of <img src="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e" class="latex" /> is easily computable by calculating <img src="https://s0.wp.com/latex.php?latex=%7B%7Blog%7D_P+%28Q%29%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%7B%7Blog%7D_P+%28Q%29%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%7B%7Blog%7D_P+%28Q%29%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="{{log}_P (Q)}" class="latex" /> as:</p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=P%5E%60%3De%28P%2C%5C+P%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P%5E%60%3De%28P%2C%5C+P%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P%5E%60%3De%28P%2C%5C+P%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P^`=e(P,\ P)" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=Q%5E%60%3De%28P%2C%5C+Q%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Q%5E%60%3De%28P%2C%5C+Q%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Q%5E%60%3De%28P%2C%5C+Q%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Q^`=e(P,\ Q)" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=a%3D%5C+%7B%7Blog%7D_%7BP%5E%60%7D+%5Cleft%28Q%5E%60%5Cright%29%5C+in%5C+%5C+G_2%5C+%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=a%3D%5C+%7B%7Blog%7D_%7BP%5E%60%7D+%5Cleft%28Q%5E%60%5Cright%29%5C+in%5C+%5C+G_2%5C+%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=a%3D%5C+%7B%7Blog%7D_%7BP%5E%60%7D+%5Cleft%28Q%5E%60%5Cright%29%5C+in%5C+%5C+G_2%5C+%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="a=\ {{log}_{P^`} \left(Q^`\right)\ in\ \ G_2\ }" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=a%3D%7B%7Blog%7D_P+%28Q%29%5C+%7D%5C+in%5C+G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=a%3D%7B%7Blog%7D_P+%28Q%29%5C+%7D%5C+in%5C+G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=a%3D%7B%7Blog%7D_P+%28Q%29%5C+%7D%5C+in%5C+G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="a={{log}_P (Q)\ }\ in\ G_1" class="latex" /></p> <p style="text-align:left;">With this we can see that the difficulty of solving the discrete log problem in both groups are the same, since the computation of <img src="https://s0.wp.com/latex.php?latex=%7B%7Blog%7D_P+%28Q%29%5C+%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%7B%7Blog%7D_P+%28Q%29%5C+%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%7B%7Blog%7D_P+%28Q%29%5C+%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="{{log}_P (Q)\ }" class="latex" /> have the same complexity in both groups.</p> <p><strong>Theorem 2: The Decisional Diffie-Helman is easy in <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" />.</strong></p> <p>Proof 2: Solving the Decisional Diffie-Helman problem in <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> requires distinguishing between:</p> <p><img src="https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+cP+%5Crangle+%5C+with%5C+a%2C%5C+b%2C%5C+c%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+cP+%5Crangle+%5C+with%5C+a%2C%5C+b%2C%5C+c%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+cP+%5Crangle+%5C+with%5C+a%2C%5C+b%2C%5C+c%5C+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\langle P,\ aP,\ bP,\ cP \rangle \ with\ a,\ b,\ c\ \in {\mathbb{Z}}^*_q " class="latex" /> and<br /> <img src="https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+abP+%5Crangle+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+abP+%5Crangle+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+abP+%5Crangle+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\langle P,\ aP,\ bP,\ abP \rangle \in {\mathbb{Z}}^*_q " class="latex" /><br /> If we can define <img src="https://s0.wp.com/latex.php?latex=P%2CA%2CB&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P%2CA%2CB&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P%2CA%2CB&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P,A,B" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=C&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=C&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=C&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="C" class="latex" /> as the distinguishers four values, then the distinguisher function is as follows:</p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=v_1%3DMap%3Ae%28A%2C%5C+B%29%5C+and%5C+v_2%3DMap%3Ae%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=v_1%3DMap%3Ae%28A%2C%5C+B%29%5C+and%5C+v_2%3DMap%3Ae%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=v_1%3DMap%3Ae%28A%2C%5C+B%29%5C+and%5C+v_2%3DMap%3Ae%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="v_1=Map:e(A,\ B)\ and\ v_2=Map:e(P,\ C)" class="latex" /></p> <p>If we have that <img src="https://s0.wp.com/latex.php?latex=v_1%3Dv_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=v_1%3Dv_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=v_1%3Dv_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="v_1=v_2" class="latex" />, then the tuple is of type <img src="https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+abP%5Crangle+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+abP%5Crangle+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Clangle+P%2C%5C+aP%2C%5C+bP%2C%5C+abP%5Crangle+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\langle P,\ aP,\ bP,\ abP\rangle " class="latex" /></p> <p>From this we can take <img src="https://s0.wp.com/latex.php?latex=C%3D%5C+abP&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=C%3D%5C+abP&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=C%3D%5C+abP&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="C=\ abP" class="latex" /> from (Theorem 1)</p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=e%28A%2C%5C+B%29%3De%28aP%2C%5C+bP%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28A%2C%5C+B%29%3De%28aP%2C%5C+bP%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28A%2C%5C+B%29%3De%28aP%2C%5C+bP%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(A,\ B)=e(aP,\ bP)" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+P%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+P%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+P%29%5E%7Bab%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="=e(P,\ P)^{ab}" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+abP%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+abP%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+abP%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="=e(P,\ abP)" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%3De%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="=e(P,\ C)" class="latex" /></p> <p>Since the map <img src="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e" class="latex" /> is non-degenerate we can set <img src="https://s0.wp.com/latex.php?latex=e%5Cleft%28A%2C%5C+B%5Cright%29%3De%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%5Cleft%28A%2C%5C+B%5Cright%29%3De%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%5Cleft%28A%2C%5C+B%5Cright%29%3De%28P%2C%5C+C%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e\left(A,\ B\right)=e(P,\ C)" class="latex" /> equivalent to <img src="https://s0.wp.com/latex.php?latex=c%5C+%3Dab&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=c%5C+%3Dab&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=c%5C+%3Dab&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="c\ =ab" class="latex" />. The distinguisher has thus a significant advantage given the mapping <img src="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e" class="latex" /> to decide the Decisional Diffie-Helman problem.</p> <p><strong>Theorem 3 The Bilinear Diffie-Helman Problem is easy in <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> but difficult in <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /></strong></p> <p>Fact: If we are given two groups <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> with a map between them as <img src="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e" class="latex" />, there are no polynomial time algorithm that can compute <img src="https://s0.wp.com/latex.php?latex=%5Cleft%28P%2C%5C+aP%2C%5C+bP%2C%5C+cP%5Cright%29for%5C+%5C+some%5C+a%2C%5C+b%2C%5C+c%5C+%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Cleft%28P%2C%5C+aP%2C%5C+bP%2C%5C+cP%5Cright%29for%5C+%5C+some%5C+a%2C%5C+b%2C%5C+c%5C+%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Cleft%28P%2C%5C+aP%2C%5C+bP%2C%5C+cP%5Cright%29for%5C+%5C+some%5C+a%2C%5C+b%2C%5C+c%5C+%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\left(P,\ aP,\ bP,\ cP\right)for\ \ some\ a,\ b,\ c\ \in \ {\mathbb{Z}}^*_q" class="latex" /> in <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> given <img src="https://s0.wp.com/latex.php?latex=e%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(P,\ P)^{abc}" class="latex" /> in <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" />. With this we can construct the following properties between the groups as the following hard problems:</p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+bP%29%5Ec%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+bP%29%5Ec%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+bP%29%5Ec%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(aP,\ bP)^c\ in\ G_1=e(P,\ P)^{abc}\ in\ G_2" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+cP%29%5Eb%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+cP%29%5Eb%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+cP%29%5Eb%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(aP,\ cP)^b\ in\ G_1=e(P,\ P)^{abc}\ in\ G_2" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=e%28bP%2C%5C+cP%29%5Ea%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28bP%2C%5C+cP%29%5Ea%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28bP%2C%5C+cP%29%5Ea%5C+in%5C+G_1%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+in%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(bP,\ cP)^a\ in\ G_1=e(P,\ P)^{abc}\ in\ G_2" class="latex" /></p> <p>Using these theories, we can now construct cryptosystems based on these hard problems found in these groups.</p> <h3>Cryptography Schemes</h3> <p>Using these complexity problems, there has been an abundance of cryptosystems developed over the years, where the two most notable are the 3-party key agreement scheme, identity based encryption and searchable encryption.</p> <h4>The 3-party Diffie-Helman key agreement scheme</h4> <p>Joux introduced in 2000 a three-party key agreement scheme using bilinear maps utilizing the Bilinear Diffie-Helman problem for the construction.</p> <p>If we have two groups <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> with <img src="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P" class="latex" /> as a generator of <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" />, and three parties <img src="https://s0.wp.com/latex.php?latex=A%2C%5C+B%2C%5C+C&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=A%2C%5C+B%2C%5C+C&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=A%2C%5C+B%2C%5C+C&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="A,\ B,\ C" class="latex" /> that have respective secrets <img src="https://s0.wp.com/latex.php?latex=a%2C%5C+b%2C%5C+c%5C+%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=a%2C%5C+b%2C%5C+c%5C+%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=a%2C%5C+b%2C%5C+c%5C+%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="a,\ b,\ c\ \in \ {\mathbb{Z}}^*_q" class="latex" /> we can construct a key agreement scheme where each party shares a secret key as follows:<br /> <img src="https://s0.wp.com/latex.php?latex=A%5C+%5Clongrightarrow+B%2C%5C+C%3AaP&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=A%5C+%5Clongrightarrow+B%2C%5C+C%3AaP&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=A%5C+%5Clongrightarrow+B%2C%5C+C%3AaP&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="A\ \longrightarrow B,\ C:aP" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=B%5C+%5Clongrightarrow+A%2C%5C+C%3AbP&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=B%5C+%5Clongrightarrow+A%2C%5C+C%3AbP&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=B%5C+%5Clongrightarrow+A%2C%5C+C%3AbP&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="B\ \longrightarrow A,\ C:bP" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=C%5C+%5Clongrightarrow+A%2C%5C+B%3AcP&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=C%5C+%5Clongrightarrow+A%2C%5C+B%3AcP&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=C%5C+%5Clongrightarrow+A%2C%5C+B%3AcP&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="C\ \longrightarrow A,\ B:cP" class="latex" /></p> <p>Using the Bilinear Diffie-Helman Problem we can define the following:</p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=A&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=A&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=A&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="A" class="latex" /> computes <img src="https://s0.wp.com/latex.php?latex=e%28bP%2C%5C+cP%29%5Ea%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28bP%2C%5C+cP%29%5Ea%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28bP%2C%5C+cP%29%5Ea%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(bP,\ cP)^a=e(P,\ P)^{abc}" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=B&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=B&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=B&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="B" class="latex" /> computes <img src="https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+cP%29%5Eb%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+cP%29%5Eb%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+cP%29%5Eb%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(aP,\ cP)^b=e(P,\ P)^{abc}" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=C&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=C&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=C&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="C" class="latex" /> computes <img src="https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+bP%29%5Ec%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+bP%29%5Ec%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28aP%2C%5C+bP%29%5Ec%3De%28P%2C%5C+P%29%5E%7Babc%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(aP,\ bP)^c=e(P,\ P)^{abc}" class="latex" /></p> <p>All parties now have the same shared key <img src="https://s0.wp.com/latex.php?latex=K%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=K%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=K%3De%28P%2C%5C+P%29%5E%7Babc%7D%5C+%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="K=e(P,\ P)^{abc}\ \in G_2" class="latex" /> that can be used as an input to a symmetric encryption scheme.</p> <h4>Identity Based Encryption</h4> <p>The idea of using private information, like an email address, as a public key has been long debated and researched, whereby the corresponding private key can be delivered to the rightful owner. The role of the key generator must be to verify the private information before distributing the private key to the owner, although a public key infrastructure would solve this problem, there were substantial research into this area to move away from a trusted third party, and having the identity as part of the encryption.</p> <p>In Dan Boneh’s and Franklin’s paper an Identity based encryption scheme was created to remove the public key infrastructure with the use of bilinear maps and the bilinear Diffie-Helman problem, incorporating a random oracle model. This protocol consists out of five phases:</p> <p><strong>Setup</strong></p> <ul> <li>Defining two groups <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> with a bilinear map <img src="https://s0.wp.com/latex.php?latex=e%3AG_%7B1%5C+%7D%5Ctimes+G_1%5C+%5Cto+%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%3AG_%7B1%5C+%7D%5Ctimes+G_1%5C+%5Cto+%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%3AG_%7B1%5C+%7D%5Ctimes+G_1%5C+%5Cto+%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e:G_{1\ }\times G_1\ \to \ G_2" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P" class="latex" /> as a generator</li> <li>A System wide secret key <img src="https://s0.wp.com/latex.php?latex=s%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=s%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=s%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="s\in \ {\mathbb{Z}}^*_q" class="latex" /></li> <li>A corresponding system wide public key <img src="https://s0.wp.com/latex.php?latex=P_%7Bpub%7D%3DsP&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=P_%7Bpub%7D%3DsP&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=P_%7Bpub%7D%3DsP&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="P_{pub}=sP" class="latex" />, which are not distributed</li> <li>Public hash function <img src="https://s0.wp.com/latex.php?latex=H_1%3A%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%2A%5C+%5Cto+G%5E%2A_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=H_1%3A%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%2A%5C+%5Cto+G%5E%2A_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=H_1%3A%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%2A%5C+%5Cto+G%5E%2A_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="H_1:\{0,\ 1{\}}^*\ \to G^*_1" class="latex" />, a random oracle</li> <li>Public hash function <img src="https://s0.wp.com/latex.php?latex=H_2%3AG_2%5C+%5Cto+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=H_2%3AG_2%5C+%5Cto+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=H_2%3AG_2%5C+%5Cto+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="H_2:G_2\ \to \{0,\ 1{\}}^n" class="latex" /> for some fixed <img src="https://s0.wp.com/latex.php?latex=n&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=n&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=n&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="n" class="latex" />, the second random oracle.</li> <li>The message space <img src="https://s0.wp.com/latex.php?latex=%5Cmathcal%7BM%7D%3D%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Cmathcal%7BM%7D%3D%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Cmathcal%7BM%7D%3D%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\mathcal{M}=\{0,\ 1{\}}^n" class="latex" /></li> <li>The cypher space <img src="https://s0.wp.com/latex.php?latex=C%3DG%5E%2A_1%5C+%5Ctimes+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=C%3DG%5E%2A_1%5C+%5Ctimes+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=C%3DG%5E%2A_1%5C+%5Ctimes+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5En&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="C=G^*_1\ \times \{0,\ 1{\}}^n" class="latex" /></li> </ul> <p>To create a private key for a corresponding participant for <img src="https://s0.wp.com/latex.php?latex=ID%5Cin+%5C%7B0%2C1%7B%5C%7D%7D%5E%2A&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=ID%5Cin+%5C%7B0%2C1%7B%5C%7D%7D%5E%2A&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=ID%5Cin+%5C%7B0%2C1%7B%5C%7D%7D%5E%2A&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="ID\in \{0,1{\}}^*" class="latex" /> the system computes:</p> <p><img src="https://s0.wp.com/latex.php?latex=Q_%7BID%7D%3DH_1%28ID%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Q_%7BID%7D%3DH_1%28ID%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Q_%7BID%7D%3DH_1%28ID%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Q_{ID}=H_1(ID)" class="latex" /> and<br /> <img src="https://s0.wp.com/latex.php?latex=d_%7BID%7D%3D%5C+%7BsQ%7D_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=d_%7BID%7D%3D%5C+%7BsQ%7D_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=d_%7BID%7D%3D%5C+%7BsQ%7D_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="d_{ID}=\ {sQ}_{ID}" class="latex" /> which is the private key that can be distributes to the user.</p> <p><strong>Encryption:</strong><br /> If we are now given a message <img src="https://s0.wp.com/latex.php?latex=m%5C+%5Cin+%5Cmathcal%7BM%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%5C+%5Cin+%5Cmathcal%7BM%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%5C+%5Cin+%5Cmathcal%7BM%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m\ \in \mathcal{M}" class="latex" /> we can compute the cyphertext as follows:</p> <ul> <li><img src="https://s0.wp.com/latex.php?latex=Q_%7BID%7D%3DH_1%5Cleft%28ID%5Cright%29%5Cin+G%5E%2A_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Q_%7BID%7D%3DH_1%5Cleft%28ID%5Cright%29%5Cin+G%5E%2A_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Q_%7BID%7D%3DH_1%5Cleft%28ID%5Cright%29%5Cin+G%5E%2A_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Q_{ID}=H_1\left(ID\right)\in G^*_1" class="latex" /></li> <li>We then choose a random <img src="https://s0.wp.com/latex.php?latex=r%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=r%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=r%5Cin+%5C+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_q&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="r\in \ {\mathbb{Z}}^*_q" class="latex" /></li> <li>We can now compute <img src="https://s0.wp.com/latex.php?latex=g_%7BID%7D%3De%5Cleft%28Q_%7BID%7D%2C%5C+P_%7Bpub%7D%5Cright%29%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=g_%7BID%7D%3De%5Cleft%28Q_%7BID%7D%2C%5C+P_%7Bpub%7D%5Cright%29%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=g_%7BID%7D%3De%5Cleft%28Q_%7BID%7D%2C%5C+P_%7Bpub%7D%5Cright%29%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="g_{ID}=e\left(Q_{ID},\ P_{pub}\right)\in G_2" class="latex" /></li> <li>And create the cyphertext: <img src="https://s0.wp.com/latex.php?latex=c%3D%28rP%2C%5C+m%5Coplus+H_2%28g%5Er_%7BID%7D%29%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=c%3D%28rP%2C%5C+m%5Coplus+H_2%28g%5Er_%7BID%7D%29%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=c%3D%28rP%2C%5C+m%5Coplus+H_2%28g%5Er_%7BID%7D%29%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="c=(rP,\ m\oplus H_2(g^r_{ID}))" class="latex" /></li> </ul> <p><strong>Decryption:</strong></p> <p>When the user receives the cyphertext, he has <img src="https://s0.wp.com/latex.php?latex=c%3D%28u%2C%5C+v%29%5Cin+C&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=c%3D%28u%2C%5C+v%29%5Cin+C&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=c%3D%28u%2C%5C+v%29%5Cin+C&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="c=(u,\ v)\in C" class="latex" /> and can decrypt it using his corresponding private key <img src="https://s0.wp.com/latex.php?latex=d_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=d_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=d_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="d_{ID}" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=H_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=H_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=H_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="H_2" class="latex" /></p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28d_%7BID%7D%2C%5C+u%29%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28d_%7BID%7D%2C%5C+u%29%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28d_%7BID%7D%2C%5C+u%29%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m=v\oplus H_2(e(d_{ID},\ u))" class="latex" /></p> <p>The main reason that both encryption and decryption works are because of the properties of pairings and the mask generated by <img src="https://s0.wp.com/latex.php?latex=H_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=H_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=H_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="H_2" class="latex" /> that is xor’ed with the plaintext. We can prove the correctness by using simple substitution from the parameters above:</p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28d_%7BID%7D%2C%5C+u%29%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28d_%7BID%7D%2C%5C+u%29%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28d_%7BID%7D%2C%5C+u%29%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m=v\oplus H_2(e(d_{ID},\ u))" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28sH_1%28ID%29%5C+%2C%5C+rP%29%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28sH_1%28ID%29%5C+%2C%5C+rP%29%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28sH_1%28ID%29%5C+%2C%5C+rP%29%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m=v\oplus H_2(e(sH_1(ID)\ ,\ rP))" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28H_1%28ID%29%5C+%2C%5C+P%29%29%5E%7Brs%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28H_1%28ID%29%5C+%2C%5C+P%29%29%5E%7Brs%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28H_1%28ID%29%5C+%2C%5C+P%29%29%5E%7Brs%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m=v\oplus H_2(e(H_1(ID)\ ,\ P))^{rs}" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28Q_%7BID%7D%5C+%2C%5C+sP%29%29%5Er&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28Q_%7BID%7D%5C+%2C%5C+sP%29%29%5Er&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28Q_%7BID%7D%5C+%2C%5C+sP%29%29%5Er&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m=v\oplus H_2(e(Q_{ID}\ ,\ sP))^r" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28Q_%7BID%7D%5C+%2C%5C+P_%7Bpub%7D%29%29%5Er&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28Q_%7BID%7D%5C+%2C%5C+P_%7Bpub%7D%29%29%5Er&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28e%28Q_%7BID%7D%5C+%2C%5C+P_%7Bpub%7D%29%29%5Er&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m=v\oplus H_2(e(Q_{ID}\ ,\ P_{pub}))^r" class="latex" /><br /> <img src="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28g%5Er_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28g%5Er_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%3Dv%5Coplus+H_2%28g%5Er_%7BID%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m=v\oplus H_2(g^r_{ID}" class="latex" />)<br /> <img src="https://s0.wp.com/latex.php?latex=m%3D%28m%5Coplus+H_2+%28g%5Er_%7BID%7D%29%29%5Coplus+H_2%28g%5Er_%7BID%7D%29%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=m%3D%28m%5Coplus+H_2+%28g%5Er_%7BID%7D%29%29%5Coplus+H_2%28g%5Er_%7BID%7D%29%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=m%3D%28m%5Coplus+H_2+%28g%5Er_%7BID%7D%29%29%5Coplus+H_2%28g%5Er_%7BID%7D%29%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="m=(m\oplus H_2 (g^r_{ID}))\oplus H_2(g^r_{ID}))" class="latex" /></p> <p style="text-align:center;"><img src="https://s0.wp.com/latex.php?latex=%3Dm&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%3Dm&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%3Dm&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="=m" class="latex" /></p> <p>This scheme provides us a way to use the identity as a parameter within the encryption and decryption without the use of a third party. The usage of identity is important, as this can bind the encryption and decryption to a owner of the keys.</p> <h2>Searchable Encryption</h2> <p>Searchable encryption schemes are a well-studied topic, and there have been several constructions using order revealing and order preserving schemes. For the a simplified construction a protocol I have chosen to use an order revealing encryption schemes based on bilinear maps, this construction is proven to be secure against adaptively chosen keyword attacks assuming the bilinear Diffie-Helman problem is intractable using the random oracle model.</p> <p>To use this construction , we will look at the following scenario:</p> <p>For this scenario, we need to define four entities that will be involved in the scheme:</p> <ul> <li>Users (1..n): responsible for the creation of messages that are sent to a trusted party for routing. These messages are sent and received via a secure channel to the messaging server.</li> <li>Third Party / Message Server: The messaging platform, that routes messages to users, and that can test weather a certain list of keywords are present in the message.</li> <li>Legal Authority (1..n): The party interested in searching the message data.</li> <li>Trusted Third Party: a Party responsible for securing the private key</li> </ul> <p>Suppose a Legal authority needs to be alerted when certain keywords are transmitted to a messaging server. For example, a user sends a message to another user that he is planning a bombing, the “bombing” needs to create an alert on the messaging server, and the legal authority needs to be sent a encryption of the message thread.</p> <p>If the messages between the users are encrypted using semantic means, then the messaging server cannot make any alerting decisions as it cannot decrypt the messages. Our goal here is to ensure that the messaging server provide a way to test whether a keyword has been transmitted between the users, without revealing the content of the messages. This can only be achievable by the legal authority providing a list of keywords to the message server that can be used, as well messaging server needs to have access to both the encryption and decryption key of the user’s messages.</p> <p>To do so, a user encrypts messages between users and messaging server using a standard public key cryptosystem and saves it in his database. The messages are appended with a Public-Key Encryption with keyword Search (PKS) of each keyword. For example, User Steve sends Peter a message <img src="https://s0.wp.com/latex.php?latex=M&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=M&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=M&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="M" class="latex" /> with words <img src="https://s0.wp.com/latex.php?latex=W_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W_1" class="latex" />, <img src="https://s0.wp.com/latex.php?latex=W_2..W_m&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W_2..W_m&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W_2..W_m&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W_2..W_m" class="latex" />, then the trusted messaging server create:<br /> <img src="https://s0.wp.com/latex.php?latex=E_%7BA_%7Bpub%7D%7D%28Message%29%5C+%5Cparallel+PKS%28A_%7Bpub%7D%2C%5C+W_1%29%5Cparallel+%5Cdots+%5Cparallel+PKS%28A_%7Bpub%7D%2C%5C+W_m%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=E_%7BA_%7Bpub%7D%7D%28Message%29%5C+%5Cparallel+PKS%28A_%7Bpub%7D%2C%5C+W_1%29%5Cparallel+%5Cdots+%5Cparallel+PKS%28A_%7Bpub%7D%2C%5C+W_m%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=E_%7BA_%7Bpub%7D%7D%28Message%29%5C+%5Cparallel+PKS%28A_%7Bpub%7D%2C%5C+W_1%29%5Cparallel+%5Cdots+%5Cparallel+PKS%28A_%7Bpub%7D%2C%5C+W_m%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="E_{A_{pub}}(Message)\ \parallel PKS(A_{pub},\ W_1)\parallel \dots \parallel PKS(A_{pub},\ W_m)" class="latex" /><br /> Where <img src="https://s0.wp.com/latex.php?latex=%5Cparallel+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Cparallel+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Cparallel+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\parallel " class="latex" /> denotes concatenation and <img src="https://s0.wp.com/latex.php?latex=E_%7BA_%7Bpub%7D%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=E_%7BA_%7Bpub%7D%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=E_%7BA_%7Bpub%7D%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="E_{A_{pub}}" class="latex" /> is the public key of the legal authority (Alice). The reason for this form of encryption is so that the legal authority can provide a trapdoor <img src="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="T_w" class="latex" /> to the messaging server to test whether a certain keyword has been used. Given a searchable encryption for a keyword <img src="https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+%5C+W%5E%60%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+%5C+W%5E%60%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+%5C+W%5E%60%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="PKS(A_{pub},\ \ W^`)" class="latex" /> and a trapdoor <img src="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="T_w" class="latex" /> the messaging server can determine is <img src="https://s0.wp.com/latex.php?latex=W%3DW%5E%60&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W%3DW%5E%60&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W%3DW%5E%60&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W=W^`" class="latex" /> , if it’s the case that <img src="https://s0.wp.com/latex.php?latex=W%5Cneq+W%5E%60&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W%5Cneq+W%5E%60&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W%5Cneq+W%5E%60&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W\neq W^`" class="latex" /> then the messaging server does not learn any information about the word. It’s also quite interesting to note that this is not a very communitive scheme, as the searchable encryption (PKS) is constructed only using the public key of the legal authority.</p> <h3>Definitions</h3> <p>Throughout this section we will refer to a negligible function as <img src="https://s0.wp.com/latex.php?latex=f%5Cmathrm%7B%3A%7D%5Cmathrm%7B%5C+%7D%5Cmathbb%7BR%7D%5Cto+%5Cmathrm%7B%5B%7D0%2C%5C+1%5D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=f%5Cmathrm%7B%3A%7D%5Cmathrm%7B%5C+%7D%5Cmathbb%7BR%7D%5Cto+%5Cmathrm%7B%5B%7D0%2C%5C+1%5D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=f%5Cmathrm%7B%3A%7D%5Cmathrm%7B%5C+%7D%5Cmathbb%7BR%7D%5Cto+%5Cmathrm%7B%5B%7D0%2C%5C+1%5D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="f\mathrm{:}\mathrm{\ }\mathbb{R}\to \mathrm{[}0,\ 1]" class="latex" /> where <img src="https://s0.wp.com/latex.php?latex=f%5Cleft%28s%5Cright%29%3C1%2Fg%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=f%5Cleft%28s%5Cright%29%3C1%2Fg%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=f%5Cleft%28s%5Cright%29%3C1%2Fg%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="f\left(s\right)<1/g(s)" class="latex" /> for any polynomial <img src="https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="g" class="latex" /> and sufficiently large <img src="https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="s" class="latex" />. I will start by defining a searchable public key encryption scheme (PKS) where the public key refers to the cyphertext created by the messaging server using the public key of the legal authority , and the searchable encryption scheme (PKS) does not reveal any information about the message.</p> <p>Our goal is to enable the legal authority to send a short secret key (<img src="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="T_w" class="latex" />) for a specific word to the messaging server, so that the messaging server can locate all messages that have this keyword without revealing the word <img src="https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W" class="latex" />. The secret key (<img src="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="T_w" class="latex" />) produced by the legal authority is based on the private key, and the messaging server send the message containing the words back to the legal authority, encrypted using the corresponding public key.</p> <p><strong>Definition 1.1: The following polynomial time randomized algorithms are part of a non-interactive searchable encryption scheme (PKS)</strong>.</p> <ul> <li><img src="https://s0.wp.com/latex.php?latex=KeyGen%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=KeyGen%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=KeyGen%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="KeyGen(s)" class="latex" />: For a security parameter <img src="https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="s" class="latex" /> a corresponding public/private key pair is generated (<img src="https://s0.wp.com/latex.php?latex=A_%7Bpriv%7D%2C%5C+A_%7Bpub%7D%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=A_%7Bpriv%7D%2C%5C+A_%7Bpub%7D%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=A_%7Bpriv%7D%2C%5C+A_%7Bpub%7D%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="A_{priv},\ A_{pub})" class="latex" /> by the legal authority and the public key is sent to the messaging server.</li> <li><img src="https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="PKS(A_{pub},\ W)" class="latex" />: For a word <img src="https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W" class="latex" /> in the message, a searchable encryption (PKS) is generated using the public key <img src="https://s0.wp.com/latex.php?latex=A_%7Bpub%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=A_%7Bpub%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=A_%7Bpub%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="A_{pub}" class="latex" /> of the legal authority. We will denote the <img src="https://s0.wp.com/latex.php?latex=PKS&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=PKS&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=PKS&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="PKS" class="latex" /> function as <img src="https://s0.wp.com/latex.php?latex=S&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=S&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=S&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="S" class="latex" /></li> <li><img src="https://s0.wp.com/latex.php?latex=Trapdoor%28A_%7Bpriv%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Trapdoor%28A_%7Bpriv%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Trapdoor%28A_%7Bpriv%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Trapdoor(A_{priv},\ W)" class="latex" />: Given the private key of the legal authority, a certain word <img src="https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W" class="latex" /> produces a trapdoor <img src="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="T_w" class="latex" />.</li> <li><img src="https://s0.wp.com/latex.php?latex=Test%28A_%7Bpub%7D%2C%5C+S%2C%5C+T_W%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Test%28A_%7Bpub%7D%2C%5C+S%2C%5C+T_W%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Test%28A_%7Bpub%7D%2C%5C+S%2C%5C+T_W%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Test(A_{pub},\ S,\ T_W)" class="latex" />: Given the public key of the legal authority <img src="https://s0.wp.com/latex.php?latex=A_%7Bpub%7D%2C%5C+%5C+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=A_%7Bpub%7D%2C%5C+%5C+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=A_%7Bpub%7D%2C%5C+%5C+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="A_{pub},\ \ " class="latex" />and a searchable encryption <img src="https://s0.wp.com/latex.php?latex=S&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=S&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=S&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="S" class="latex" /> on the messaging server, a trapdoor <img src="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=T_w&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="T_w" class="latex" /> outputs `yes’ if <img src="https://s0.wp.com/latex.php?latex=W%3DW%27&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W%3DW%27&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W%3DW%27&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W=W'" class="latex" /></li> </ul> <p>The legal authority will run the <img src="https://s0.wp.com/latex.php?latex=KeyGen&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=KeyGen&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=KeyGen&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="KeyGen" class="latex" /> algorithm and generate its public/ private key pairs, and then use the <img src="https://s0.wp.com/latex.php?latex=Trapdoor&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Trapdoor&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Trapdoor&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Trapdoor" class="latex" /> function to generate a series of trapdoors for words <img src="https://s0.wp.com/latex.php?latex=W_1..%5C+W_i&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W_1..%5C+W_i&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W_1..%5C+W_i&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W_1..\ W_i" class="latex" /> that it wants to search for. The messaging server will then use the <img src="https://s0.wp.com/latex.php?latex=Test&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Test&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Test&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Test" class="latex" /> function to determine whether a given message has a keyword <img src="https://s0.wp.com/latex.php?latex=W_i&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W_i&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W_i&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W_i" class="latex" />.</p> <h3>Construction</h3> <p>For the definition above I will provide an efficient construction using bilinear maps based on a variant of the Decision Diffie-Hellman assumption with identity based encryption</p> <p>We will use two groups <img src="https://s0.wp.com/latex.php?latex=G_1%2C%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1%2C%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1%2C%5C+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1,\ G_2" class="latex" /> of prime order <img src="https://s0.wp.com/latex.php?latex=p&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=p&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=p&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="p" class="latex" /> and a bilinear map <img src="https://s0.wp.com/latex.php?latex=e%3AG_1%5Ctimes+G_1%5Cto+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%3AG_1%5Ctimes+G_1%5Cto+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%3AG_1%5Ctimes+G_1%5Cto+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e:G_1\times G_1\to G_2" class="latex" /> between the two groups. This map satisfies the following three properties where the size of <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /> is determined by a security parameter:</p> <ul> <li><strong>Computable:</strong> If you are given two elements in <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> as <img src="https://s0.wp.com/latex.php?latex=g%2C%5C+h&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=g%2C%5C+h&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=g%2C%5C+h&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="g,\ h" class="latex" /> then there exists a polynomial time algorithm to compute the map <img src="https://s0.wp.com/latex.php?latex=e%28g%2C%5C+h%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28g%2C%5C+h%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28g%2C%5C+h%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(g,\ h)" class="latex" /> in <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /></li> <li><strong>Bilinear:</strong> for all integers in the prime order, we have a map <img src="https://s0.wp.com/latex.php?latex=e%28g%5Ex%2C%5C+g%5Ey%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28g%5Ex%2C%5C+g%5Ey%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28g%5Ex%2C%5C+g%5Ey%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(g^x,\ g^y)" class="latex" /> = <img src="https://s0.wp.com/latex.php?latex=e%28g%2C%5C+g%29%5E%7Bxy%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28g%2C%5C+g%29%5E%7Bxy%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28g%2C%5C+g%29%5E%7Bxy%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(g,\ g)^{xy}" class="latex" /></li> <li><strong>Non-degenerate:</strong> if <img src="https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="g" class="latex" /> is a generator of <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" /> then the map <img src="https://s0.wp.com/latex.php?latex=e%28g%2C%5C+g%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=e%28g%2C%5C+g%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=e%28g%2C%5C+g%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="e(g,\ g)" class="latex" /> is a generator of <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" /></li> </ul> <p>From this we can build a non-interactive searchable encryption scheme based on bilinear maps. For this we will need two hash function, or random oracles in each group as:</p> <p><img src="https://s0.wp.com/latex.php?latex=H_1%3A%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%2A%5Cto+G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=H_1%3A%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%2A%5Cto+G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=H_1%3A%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%2A%5Cto+G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="H_1:\{0,\ 1{\}}^*\to G_1" class="latex" /> and <img src="https://s0.wp.com/latex.php?latex=H_2%3AG_2%5Cto+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%7B%7Blog+p%5C+%7D%7D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=H_2%3AG_2%5Cto+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%7B%7Blog+p%5C+%7D%7D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=H_2%3AG_2%5Cto+%5C%7B0%2C%5C+1%7B%5C%7D%7D%5E%7B%7Blog+p%5C+%7D%7D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="H_2:G_2\to \{0,\ 1{\}}^{{log p\ }}" class="latex" /></p> <p>Based on definition 1.1 we will construct the scheme using the same model based on the Dan Boneh Searchable Encryption Scheme:</p> <ul> <li><img src="https://s0.wp.com/latex.php?latex=KeyGen%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=KeyGen%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=KeyGen%28s%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="KeyGen(s)" class="latex" />: The security parameter <img src="https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=s&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="s" class="latex" /> determines the size of the prime order <img src="https://s0.wp.com/latex.php?latex=p&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=p&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=p&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="p" class="latex" /> of the groups <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" />and <img src="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_2" class="latex" />. The legal authority then also selects a random <img src="https://s0.wp.com/latex.php?latex=%5Calpha+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_p&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Calpha+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_p&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Calpha+%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_p&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\alpha \in {\mathbb{Z}}^*_p" class="latex" /> and a generator <img src="https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=g&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="g" class="latex" /> of <img src="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="G_1" class="latex" />. The Output is a public key <img src="https://s0.wp.com/latex.php?latex=A_%7Bpub%7D%3D%5Bg%2C%5C+h%3Dg%5E%7B%5Calpha+%7D%5D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=A_%7Bpub%7D%3D%5Bg%2C%5C+h%3Dg%5E%7B%5Calpha+%7D%5D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=A_%7Bpub%7D%3D%5Bg%2C%5C+h%3Dg%5E%7B%5Calpha+%7D%5D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="A_{pub}=[g,\ h=g^{\alpha }]" class="latex" /> and a private key <img src="https://s0.wp.com/latex.php?latex=%5Calpha+&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=%5Calpha+&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=%5Calpha+&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="\alpha " class="latex" />. The public key is then distributed to the messaging server.</li> <li><img src="https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="PKS(A_{pub},\ W)" class="latex" />: Using the public key and a word <img src="https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=W&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="W" class="latex" />, the messaging server computes a bilinear map <img src="https://s0.wp.com/latex.php?latex=t%5C+%3De%28H_1%28W%29%2C%5C+h%5Er%29%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=t%5C+%3De%28H_1%28W%29%2C%5C+h%5Er%29%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=t%5C+%3De%28H_1%28W%29%2C%5C+h%5Er%29%5Cin+G_2&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="t\ =e(H_1(W),\ h^r)\in G_2" class="latex" /> using the random oracle and a random <img src="https://s0.wp.com/latex.php?latex=r%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_p&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=r%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_p&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=r%5Cin+%7B%5Cmathbb%7BZ%7D%7D%5E%2A_p&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="r\in {\mathbb{Z}}^*_p" class="latex" />. Then outputs a searchable encryption <img src="https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29%3D%5Bg%5Er%2C%5C+H_2%28t%29%5D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29%3D%5Bg%5Er%2C%5C+H_2%28t%29%5D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=PKS%28A_%7Bpub%7D%2C%5C+W%29%3D%5Bg%5Er%2C%5C+H_2%28t%29%5D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="PKS(A_{pub},\ W)=[g^r,\ H_2(t)]" class="latex" />.</li> <li><img src="https://s0.wp.com/latex.php?latex=Trapdoor%28A_%7Bpriv%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Trapdoor%28A_%7Bpriv%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Trapdoor%28A_%7Bpriv%7D%2C%5C+W%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Trapdoor(A_{priv},\ W)" class="latex" />: The legal authority uses the random oracle and its private key to generate a trapdoor <img src="https://s0.wp.com/latex.php?latex=T_w%3DH_1%28W%29%5E%7B%5Calpha+%7D%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=T_w%3DH_1%28W%29%5E%7B%5Calpha+%7D%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=T_w%3DH_1%28W%29%5E%7B%5Calpha+%7D%5Cin+G_1&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="T_w=H_1(W)^{\alpha }\in G_1" class="latex" /></li> <li><img src="https://s0.wp.com/latex.php?latex=Test%28A_%7Bpub%7D%2C%5C+S%2C%5C+T_W%29&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=Test%28A_%7Bpub%7D%2C%5C+S%2C%5C+T_W%29&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=Test%28A_%7Bpub%7D%2C%5C+S%2C%5C+T_W%29&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="Test(A_{pub},\ S,\ T_W)" class="latex" />: When the messaging server receives a Test function from the legal authority as <img src="https://s0.wp.com/latex.php?latex=S%3D%5BA%2C%5C+B%5D&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=S%3D%5BA%2C%5C+B%5D&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=S%3D%5BA%2C%5C+B%5D&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="S=[A,\ B]" class="latex" /> it can test if <img src="https://s0.wp.com/latex.php?latex=H_2%28e%28T_w%2C%5C+A%29%29%3DB&bg=FFFFFF&fg=000&s=0&c=20201002" srcset="https://s0.wp.com/latex.php?latex=H_2%28e%28T_w%2C%5C+A%29%29%3DB&bg=FFFFFF&fg=000&s=0&c=20201002 1x, https://s0.wp.com/latex.php?latex=H_2%28e%28T_w%2C%5C+A%29%29%3DB&bg=FFFFFF&fg=000&s=0&c=20201002&zoom=4.5 4x" alt="H_2(e(T_w,\ A))=B" class="latex" /></li> </ul> <p>The construction of the scheme can be viewed as a derivative of Identity Based Encryption with a limited number of identities. Using this scheme, the messaging server needs to have the ability to create an index of the words that’s exchanged between the users of the system that can be tested. Unfortunately, this construction has several issues relating to the sharing of the creation of the trapdoor function. None the less, the use of bi-linear maps and hash functions allows us to identify encrypted words without revealing what they actually are.</p> <p> </p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2017/12/29/from-bi-linear-maps-to-searchable-encryption/" rel="bookmark"><time class="entry-date published" datetime="2017-12-29T23:58:48+11:00">December 29, 2017</time><time class="updated" datetime="2018-09-25T22:33:08+10:00">September 25, 2018</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/cryptography-2/" rel="category tag">Cryptography</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/bi-linear-maps/" rel="tag">bi linear maps</a>, <a href="https://arthurvandermerwe.com/tag/cryptography/" rel="tag">cryptography</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2017/12/29/from-bi-linear-maps-to-searchable-encryption/#respond">Leave a comment<span class="screen-reader-text"> on From Bi-Linear Maps to Searchable Encryption</span></a></span> </footer> </article> <article id="post-216" class="post-216 post type-post status-publish format-standard hentry category-cryptography-2 entry"> <header class="entry-header default-max-width"> <h2 class="entry-title"><a href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/" rel="bookmark">Mutual Authentication using Certificates</a></h2> </header> <div class="entry-content"> <p>Mutual SSL authentication or certificate based mutual authentication refers to two parties authenticating each other through verifying the provided digital certificate so that both parties are assured of the others’ identity. In technology terms, it refers to a client (ATM) authenticating themselves to a server (Switch) and that server also authenticating itself to the client through verifying the <a href="http://en.wikipedia.org/wiki/Digital_certificate">public key certificate/digital certificate</a> issued by the trusted <a href="http://en.wikipedia.org/wiki/Certificate_authority">Certificate Authorities (CAs)</a>.</p> <p>Because authentication relies on digital certificates, certification authorities and Certificate Server are an important part of the mutual authentication process. From a high-level point of view, the process of authenticating and establishing an encrypted channel using certificate-based mutual authentication involves the following steps in TLS:</p> <ol> <li>A client requests access to a protected resource.</li> <li>The server presents its certificate to the client.</li> <li>The client verifies the server’s certificate.</li> <li>If successful, the client sends its certificate to the server.</li> <li>The server verifies the client’s credentials.</li> <li>If successful, the server grants access to the protected resource requested by the client.</li> </ol> <p> </p> <h2><a name="_Toc473815937"></a>TLS Mutual Authentication Handshake</h2> <p> </p> <p>The TLS handshake firstly agrees the protocol to be used by both parties, then exchanges certificates and validates the signatures on each certificates. Below are more detailed steps explaining the handshake.</p> <ol> <li>The TLS client sends a “client hello” message that lists cryptographic information such as the SSL or TLS version and, in the client’s order of preference, the CipherSuites supported by the client. The message also contains a random byte string that is used in subsequent computations. The protocol allows for the “client hello” to include the data compression methods supported by the client.</li> <li>The TLS server responds with a “server hello” message that contains the CipherSuite chosen by the server from the list provided by the client, the session ID, and another random byte string. The server also sends its digital certificate. The server sends a “client certificate request” that includes a list of the types of certificates supported and the Distinguished Names of acceptable Certification Authorities (CAs).</li> <li>The TLS client verifies the server’s digital certificate.</li> <li>The TLS client sends the random byte string that enables both the client and the server to compute the secret key to be used for encrypting subsequent message data. The random byte string itself is encrypted with the server’s public key.</li> <li>If the TLS server sent a “client certificate request”, the client sends a random byte string encrypted with the client’s private key, together with the client’s digital certificate, or a “no digital certificate alert”. This alert is only a warning, but we will not be allowing transactions without a client certificate.</li> <li>The TLS server verifies the client’s certificate.</li> <li>The TLS client sends the server a “finished” message, which is encrypted with the secret key, indicating that the client part of the handshake is complete.</li> <li>The TLS server sends the client a “finished” message, which is encrypted with the secret key, indicating that the server part of the handshake is complete.</li> <li>For the duration of the TLS session, the server and client can now exchange messages that are symmetrically encrypted with the shared secret key.</li> </ol> <p>In order to have a clear understanding of public key cryptography and digital signatures, the following section provides a high level overview of the encryption scheme using mutual authentication and certificate authorities.</p> <p> </p> <h2><a name="_Toc473815938"></a>Public-key certificate scheme Basics</h2> <p><em>In this section we use Alice and Bob as two parties that exchange messages, Oscar is a malicious user trying to decrypt and steal data.</em></p> <p>The underlying problem with normal RSA is that the server has no real proof of who its communicating to. If a server is issuing public keys to all parties, how can it identify each individual user and ensue the public keys belong to valid users? Public certificates are also susceptible to Man in the Middle Attacks (MIM) where Oscar can pretend to be Alice and the server have not way of knowing.</p> <p>Message authentication ensures that the sender of a message is authentic. However, in the scenario at hand Bob receives a public key which is supposedly Alice’s, but he has no way of knowing whether that is in fact the case. To make this point clear, let’s examine how a key of a user Alice would look in practice:</p> <p style="text-align:center;"><em>k</em><em>A </em>= (<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)</p> <p><em>,</em>where <em>ID</em><em>A </em>is identifying information, e.g., Alice’s IP address or her name together with date of birth. The actual public key <em>k</em><em>pub</em><em>,</em><em>A</em>, however, is a mere binary string, e.g., 2048 bit. If Oscar performs a MIM attack, he would change the key to:</p> <p style="text-align:center;"><em>k</em><em>A </em>= (<em>k</em><em>pub</em><em>,</em><em>O</em><em>,</em><em>ID</em><em>A</em>)</p> <p>Since everything is unchanged except the anonymous actual bit string, the receiver will not be able to detect that it is in fact Oscar’s. This observation has far-reaching consequences which can be summarized as: <strong>Even though public-key schemes do not require a secure channel; they require authenticated channels for the distribution of the public keys.</strong></p> <p>The idea behind certificates and authenticated channels is quite easy: Since the authenticity of the message (<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)is violated by an active Man in the middle attack, we apply a cryptographic mechanism that provides authentication. More specifically, we use digital signatures. Thus, a certificate for a user Alice in its most basic form is the following structure where <em>ID</em><em>A </em>is identifying information like a terminal id or serial number:</p> <p style="text-align:center;">Cert<em>A </em>= [(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)<em>, </em>sig<em>k</em><em>pr </em>(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)]</p> <p>The idea is that the receiver of a certificate verifies the signature prior to using the certificate, and both the client and the server validates the signature before using the public key. The signature protects the signed message which is the structure (<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>) in this case—against manipulation. If Oscar attempts to replace <em>k</em><em>pub</em><em>,</em><em>A </em>by <em>k</em><em>pub</em><em>,</em><em>O </em>it will be detected. Thus, it is said that certificates bind the identity of a user to their public key.</p> <p> </p> <p>Certificates require that the receiver has the correct verification key, which is a public key. If we were to use Alice’s public key for this, we would have the same problem that we are actually trying to solve and Oscar can impersonate Alice. Instead, the signatures for certificates are provided by a mutually trusted third party. This party is called the Certification Authority commonly abbreviated as CA. It is the task of the CA to generate and issue certificates for all users in the system.</p> <p>For certificate generation, we can distinguish between two main cases. In the first case, the user computes her own asymmetric key pair and merely requests the CA to sign the public key, as shown in the following simple protocol for a user named Alice:</p> <p> </p> <p> </p> <p>Table 1 Certificate Generation with User-Provided Keys</p> <table> <tbody> <tr> <td width="245">Description</td> <td width="123"><strong>Alice</strong></td> <td width="123"><strong>Request / Response</strong></td> <td width="156"><strong>CA</strong></td> </tr> <tr> <td width="245">Alice generates a public private key pair</td> <td width="123">generate <em>k</em><em>pr</em><em>,</em><em>A</em><em>, </em><em>k</em><em>pub</em><em>,</em><em>A</em></td> <td width="123"> </td> <td width="156"> </td> </tr> <tr> <td width="245">Sends this to the CA</td> <td width="123"> </td> <td width="123">RQST(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)<em>→</em></td> <td width="156"> </td> </tr> <tr> <td width="245">CA verifies Alice’s identity</td> <td width="123"> </td> <td width="123"> </td> <td width="156">verify <em>ID</em><em>A</em></td> </tr> <tr> <td width="245">CA signs Alice public key with its private key</td> <td width="123"> </td> <td width="123"> </td> <td width="156"><em>s</em><em>A </em>= sig<em>k</em><em>pr </em><em>,</em><em>CA</em>(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)</td> </tr> <tr> <td width="245">CA creates a certificate (public private key pair) with its signature</td> <td width="123"> </td> <td width="123"> </td> <td width="156">Cert<em>A </em>= [(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)<em>, </em><em>s</em><em>A</em>]</td> </tr> <tr> <td width="245">Certificate is distributed to Alice for usage</td> <td width="123"> </td> <td width="123"><em>←</em>Cert<em>A</em></td> <td width="156"> </td> </tr> <tr> <td width="245"> </td> <td width="123"> </td> <td width="123"> </td> <td width="156"> </td> </tr> </tbody> </table> <p>From a security point of view, the first transaction is crucial. It must be assured that Alice’s message (<em>k</em><em>pub</em><em>,</em><em>A</em><em>, </em><em>ID</em><em>A</em>) is sent via an authenticated channel. Otherwise, Oscar could request a certificate in Alice’s name.</p> <p>In practice it is often advantageous that the CA not only signs the public keys but also generates the public–private key pairs for each user. In this case, a basic protocol looks like this:</p> <p>Table 2 Certificate Generation with CA-Generated Keys</p> <table> <tbody> <tr> <td width="245">Description</td> <td width="123"><strong>Alice</strong></td> <td width="123"><strong>Request / Response</strong></td> <td width="156"><strong>CA</strong></td> </tr> <tr> <td width="245">Alice request certificate</td> <td width="123">request certificate</td> <td width="123"> </td> <td width="156"> </td> </tr> <tr> <td width="245">Sends this to the CA</td> <td width="123"> </td> <td width="123"><em>−</em>RQST(<em>,</em><em>ID</em><em>A</em>)<em>→</em></td> <td width="156"> </td> </tr> <tr> <td width="245">CA verifies Alice’s identity</td> <td width="123"> </td> <td width="123"> </td> <td width="156">verify <em>ID</em><em>A</em></td> </tr> <tr> <td width="245">CA generates new certificate</td> <td width="123"> </td> <td width="123"> </td> <td width="156">generate <em>k</em><em>pr</em><em>,</em><em>A</em><em>, </em><em>k</em><em>pub</em><em>,</em><em>A</em></td> </tr> <tr> <td width="245">CA signs Alice public key with its private key</td> <td width="123"> </td> <td width="123"> </td> <td width="156"><em>s</em><em>A </em>= sig<em>k</em><em>pr </em><em>,</em><em>CA</em>(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)</td> </tr> <tr> <td width="245">CA creates a certificate (public private key pair) with its signature</td> <td width="123"> </td> <td width="123"> </td> <td width="156">Cert<em>A </em>= [(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)<em>, </em><em>s</em><em>A</em>]</td> </tr> <tr> <td width="245">Certificate is distributed to Alice for usage</td> <td width="123"> </td> <td width="123"><em>←</em>Cert<em>A</em></td> <td width="156"> </td> </tr> <tr> <td width="245"> </td> <td width="123"> </td> <td width="123"> </td> <td width="156"> </td> </tr> </tbody> </table> <p>For the first transmission, an authenticated channel is needed. In other words: The CA must be assured that it is really Alice who is requesting a certificate, and not Oscar who is requesting a certificate in Alice’s name. Even more sensitive is the second transmission consisting of (Cert<em>A</em><em>, </em><em>k</em><em>pr</em><em>,</em><em>A</em>). Because the private key is being sent here, not only an authenticated but a secure channel is required. In practice, this could be a certificate delivered by mail or USB stick.</p> <p>Table 3 Diffie–Hellman Key Exchange with Certificates</p> <table> <tbody> <tr> <td width="245">Description</td> <td width="123"><strong>Alice</strong></td> <td width="123"><strong>Request / Response</strong></td> <td width="156"><strong>Bob</strong></td> </tr> <tr> <td width="245">Both Alice and Bob have private keys issued by a trusted CA</td> <td width="123"><em>a </em>= <em>k</em><em>pr</em><em>,</em><em>A</em></td> <td width="123"> </td> <td width="156"><em>b </em>= <em>k</em><em>pr</em><em>,</em><em>B</em></td> </tr> <tr> <td width="245"> </td> <td width="123"><em>A </em>= <em>k</em><em>pub</em><em>,</em><em>A </em><em>≡</em> a<em> <sup>a </sup></em>mod <em>p</em></td> <td width="123"> </td> <td width="156"><em>B</em>= <em>k</em><em>pub</em><em>,</em><em>B </em><em>≡</em>a<em><sup>B</sup></em> mod <em>p</em></td> </tr> <tr> <td width="245">Both Alice and Bob generates a public key and signs it with their private key and identity</td> <td width="123">Cert<em>A </em>= [(<em>A</em><em>,</em><em>ID</em><em>A</em>)<em>, </em><em>s</em><em>A</em>]</td> <td width="123"> </td> <td width="156">Cert<em>B </em>= [(<em>B</em><em>,</em><em>ID</em><em>B</em>)<em>, </em><em>s</em><em>B</em>]</td> </tr> <tr> <td rowspan="2" width="245">Certificates are exchanged</td> <td width="123"> </td> <td width="123"><em> </em>Cert<em>A</em><em> →</em></td> <td width="156"> </td> </tr> <tr> <td width="123"> </td> <td width="123"><em>←</em>Cert<em>B</em></td> <td width="156"> </td> </tr> <tr> <td width="245"> </td> <td width="123">verify certificate:</td> <td width="123"> </td> <td width="156">verify certificate:</td> </tr> <tr> <td width="245">Both Alice and Bob use the public key of the CA to verify the signature of the certificate</td> <td width="123">ver<em>k</em><em>pub</em><em>,</em><em>CA </em>(Cert<em>B</em>)</td> <td width="123"> </td> <td width="156">ver<em>k</em><em>pub</em><em>,</em><em>CA </em>(Cert<em>A</em>)</td> </tr> <tr> <td width="245"> </td> <td width="123">compute session key:</td> <td width="123"> </td> <td width="156">compute session key:</td> </tr> <tr> <td width="245">Session key can now be computed.</td> <td width="123"><em>k</em><em>AB </em><em>≡ </em><em>B</em><em>a </em>mod<em>p</em></td> <td width="123"> </td> <td width="156"><em>k</em><em>AB </em><em>≡ </em><em>A</em><em>b </em>mod <em>p</em></td> </tr> </tbody> </table> <p> </p> <p>One very crucial point here is the verification of the certificates. Obviously, without verification, the signatures within the certificates would be of no use. As can be seen in the protocol, verification requires the public key of the CA. This key must be transmitted via an authenticated channel; What’s happening here from a more abstract point of view is extremely interesting, namely a transfer of trust. With the introduction of certificates, they only have to trust the CA’s public key <em>k</em><em>pub</em><em>,</em><em>CA</em>. If the CA signs other public keys, Alice and Bob know that they can also trust those. This is called a chain of trust.</p> <p> </p> <h2><a name="_Toc473815939"></a>Certificate Structure</h2> <p>Discussing the fields defined in a X.509 certificate gives us some insight into many aspects of PKIs. We discuss the most relevant ones in the following:</p> <ul> <li><strong><em>Certificate Algorithm:</em></strong> Here it is specified which signature algorithm is being used, e.g., RSA with SHA-1 or ECDSA with SHA-2, and with which parameters, e.g., the bit lengths.</li> <li><strong>Issuer:</strong> There are many companies and organizations that issue certificates. This field specifies who generated the one at hand.</li> <li><strong>Period of Validity: In</strong> most cases, a public key is not certified indefinitely but rather for a limited time, e.g., for one or two years. One reason for doing this is that private keys which belong to the certificate may become compromised. By limiting the validity period, there is only a certain time span during which an attacker can maliciously use the private key. Another reason for a restricted lifetime is that, especially for certificates for companies, it can happen that the user ceases to exist. If the certificates, and thus the public keys, are only valid for limited time, the damage can be controlled.</li> <li><strong>Subject:</strong> This field contains what was called <em>ID</em><em>A </em>or <em>ID</em><em>B </em>in our earlier examples. It contains identifying information such as names of people or organizations. Note that not only actual people but also entities like companies can obtain certificates.</li> <li><strong>Subject’s Public Key:</strong> The public key that is to be protected by the certificate is here. In addition to the binary string which is the public key, the algorithm (e.g., Diffie–Hellman) and the algorithm parameters, e.g., the modulus p and the primitive element a, are stored.</li> <li><strong>Signature:</strong> The signature over all other fields of the certificate.</li> </ul> <p> </p> <p>We note that for every signature two public key algorithms are involved: the one whose public key is protected by the certificate and the algorithm with which the certificate is signed. These can be entirely different algorithms and parameter sets. For instance, the certificate might be signed with an RSA 2048-bit algorithm, while the public key within the certificate could belong to a 160-bit elliptic curve scheme.</p> <h2><a name="_Toc473815940"></a>Certificate Revocation</h2> <p>One major issue in practice is that it must be possible to revoke certificates. A common reason is that a certificate is stored on a smart card which is lost. Another reason could be that a person left an organization and one wants to make sure that she is not using the public key that was given to her. The solution in these situations seems easy: Just publish a list with all certificates that are currently invalid. Such a list is called a certificate revocation list, or CRL. Typically, the serial numbers of certificates are used to identify the revoked certificates. Of course, a CRL must be signed by the CA since otherwise attacks are possible.</p> <p> </p> <p>The problem with CLRs is how to transmit them to the users. The most straightforward way is that every user contacts the issuing CA every time a certificate of another user is received. The major drawback is that now the CA is involved in every session set-up. This was one major drawback of KDC-based, i.e., symmetric key, approaches. The promise of certificate-based communication was that no online contact to a central authority was needed.</p> <p>An alternative is that CRLs are sent out periodically. The problem with this approach is that there is always a period during which a certificate is invalid but users have not yet been informed. For instance, if the CRL is sent out at 3:00 am every morning (a time with relatively little network traffic otherwise), a dishonest person could have almost a whole day where a revoked certificate is still valid. To counter this, the CRL update period can be shortened, say to one hour.</p> <p>However, this would be a tremendous burden on the bandwidth of the network. This is an instructive example for the trade-off between costs in the form of network traffic on one hand, and security on the other hand. In practice, a reasonable compromise must be found. In order to keep the size of CRLs moderate, often only the changes from the last CRL broadcast are sent out. These update-only CRLs are referred to as <strong><em>delta CRLs</em></strong>.</p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/" rel="bookmark"><time class="entry-date published" datetime="2017-02-10T18:41:24+11:00">February 10, 2017</time><time class="updated" datetime="2018-09-25T22:33:27+10:00">September 25, 2018</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/cryptography-2/" rel="category tag">Cryptography</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/#respond">Leave a comment<span class="screen-reader-text"> on Mutual Authentication using Certificates</span></a></span> </footer> </article> <article id="post-197" class="post-197 post type-post status-publish format-standard hentry category-cryptography-2 category-financial-switching tag-cryptography tag-rsa tag-signature-verification entry"> <header class="entry-header default-max-width"> <h2 class="entry-title"><a href="https://arthurvandermerwe.com/2016/07/23/signature-and-certificate-based-key-injection-for-atm/" rel="bookmark">Signature and Certificate based key injection for ATM</a></h2> </header> <div class="entry-content"> <h1>Overview</h1> <p>Remote key loading infrastructures generally implement Diebold’s and Triton’s Certificate Based Protocols (CBP), and NCR, Wincor and Hyosung Signature based Protocols.</p> <p>The Diebold and Triton approaches use X.509 certificates and PKCS message formats to transport key data. NCR, Wincor and Hyosung methods rely on digital signatures to ensure data integrity. Both processes require the loading of the ATM EPP with a public key or certificate at the factory. Both these methods are supported in and XFS compliant manner and this document describes the process of doing so as well as the pitfalls and benefits of using both methods.</p> <h2>The General Process</h2> <h3>Initialization</h3> <p>A prerequisite for using Remote Keys is for a customer to generate a set of keys or certificates that will be “signed” by a Certificate Authority or Trust Authority. Once signed, the public key or certificate signatures are returned and imported into the Host system. The EPPs obtain their <strong><em>signed public keys or certificates</em></strong> during the manufacturing process before being installed in ATMs.</p> <h3>Mutual Authentication</h3> <p>With public and private key pairs now present in the Host and in the ATM’s EPP, mutual authentication can be initiated with message exchanges from the Host to the EPP. The ATM sends the EPP serial number to Host encrypted by its public key or certificate. The Host verifies the message and sends a message back to the EPP encrypted by its public key or certificate.</p> <h3>Key Delivery</h3> <p>With mutual authentication successfully completed, the Host receives a request to deliver a new terminal master key to the EPP. The Host receives the key request and generates a random terminal master key and encrypts it with the public key of the EPP and “signs” the new TMK message. This message is sent to the EPP. The EPP verifies the signature, decrypts the new terminal master key, and stores the key.</p> <p>If the dialogue has been successfully completed, the EPP sends a notification back to the Host that it has loaded the new terminal master key including a Key Check Value (KCV) of the new key. If the terminal key load is unsuccessful, an appropriate error message will be returned to the Host. Upon receiving a “successful” terminal master key load message from the EPP with the correct KCV, the Host will establish the new TMK in the key database.</p> <p> </p> <p> </p> <h2>Remote Key Loading Using Signatures</h2> <h3>RSA Data Authentication and Digital Signatures</h3> <p>Digital signatures rely on a public key infrastructure (PKI). The PKI model involves an entity, such as a Host, having a pair of encryption keys – one private, one public. These keys work in consort to encrypt, decrypt and authenticate data.</p> <p>One-way authentication occurs is through the application of a digital signature. For example:</p> <ol> <li>The Host creates some data that it would like to digitally sign;</li> <li>Host runs the data through a hashing algorithm to produce a hash or digest of the data. The digest is unique to every block of data – a digital fingerprint of the data, much smaller and therefore more economical to encrypt than the data itself.</li> <li>Digest is encrypted with the Host’s private key. This is the digital signature – a data block digest encrypted with the private key.</li> </ol> <p>The Host then sends the following to the ATM:</p> <ol> <li>Data block.</li> <li>Digital signature.</li> <li>Host’s public key.</li> </ol> <p>To validate the signature, the ATM performs the following:</p> <p>ATM runs data through the standard hashing algorithm – the same one used by the Host – to produce a digest of the data received. Consider this digest2;</p> <p>ATM uses the Host’s public key to decrypt the digital signature. The digital signature was produced using the Host’s private key to encrypt the data digest; therefore, when decrypted with the Host’s public key it produces the same digest. Consider this digest1. Incidentally, no other public key in the world would work to decrypt digest1 – only the public key corresponding to the signing private key.</p> <p>ATM compares digest1 with digest2. If digest1 matches digest2 exactly, the ATM has confirmed that the data was not tampered with in transit. Changing a single bit in the data sent from the Host to the ATM would cause digest2 to be different than digest1. Every data block has a unique digest; therefore, an altered data block is detected by the ATM.</p> <p>Public key used to decrypt the digital signature corresponds to the private key used to create it. No other public key could possibly work to decrypt the digital signature, so the ATM was not handed someone else’s public key.</p> <p>This gives an overview of how Digital Signatures can be used in Data Authentication. In particular, Signatures can be used to validate and securely install Encryption Keys.</p> <p>The following section describes Key Exchange and the use of Digital signatures.</p> <p> </p> <h3>RSA Secure Key Exchange using Digital Signatures</h3> <p>In summary, both end points, the ATM and the Host, inform each other of their Public Keys. This information is then used to securely send the PIN device Master Key to the ATM.</p> <p>A trusted third party, the Signature Issuer, is used to generate the signatures for the Public keys of each end point, ensuring their validity.</p> <p>The detail of this is as follows:</p> <h4>Purpose:</h4> <p>The Host wishes to install a new master key (KM) on the ATM securely.</p> <h4>Assumptions:</h4> <ul> <li>The Host has obtained the Public Key (PK<sub>SI</sub>) from the Signature Issuer.</li> <li>The Host has provided the Signature Issuer with its Public Key (PK<sub>HOST</sub>), and receives the corresponding signature Sign(SK<sub>SI</sub>)[ PK<sub>HOST</sub>]. The Signature Issuer uses its own Private Key (SK<sub>SI</sub>) to create this signature.</li> <li>In the case where Enhanced Remote Key Loading is used, the Host has provided the Signature Issuer with its Public Key (PK<sub>ROOT</sub>), and receives the corresponding signature Sign(SKSI)[PK<sub>ROOT</sub>]. The Host has generated another key pair PK<sub>HOST</sub> and SK<sub>HOST</sub> and signs the PK<sub>HOST</sub> with the SK<sub>ROOT</sub>.</li> <li>(Optional) The Host obtains a list of the valid PIN device’s Unique Identifiers. The Signature Issuer installs a Signature Sign(SK<sub>SI</sub>)[ UI<sub>ATM</sub>] for the Unique Id (UI<sub>ATM</sub>) on the ATM PIN. The Signature Issuer uses SK<sub>SI</sub> to do this.</li> <li>The Signature Issuer installs its Public Key (PKSI) on the ATM PIN. It also derives and installs the Signature Sign(SK<sub>SI</sub> )[PK<sub>ATM</sub>] of the ATM PIN’s Public Key (PK<sub>ATM</sub>) on the ATM PIN. The Signature Issuer uses SK<sub>SI</sub> to do this.</li> <li>The ATM PIN device additionally contains its own Public (PK<sub>ATM</sub>) and Private Key (SK<sub>ATM</sub>).</li> </ul> <h4>Steps for the Process</h4> <p> </p> <p><strong><em>Step 1:</em></strong> The ATM PIN sends its Public Key to the Host in a secure structure: The ATM PIN sends its ATM Public Key with its associated Signature. When the Host receives this information it will use the Signature Issuer’s Public Key to validate the signature and obtain the ATM Public Key.</p> <p><strong><em>Step 2 (Optional):</em></strong> The Host verifies that the key it has just received is from a valid sender. It does this by obtaining the PIN device unique identifier. The ATM PIN sends its Unique Identifier with its associated Signature. When the Host receives this information it will use the Signature Issuer’s Public Key to validate the signature and retrieve the PIN Unique Identifier. It can then check this against the list it received from the Signature Issuer.</p> <p><strong><em>Step 3 (Enhanced Remote Key Loading only) :</em></strong> The Host sends its root public key to the ATM PIN: The Host sends its Root Public Key (PK<sub>ROOT</sub>) and associated Signature. The ATM PIN verifies the signature using PK<sub>SI</sub> and stores the key.</p> <p><strong><em>Step 4:</em></strong> The Host sends its public key to the ATM PIN: The Host sends its Public Key (PK<sub>HOST</sub>) and associated Signature. The ATM PIN verifies the signature using PKSI (or PK<sub>ROOT</sub> in the Enhanced Remote Key Loading Scheme) and stores the key</p> <p><strong><em>Step 5:</em></strong> The ATM PIN receives its Master Key from the Host: The Host encrypts the Master Key (K<sub>M</sub>) with PK<sub>ATM</sub>. A signature for this is then created. The ATM PIN will then validate the signature using PK<sub>HOST</sub> and then obtain the master key by decrypting using SK<sub>ATM</sub>.</p> <p><strong><em> Step 6 – Alternative including random number:</em></strong> The Host requests the ATM PIN to begin the DES key transfer process and generate a random number. The Host encrypts the Master Key (K<sub>M</sub>) with PK<sub>ATM</sub>. A signature for the random number and encrypted key is then created using SK<sub>HOST</sub>. The ATM PIN will then validate the signature using PK<sub>HOST</sub>, verify the random number and then obtain the master key by decrypting using SK<sub>ATM</sub>.</p> <p> </p> <h2>Remote Key Loading Using Certificates</h2> <h3>Certificate Exchange and Authentication</h3> <p>Both end points, the ATM and the Host, inform each other of their Public Keys. This information is then used to securely send the PIN device Master Key to the ATM. A trusted third party, Certificate Authority (or a HOST if it becomes the new CA), is used to generate the certificates for the Public Keys of each end point, ensuring their validity. In this message contains the Host certificate, which has been signed by the trusted CA. The Pinpad Cryptography Unit (CTU) uses the Public Key of the CA (loaded at the time of production) to verify the validity of the certificate. If the certificate is valid, the CTU stores the HOST’s Public Verification Key. The CTU then sends a message that contains a certificate, which is signed by the CA and is sent to the HOST. The HOST uses the Public Key from the CA to verify the certificate. If valid then the HOST stores the CTU’s verification or encryption key (primary or secondary this depends on the state of the CTU).</p> <p> </p> <p> </p> <h3>Remote Key Exchange</h3> <p>After the above has been completed, the HOST is ready to load the key into the CTU.</p> <p>The following is done to complete this and the application must complete the Remote Key Exchange in this order:</p> <ol> <li>Return R<sub>ATM</sub> from the CTU to be used in authenticating the message.</li> <li>Next, the ATM sends down the KTK to the CTU. The following items below show how this is accomplished.</li> <li>a) HOST has obtained a Key Transport Key and wants to transfer it to the CTU. HOST constructs a key block containing an identifier of the HOST, I<sub>HOST</sub>, and the key, K<sub>KTK</sub>, and enciphers the block, using the CTU’s Public Encryption Key.</li> <li>b) After completing the above, the HOST generates random data and builds the outer message containing the random number of the Host, R<sub>HOST</sub>, and the random number of the ATM, R<sub>ATM</sub>. The identifier of the CTU, I<sub>ENC</sub>, and the enciphered key block. The HOST signs the whole block using its private signature key and sends the message down to the CTU. The CTU then verifies the HOST’s signature on the message by using the HOST’s Public Verification Key. Then the CTU checks the identifier and the random number of the CTU passed in the message to make sure that the CTU is talking to the right HOST. The CTU then deciphers the enciphered block using its private verification key. After the message has been deciphered, the CTU checks the Identifier of the HOST. Finally, if everything checks out to this point the CTU will load the Key Transport Key</li> <li>c) After the Key Transport Key has been accepted, the CTU constructs a message that contains the random number of the Host, the random number of the CTU and the HOST identifier all signed by the private signature key of the CTU. This message is sent to the Host.</li> <li>d) The HOST verifies the message sent from the CTU by using the ATM’s public verification key. The HOST then checks the identifier of the Host and then compares the identifier in the message with the one stored in the HOST. Then checks the random number sent in the message and to the one stored in the HOST. The HOST finally checks the CTU’s random number with the one received.</li> </ol> <p> </p> <h3>Replace Certificate</h3> <p>After the key is been loaded into the CTU, the following could be completed: The new CA requests a Certificate from the previous Certificate Authority. The HOST must over-sign the message to take over the role of the CA to ensure that the CTU accepts the new Certificate Authority. The HOST sends the message to the CTU. The CTU uses the HOST’s Public Verification Key to verify the HOST’s signature. The CTU uses the previous CA’s Public Verification Key to verify the signature on the new Certificate sent down in the message. If valid, the EPP stores the new CA’s certificate and uses the new CA’s Public Verification Key as its new CA verification key.</p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2016/07/23/signature-and-certificate-based-key-injection-for-atm/" rel="bookmark"><time class="entry-date published" datetime="2016-07-23T20:07:05+10:00">July 23, 2016</time><time class="updated" datetime="2018-09-25T22:33:46+10:00">September 25, 2018</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/cryptography-2/" rel="category tag">Cryptography</a>, <a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/cryptography/" rel="tag">cryptography</a>, <a href="https://arthurvandermerwe.com/tag/rsa/" rel="tag">RSA</a>, <a href="https://arthurvandermerwe.com/tag/signature-verification/" rel="tag">signature verification</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2016/07/23/signature-and-certificate-based-key-injection-for-atm/#comments">1 Comment<span class="screen-reader-text"> on Signature and Certificate based key injection for ATM</span></a></span> </footer> </article> <article id="post-170" class="post-170 post type-post status-publish format-standard hentry category-financial-switching tag-authorization-transaction tag-eftpos tag-transaction entry"> <header class="entry-header default-max-width"> <h2 class="entry-title"><a href="https://arthurvandermerwe.com/2015/07/31/the-refund-vulnerability-of-as2805-and-eftpos/" rel="bookmark">The Refund vulnerability of AS2805 and EFTPOS</a></h2> </header> <div class="entry-content"> <p>Transactions are normally validated, matched then processed. This is very common to ensure that requests sent to a payments switch are associated with its responses before delivering responses to a terminal. Now for all transaction types this process in true, except for refunds. Well, at least it’s not matched for most financial institutions in Australia.</p> <p>Below is a few descriptions of transactions that might be processed through a typical switch in Australia:</p> <hr /> <p> </p> <p><b>Authorization / Cash Out</b></p> <p>The Authorization transaction is typically used by a merchant to obtain the authorization of a transaction amount as a pre-approval for the purchase of goods or services later during the fulfillment process. Authorization transactions are typically submitted for authorization and then funds are held by the issuer until that transaction is captured or the authorization is reversed or expires. An example can be found with online retailers who initiate an Authorization transaction to guaranteed funding by the card issuer prior to the shipment/delivery (i.e. fulfillment) of the goods. An “Authorization” is also referred to as an Auth-Only transaction.</p> <p><b>Sale / Purchase</b></p> <p>A “Sale” transaction is used by merchants for the immediate purchase of goods or services. This transaction completes both the authorization and capture in a single transaction request. The Sale transaction is an Authorization and Capture transaction that if approved is automatically included for settlement.</p> <hr /> <p> </p> <p><b>Forced Sale</b></p> <p>A “Forced Sale” is a transaction initiated by a merchant with the intent of forcing the posting of the transaction against the customer account without receiving prior authorization by the card issuer, or receiving a voice authorization code from the merchant acquiring call center. An example would be when a merchant’s terminal is offline, requiring the purchase of goods being completed without receiving online authorization by the card issuer. Or they received a Voice Approval. In these cases the merchant would enter the transaction details and forward this Forced Sale transaction to the card issuer with the expectation of receiving funding for the goods or services rendered. A forced sale does not require a matching authorization. Forced Sales are also known as Off-Line Sales.</p> <p><b>Refund</b></p> <p>A Refund allows a merchant to refund a previously settled transaction and submit the refund for processing. Refunds are only allowed for financial transactions (Sale and Captured) and are typically limited to the original authorization amount, or a lesser amount, in some cases, multiple partial refunds up to the original transaction amount. Some systems incorporate a feature called Matched Refunds. Matched Refunds must match back to an original transaction to help control fraud. “ Refunds” are also sometimes referred to as a “Credit” transaction.</p> <p><b>Void</b></p> <p>Void transactions can reverse transactions that have been previously authorized or approved by the card issuer and are pending settlement. Merchants will only be allowed to void transactions that are in an open batch (pending settlement). Sale or Refund transactions are the most commonly voided transaction types.</p> <p><b>Capture</b></p> <p>The Capture transaction will allow merchants to capture a previously authorized transaction that is pending settlement, and submit it for clearing and settlement. An example is when online retailers who initiate an Authorization transaction to reserve funds by the card issuer prior to the shipment/delivery (i.e. fulfillment) of the goods, and then once fulfillment has been completed the transaction will be captured and submitted for settlement. A “Capture” is also referred to as a Pre-Authorization Completion transaction.</p> <hr /> <p> </p> <p>Now According to the AS2805 Specifications, The refund is not matched to the transaction during the refund authorization, and will approve by default, you need to match the Refund to an Authorization or Sale when doing settlement.</p> <p>This appears not implemented in Australia for some reason, and some financial institutions will actually admit it.</p> <p>I have tried this on a EFTPOS machine, you should try this as well. Simply do a refund on a EFTPOS terminal without doing a transaction. All you would need is a 4 digit password to access the refund function (in some cases refunds are not password protected) , these default passwords are published by the terminal manufacturers.</p> <p>In every case that I’ve tried this, the refund is processed and the funds appeared in my account. This is surely a massive risk for fraud!!!!</p> <p>Strange enough, the banks are not worried about this as the funds are tied to the merchant account, and it’s not a risk for the bank but for the Merchant. These are some clause in the contracts that absolve them from the risk.</p> <p>So if you have a EFTPOS terminal, ask for the refund function to be disabled or you could be out of pocket!</p> <p> </p> <p> </p> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/07/31/the-refund-vulnerability-of-as2805-and-eftpos/" rel="bookmark"><time class="entry-date published" datetime="2015-07-31T11:58:56+10:00">July 31, 2015</time><time class="updated" datetime="2018-09-25T22:33:55+10:00">September 25, 2018</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/financial-switching/" rel="category tag">Financial Switching</a></span><span class="tags-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M3 12.2045C3 12.5941 3.15158 12.9684 3.42267 13.2482L9.71878 19.747C11.0769 21.1489 13.3201 21.1667 14.7003 19.7865L19.7873 14.6995C21.1677 13.319 21.1497 11.0753 19.7471 9.71731L13.2459 3.42238C12.9661 3.15147 12.5919 3 12.2025 3H4.5C3.67157 3 3 3.67157 3 4.5V12.2045ZM12.2025 4.5H4.5V12.2045L10.7961 18.7033C11.5714 19.5035 12.8518 19.5137 13.6396 18.7258L18.7266 13.6388C19.5146 12.8509 19.5043 11.5701 18.7037 10.7949L12.2025 4.5ZM8.4975 9.495C9.0484 9.495 9.495 9.0484 9.495 8.4975C9.495 7.9466 9.0484 7.5 8.4975 7.5C7.9466 7.5 7.5 7.9466 7.5 8.4975C7.5 9.0484 7.9466 9.495 8.4975 9.495Z" fill="currentColor"/></svg><span class="screen-reader-text">Tags:</span><a href="https://arthurvandermerwe.com/tag/authorization-transaction/" rel="tag">Authorization transaction</a>, <a href="https://arthurvandermerwe.com/tag/eftpos/" rel="tag">EFTPOS</a>, <a href="https://arthurvandermerwe.com/tag/transaction/" rel="tag">transaction</a></span><span class="comments-link"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.0458 15.0001L5.99998 17.697L5.99999 6.49478C5.99999 6.22141 6.2216 5.99979 6.49498 5.99978L17.505 5.99951C17.7784 5.9995 18 6.22113 18 6.49451L18 14.5046C18 14.778 17.7784 14.9996 17.505 14.9996L10.0458 15.0001ZM10.5 16.5L17.5051 16.4996C18.6069 16.4995 19.5 15.6063 19.5 14.5046L19.5 6.49451C19.5 5.39268 18.6068 4.49948 17.5049 4.49951L6.49494 4.49978C5.39315 4.49981 4.49999 5.39299 4.49999 6.49478L4.49998 18.3483C4.49998 18.9842 5.01549 19.4997 5.6514 19.4997C5.8787 19.4997 6.10091 19.4324 6.29004 19.3063L10.5 16.5Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2015/07/31/the-refund-vulnerability-of-as2805-and-eftpos/#comments">3 Comments<span class="screen-reader-text"> on The Refund vulnerability of AS2805 and EFTPOS</span></a></span> </footer> </article> <nav class="navigation pagination" aria-label="Posts pagination"> <h2 class="screen-reader-text">Posts pagination</h2> <div class="nav-links"><span aria-current="page" class="page-numbers current">1</span> <a class="page-numbers" href="https://arthurvandermerwe.com/page/2/">2</a> <a class="page-numbers" href="https://arthurvandermerwe.com/page/3/">3</a> <a class="next page-numbers" href="https://arthurvandermerwe.com/page/2/"><span class="nav-next-text">Older posts</span> <svg class="svg-icon" width="22" height="22" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M11.0303 17.0303L16.0607 11.9999L11.0303 6.96961L9.96968 8.03027L13.9394 11.9999L9.96968 15.9696L11.0303 17.0303Z" fill="currentColor"/></svg></a></div> </nav> </main> </section> </div> <footer id="colophon" class="site-footer default-max-width" role="contentinfo" aria-label="Footer"> <div class="widget-area"> <div class="widget-column footer-widget-1"> <section id="recent-posts-4" class="widget widget_recent_entries"> <h2 class="widget-title">Recent Posts</h2><nav aria-label="Recent Posts"> <ul> <li> <a href="https://arthurvandermerwe.com/2020/02/16/a-brief-comparison-of-as2805-and-key-blocks/">A brief comparison of AS2805 and (TR-31) Key Blocks</a> </li> <li> <a href="https://arthurvandermerwe.com/2020/01/19/what-is-the-random-oracle-model-and-why-should-you-care-part-5-a-few-thoughts-on-cryptographic-engineering/">What is the random oracle model and why should you care? (Part 5) — A Few Thoughts on Cryptographic Engineering</a> </li> <li> <a href="https://arthurvandermerwe.com/2019/02/21/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function-a-few-thoughts-on-cryptographic-engineering/">Attack of the week: searchable encryption and the ever-expanding leakage function — A Few Thoughts on Cryptographic Engineering</a> </li> <li> <a href="https://arthurvandermerwe.com/2017/12/29/from-bi-linear-maps-to-searchable-encryption/">From Bi-Linear Maps to Searchable Encryption</a> </li> <li> <a href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/">Mutual Authentication using Certificates</a> </li> <li> <a href="https://arthurvandermerwe.com/2016/09/04/importing-zpk-and-zmk-into-thales-payshield-9000-hsm/">Importing ZPK and ZMK into Thales Payshield 9000 HSM</a> </li> <li> <a href="https://arthurvandermerwe.com/2016/07/23/signature-and-certificate-based-key-injection-for-atm/">Signature and Certificate based key injection for ATM</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/07/31/the-refund-vulnerability-of-as2805-and-eftpos/">The Refund vulnerability of AS2805 and EFTPOS</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/05/30/dukpt-explained-with-examples/">DUKPT Explained with examples</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/05/28/eftpos-initialisation-using-rsa-cryptography/">EFTPOS Initialisation using RSA Cryptography</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/05/20/atm-pin-encryption-using-3des/">ATM Pin encryption using 3DES</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/03/03/implementing-as2805-part-3-using-a-thales-9000-and-python/">Implementing AS2805 Part 6 Host to Host Encryption using a Thales 9000 and Python</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/01/04/typical-cryptography-in-as2805-explained/">Typical Cryptography in AS2805 Explained</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/12/02/thales-9000-and-as2805-interchange-commands/">Thales 9000 with AS2805 Interchange & RSA EFTPOS Commands.</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/08/06/thales-key-exchange-examples-and-troubleshooting/">Thales Key Exchange Examples and Troubleshooting</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/08/06/testing-dukpt/">Testing DUKPT</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/07/06/parsing-as25058583-messages/">Parsing AS2505/8583 Messages</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/25/dynamic-key-exchange-models/">Dynamic Key Exchange Models</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/25/doing-pin-translation/">Doing PIN Translation with DUKPT</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/25/credit-vs-debit/">Credit vs Debit</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/22/as2805-standards-for-eft/">AS2805 Standards for EFT</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/22/trace-your-atm-transactions/">Trace your ATM Transactions</a> </li> </ul> </nav></section><section id="archives-6" class="widget widget_archive"><h2 class="widget-title">Archives</h2><nav aria-label="Archives"> <ul> <li><a href='https://arthurvandermerwe.com/2020/02/'>February 2020</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2020/01/'>January 2020</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2019/02/'>February 2019</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2017/12/'>December 2017</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2017/02/'>February 2017</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2016/09/'>September 2016</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2016/07/'>July 2016</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2015/07/'>July 2015</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2015/05/'>May 2015</a> (3)</li> <li><a href='https://arthurvandermerwe.com/2015/03/'>March 2015</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2015/01/'>January 2015</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2014/12/'>December 2014</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2014/08/'>August 2014</a> (2)</li> <li><a href='https://arthurvandermerwe.com/2014/07/'>July 2014</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2014/06/'>June 2014</a> (5)</li> </ul> </nav></section><section id="wpcom_social_media_icons_widget-4" class="widget widget_wpcom_social_media_icons_widget"><h2 class="widget-title">Social</h2><ul><li><a href="https://www.linkedin.com/in/arthur-van-der-merwe-a7a96a27" class="genericon genericon-linkedin" target="_blank"><span class="screen-reader-text">LinkedIn</span></a></li><li><a href="https://github.com/Arthurvdmerwe" class="genericon genericon-github" target="_blank"><span class="screen-reader-text">GitHub</span></a></li></ul></section> </div> </div> <div class="site-info"> <a class="site-name" href="https://arthurvandermerwe.com/" rel="home">Cryptography & Payments</a><span class="comma">,</span> <a href="https://wordpress.com/?ref=footer_website" rel="nofollow">Create a free website or blog at WordPress.com.</a> </div> </footer> </div>  <script src="//0.gravatar.com/js/hovercards/hovercards.min.js?ver=2024474048849247f5660a2d05b85c6fc286379897f30a1061ad46e7f037e059ed7fe7" id="grofiles-cards-js"></script> <script id="wpgroho-js-extra"> var WPGroHo = {"my_hash":""}; </script> <script crossorigin='anonymous' type='text/javascript' src='https://s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i'></script> <script> // Initialize and attach hovercards to all gravatars ( function() { function init() { if ( typeof Gravatar === 'undefined' ) { return; } if ( typeof Gravatar.init !== 'function' ) { return; } Gravatar.profile_cb = function ( hash, id ) { WPGroHo.syncProfileData( hash, id ); }; Gravatar.my_hash = WPGroHo.my_hash; Gravatar.init( 'body', '#wp-admin-bar-my-account', { i18n: { 'Edit your profile': 'Edit your profile', 'View profile': 'View profile', 'Sorry, we are unable to load this Gravatar profile.': 'Sorry, we are unable to load this Gravatar profile.', 'Profile not found.': 'Profile not found.', 'Too Many Requests.': 'Too Many Requests.', 'Internal Server Error.': 'Internal Server Error.', }, } ); } if ( document.readyState !== 'loading' ) { init(); } else { document.addEventListener( 'DOMContentLoaded', init ); } } )(); </script> <div style="display:none"> </div> <div id="actionbar" style="display: none;" class="actnbr-pub-seedlet actnbr-has-follow"> <ul> <li class="actnbr-btn actnbr-hidden"> <a class="actnbr-action actnbr-actn-follow " href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path clip-rule="evenodd" d="m4 4.5h12v6.5h1.5v-6.5-1.5h-1.5-12-1.5v1.5 10.5c0 1.1046.89543 2 2 2h7v-1.5h-7c-.27614 0-.5-.2239-.5-.5zm10.5 2h-9v1.5h9zm-5 3h-4v1.5h4zm3.5 1.5h-1v1h1zm-1-1.5h-1.5v1.5 1 1.5h1.5 1 1.5v-1.5-1-1.5h-1.5zm-2.5 2.5h-4v1.5h4zm6.5 1.25h1.5v2.25h2.25v1.5h-2.25v2.25h-1.5v-2.25h-2.25v-1.5h2.25z" fill-rule="evenodd"></path></svg> <span>Subscribe</span> </a> <a class="actnbr-action actnbr-actn-following no-display" href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path fill-rule="evenodd" clip-rule="evenodd" d="M16 4.5H4V15C4 15.2761 4.22386 15.5 4.5 15.5H11.5V17H4.5C3.39543 17 2.5 16.1046 2.5 15V4.5V3H4H16H17.5V4.5V12.5H16V4.5ZM5.5 6.5H14.5V8H5.5V6.5ZM5.5 9.5H9.5V11H5.5V9.5ZM12 11H13V12H12V11ZM10.5 9.5H12H13H14.5V11V12V13.5H13H12H10.5V12V11V9.5ZM5.5 12H9.5V13.5H5.5V12Z" fill="#008A20"></path><path class="following-icon-tick" d="M13.5 16L15.5 18L19 14.5" stroke="#008A20" stroke-width="1.5"></path></svg> <span>Subscribed</span> </a> <div class="actnbr-popover tip tip-top-left actnbr-notice" id="follow-bubble"> <div class="tip-arrow"></div> <div class="tip-inner actnbr-follow-bubble"> <ul> <li class="actnbr-sitename"> <a href="https://arthurvandermerwe.com"> <img loading='lazy' alt='' src='https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=50' srcset='https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=50 1x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=75 1.5x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=100 2x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=150 3x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=200 4x' class='avatar avatar-50' height='50' width='50' /> Cryptography & Payments </a> </li> <div class="actnbr-message no-display"></div> <form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;"> <div class="actnbr-follow-count">Join 30 other subscribers</div> <div> <input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address" /> </div> <input type="hidden" name="action" value="subscribe" /> <input type="hidden" name="blog_id" value="70204527" /> <input type="hidden" name="source" value="https://arthurvandermerwe.com/" /> <input type="hidden" name="sub-type" value="actionbar-follow" /> <input type="hidden" id="_wpnonce" name="_wpnonce" value="65caec4c09" /> <div class="actnbr-button-wrap"> <button type="submit" value="Sign me up"> Sign me up </button> </div> </form> <li class="actnbr-login-nudge"> <div> Already have a WordPress.com account? <a href="https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fr-login.wordpress.com%2Fremote-login.php%3Faction%3Dlink%26back%3Dhttps%253A%252F%252Farthurvandermerwe.com%252F2020%252F02%252F16%252Fa-brief-comparison-of-as2805-and-key-blocks%252F">Log in now.</a> </div> </li> </ul> </div> </div> </li> <li class="actnbr-ellipsis actnbr-hidden"> <svg class="gridicon gridicons-ellipsis" height="24" width="24" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M7 12c0 1.104-.896 2-2 2s-2-.896-2-2 .896-2 2-2 2 .896 2 2zm12-2c-1.104 0-2 .896-2 2s.896 2 2 2 2-.896 2-2-.896-2-2-2zm-7 0c-1.104 0-2 .896-2 2s.896 2 2 2 2-.896 2-2-.896-2-2-2z"/></g></svg> <div class="actnbr-popover tip tip-top-left actnbr-more"> <div class="tip-arrow"></div> <div class="tip-inner"> <ul> <li class="actnbr-sitename"> <a href="https://arthurvandermerwe.com"> <img loading='lazy' alt='' src='https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=50' srcset='https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=50 1x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=75 1.5x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=100 2x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=150 3x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=200 4x' class='avatar avatar-50' height='50' width='50' /> Cryptography & Payments </a> </li> <li class="actnbr-folded-customize"> <a href="https://arthurvandermerwe.wordpress.com/wp-admin/customize.php?url=https%3A%2F%2Farthurvandermerwe.wordpress.com%2F"> <svg class="gridicon gridicons-customize" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M2 6c0-1.505.78-3.08 2-4 0 .845.69 2 2 2 1.657 0 3 1.343 3 3 0 .386-.08.752-.212 1.09.74.594 1.476 1.19 2.19 1.81L8.9 11.98c-.62-.716-1.214-1.454-1.807-2.192C6.753 9.92 6.387 10 6 10c-2.21 0-4-1.79-4-4zm12.152 6.848l1.34-1.34c.607.304 1.283.492 2.008.492 2.485 0 4.5-2.015 4.5-4.5 0-.725-.188-1.4-.493-2.007L18 9l-2-2 3.507-3.507C18.9 3.188 18.225 3 17.5 3 15.015 3 13 5.015 13 7.5c0 .725.188 1.4.493 2.007L3 20l2 2 6.848-6.848c1.885 1.928 3.874 3.753 5.977 5.45l1.425 1.148 1.5-1.5-1.15-1.425c-1.695-2.103-3.52-4.092-5.448-5.977z"/></g></svg> <span>Customize</span> </a> </li> <li class="actnbr-folded-follow"> <a class="actnbr-action actnbr-actn-follow " href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path clip-rule="evenodd" d="m4 4.5h12v6.5h1.5v-6.5-1.5h-1.5-12-1.5v1.5 10.5c0 1.1046.89543 2 2 2h7v-1.5h-7c-.27614 0-.5-.2239-.5-.5zm10.5 2h-9v1.5h9zm-5 3h-4v1.5h4zm3.5 1.5h-1v1h1zm-1-1.5h-1.5v1.5 1 1.5h1.5 1 1.5v-1.5-1-1.5h-1.5zm-2.5 2.5h-4v1.5h4zm6.5 1.25h1.5v2.25h2.25v1.5h-2.25v2.25h-1.5v-2.25h-2.25v-1.5h2.25z" fill-rule="evenodd"></path></svg> <span>Subscribe</span> </a> <a class="actnbr-action actnbr-actn-following no-display" href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path fill-rule="evenodd" clip-rule="evenodd" d="M16 4.5H4V15C4 15.2761 4.22386 15.5 4.5 15.5H11.5V17H4.5C3.39543 17 2.5 16.1046 2.5 15V4.5V3H4H16H17.5V4.5V12.5H16V4.5ZM5.5 6.5H14.5V8H5.5V6.5ZM5.5 9.5H9.5V11H5.5V9.5ZM12 11H13V12H12V11ZM10.5 9.5H12H13H14.5V11V12V13.5H13H12H10.5V12V11V9.5ZM5.5 12H9.5V13.5H5.5V12Z" fill="#008A20"></path><path class="following-icon-tick" d="M13.5 16L15.5 18L19 14.5" stroke="#008A20" stroke-width="1.5"></path></svg> <span>Subscribed</span> </a> </li> <li class="actnbr-signup"><a href="https://wordpress.com/start/">Sign up</a></li> <li class="actnbr-login"><a href="https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fr-login.wordpress.com%2Fremote-login.php%3Faction%3Dlink%26back%3Dhttps%253A%252F%252Farthurvandermerwe.com%252F2020%252F02%252F16%252Fa-brief-comparison-of-as2805-and-key-blocks%252F">Log in</a></li> <li class="flb-report"> <a href="https://wordpress.com/abuse/?report_url=https://arthurvandermerwe.com" target="_blank" rel="noopener noreferrer"> Report this content </a> </li> <li class="actnbr-reader"> <a href="https://wordpress.com/read/feeds/22152776"> View site in Reader </a> </li> <li class="actnbr-subs"> <a href="https://subscribe.wordpress.com/">Manage subscriptions</a> </li> <li class="actnbr-fold"><a href="">Collapse this bar</a></li> </ul> </div> </div> </li> </ul> </div> <script> window.addEventListener( "load", function( event ) { var link = document.createElement( "link" ); link.href = "https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20241015"; link.type = "text/css"; link.rel = "stylesheet"; document.head.appendChild( link ); var script = document.createElement( "script" ); script.src = "https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122"; script.defer = true; document.body.appendChild( script ); } ); </script> <div id="jp-carousel-loading-overlay"> <div id="jp-carousel-loading-wrapper"> <span id="jp-carousel-library-loading"> </span> </div> </div> <div class="jp-carousel-overlay" style="display: none;"> <div class="jp-carousel-container">  <div class="jp-carousel-wrap swiper-container jp-carousel-swiper-container jp-carousel-transitions" itemscope itemtype="https://schema.org/ImageGallery"> <div class="jp-carousel swiper-wrapper"></div> <div class="jp-swiper-button-prev swiper-button-prev"> <svg width="25" height="24" viewBox="0 0 25 24" fill="none" xmlns="http://www.w3.org/2000/svg"> <mask id="maskPrev" mask-type="alpha" maskUnits="userSpaceOnUse" x="8" y="6" width="9" height="12"> <path d="M16.2072 16.59L11.6496 12L16.2072 7.41L14.8041 6L8.8335 12L14.8041 18L16.2072 16.59Z" fill="white"/> </mask> <g mask="url(#maskPrev)"> <rect x="0.579102" width="23.8823" height="24" fill="#FFFFFF"/> </g> </svg> </div> <div class="jp-swiper-button-next swiper-button-next"> <svg width="25" height="24" viewBox="0 0 25 24" fill="none" xmlns="http://www.w3.org/2000/svg"> <mask id="maskNext" mask-type="alpha" maskUnits="userSpaceOnUse" x="8" y="6" width="8" height="12"> <path d="M8.59814 16.59L13.1557 12L8.59814 7.41L10.0012 6L15.9718 12L10.0012 18L8.59814 16.59Z" fill="white"/> </mask> <g mask="url(#maskNext)"> <rect x="0.34375" width="23.8822" height="24" fill="#FFFFFF"/> </g> </svg> </div> </div>  <div class="jp-carousel-close-hint"> <svg width="25" height="24" viewBox="0 0 25 24" fill="none" xmlns="http://www.w3.org/2000/svg"> <mask id="maskClose" mask-type="alpha" maskUnits="userSpaceOnUse" x="5" y="5" width="15" height="14"> <path d="M19.3166 6.41L17.9135 5L12.3509 10.59L6.78834 5L5.38525 6.41L10.9478 12L5.38525 17.59L6.78834 19L12.3509 13.41L17.9135 19L19.3166 17.59L13.754 12L19.3166 6.41Z" fill="white"/> </mask> <g mask="url(#maskClose)"> <rect x="0.409668" width="23.8823" height="24" fill="#FFFFFF"/> </g> </svg> </div>  <div class="jp-carousel-info"> <div class="jp-carousel-info-footer"> <div class="jp-carousel-pagination-container"> <div class="jp-swiper-pagination swiper-pagination"></div> <div class="jp-carousel-pagination"></div> </div> <div class="jp-carousel-photo-title-container"> <h2 class="jp-carousel-photo-caption"></h2> </div> <div class="jp-carousel-photo-icons-container"> <a href="#" class="jp-carousel-icon-btn jp-carousel-icon-info" aria-label="Toggle photo metadata visibility"> <span class="jp-carousel-icon"> <svg width="25" height="24" viewBox="0 0 25 24" fill="none" xmlns="http://www.w3.org/2000/svg"> <mask id="maskInfo" mask-type="alpha" maskUnits="userSpaceOnUse" x="2" y="2" width="21" height="20"> <path fill-rule="evenodd" clip-rule="evenodd" d="M12.7537 2C7.26076 2 2.80273 6.48 2.80273 12C2.80273 17.52 7.26076 22 12.7537 22C18.2466 22 22.7046 17.52 22.7046 12C22.7046 6.48 18.2466 2 12.7537 2ZM11.7586 7V9H13.7488V7H11.7586ZM11.7586 11V17H13.7488V11H11.7586ZM4.79292 12C4.79292 16.41 8.36531 20 12.7537 20C17.142 20 20.7144 16.41 20.7144 12C20.7144 7.59 17.142 4 12.7537 4C8.36531 4 4.79292 7.59 4.79292 12Z" fill="white"/> </mask> <g mask="url(#maskInfo)"> <rect x="0.8125" width="23.8823" height="24" fill="#FFFFFF"/> </g> </svg> </span> </a> <a href="#" class="jp-carousel-icon-btn jp-carousel-icon-comments" aria-label="Toggle photo comments visibility"> <span class="jp-carousel-icon"> <svg width="25" height="24" viewBox="0 0 25 24" fill="none" xmlns="http://www.w3.org/2000/svg"> <mask id="maskComments" mask-type="alpha" maskUnits="userSpaceOnUse" x="2" y="2" width="21" height="20"> <path fill-rule="evenodd" clip-rule="evenodd" d="M4.3271 2H20.2486C21.3432 2 22.2388 2.9 22.2388 4V16C22.2388 17.1 21.3432 18 20.2486 18H6.31729L2.33691 22V4C2.33691 2.9 3.2325 2 4.3271 2ZM6.31729 16H20.2486V4H4.3271V18L6.31729 16Z" fill="white"/> </mask> <g mask="url(#maskComments)"> <rect x="0.34668" width="23.8823" height="24" fill="#FFFFFF"/> </g> </svg> <span class="jp-carousel-has-comments-indicator" aria-label="This image has comments."></span> </span> </a> </div> </div> <div class="jp-carousel-info-extra"> <div class="jp-carousel-info-content-wrapper"> <div class="jp-carousel-photo-title-container"> <h2 class="jp-carousel-photo-title"></h2> </div> <div class="jp-carousel-comments-wrapper"> <div id="jp-carousel-comments-loading"> <span>Loading Comments...</span> </div> <div class="jp-carousel-comments"></div> <div id="jp-carousel-comment-form-container"> <span id="jp-carousel-comment-form-spinner"> </span> <div id="jp-carousel-comment-post-results"></div> <form id="jp-carousel-comment-form"> <label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label> <textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field" placeholder="Write a Comment..." ></textarea> <div id="jp-carousel-comment-form-submit-and-info-wrapper"> <div id="jp-carousel-comment-form-commenting-as"> <fieldset> <label for="jp-carousel-comment-form-email-field">Email</label> <input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field" /> </fieldset> <fieldset> <label for="jp-carousel-comment-form-author-field">Name</label> <input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field" /> </fieldset> <fieldset> <label for="jp-carousel-comment-form-url-field">Website</label> <input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field" /> </fieldset> </div> <input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment" /> </div> </form> </div> </div> <div class="jp-carousel-image-meta"> <div class="jp-carousel-title-and-caption"> <div class="jp-carousel-photo-info"> <h3 class="jp-carousel-caption" itemprop="caption description"></h3> </div> <div class="jp-carousel-photo-description"></div> </div> <ul class="jp-carousel-image-exif" style="display: none;"></ul> <a class="jp-carousel-image-download" href="#" target="_blank" style="display: none;"> <svg width="25" height="24" viewBox="0 0 25 24" fill="none" xmlns="http://www.w3.org/2000/svg"> <mask id="mask0" mask-type="alpha" maskUnits="userSpaceOnUse" x="3" y="3" width="19" height="18"> <path fill-rule="evenodd" clip-rule="evenodd" d="M5.84615 5V19H19.7775V12H21.7677V19C21.7677 20.1 20.8721 21 19.7775 21H5.84615C4.74159 21 3.85596 20.1 3.85596 19V5C3.85596 3.9 4.74159 3 5.84615 3H12.8118V5H5.84615ZM14.802 5V3H21.7677V10H19.7775V6.41L9.99569 16.24L8.59261 14.83L18.3744 5H14.802Z" fill="white"/> </mask> <g mask="url(#mask0)"> <rect x="0.870605" width="23.8823" height="24" fill="#FFFFFF"/> </g> </svg> <span class="jp-carousel-download-text"></span> </a> <div class="jp-carousel-image-map" style="display: none;"></div> </div> </div> </div> </div> </div> </div> <link crossorigin='anonymous' rel='stylesheet' id='all-css-0-2' href='https://s0.wp.com/_static/??-eJylj8EKAjEMRH/IGoqsrAfxU6SmoWRt07JpKfv3KuvevKiXkBkmjwn0YjBLJamQmimxBRaFiWpxeH9rSDm/hm+RFNDNuSlF0M6FZnNr4iPtUXUHf9C20GZ8C7yyIAQSmvl5oZ/XX1t29oGqgmZkF00iz86scK3L+v0lne1xHOzBjqdhegCSjYKv&cssminify=yes' type='text/css' media='all' /> <script id="jetpack-carousel-js-extra"> var jetpackSwiperLibraryPath = {"url":"https:\/\/s2.wp.com\/wp-content\/mu-plugins\/jetpack-plugin\/moon\/_inc\/build\/carousel\/swiper-bundle.min.js"}; var jetpackCarouselStrings = {"widths":[370,700,1000,1200,1400,2000],"is_logged_in":"","lang":"en","ajaxurl":"https:\/\/arthurvandermerwe.com\/wp-admin\/admin-ajax.php","nonce":"491f59c1f5","display_exif":"1","display_comments":"1","single_image_gallery":"1","single_image_gallery_media_file":"","background_color":"black","comment":"Comment","post_comment":"Post Comment","write_comment":"Write a Comment...","loading_comments":"Loading Comments...","image_label":"Open image in full-screen.","download_original":"View full size <span class=\"photo-size\">{0}<span class=\"photo-size-times\">\u00d7<\/span>{1}<\/span>","no_comment_text":"Please be sure to submit some text with your comment.","no_comment_email":"Please provide an email address to comment.","no_comment_author":"Please provide your name to comment.","comment_post_error":"Sorry, but there was an error posting your comment. Please try again later.","comment_approved":"Your comment was approved.","comment_unapproved":"Your comment is in moderation.","camera":"Camera","aperture":"Aperture","shutter_speed":"Shutter Speed","focal_length":"Focal Length","copyright":"Copyright","comment_registration":"0","require_name_email":"0","login_url":"https:\/\/arthurvandermerwe.wordpress.com\/wp-login.php?redirect_to=https%3A%2F%2Farthurvandermerwe.com%2F2015%2F03%2F03%2Fimplementing-as2805-part-3-using-a-thales-9000-and-python%2F","blog_id":"70204527","meta_data":["camera","aperture","shutter_speed","focal_length","copyright"],"stats_query_args":"blog=70204527&v=wpcom&tz=11&user_id=0&subd=arthurvandermerwe","is_public":"1"}; </script> <script crossorigin='anonymous' type='text/javascript' src='https://s2.wp.com/_static/??-eJx9jsEOwjAMQ3+IEqaBEAfEp6CsCyOjbaqmZeLvKQgmtANHO8+OYYrGSsgUMowKXjp2ZIpSwqF6hsNF1qOu4IfrnAwmujJwUJgk9dirsQ5VSV8lE2a3zOQr+XqNpQMl6h1lePH5HYiJPaaHCXjnATNLWMZ9mR+OlCPa20fXxRLgzMFCV9j1YDFJne9m7musPf+r/WJmilb8QtbcyR+bfdts2027O4xPzdB0ZA=='></script> <script> /(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a|select|input|button|textarea)$/i.test(t.tagName)||(t.tabIndex=-1),t.focus())},!1); </script> <script type="text/javascript"> (function () { var wpcom_reblog = { source: 'toolbar', toggle_reblog_box_flair: function (obj_id, post_id) { // Go to site selector. This will redirect to their blog if they only have one. const postEndpoint = `https://wordpress.com/post`; // Ideally we would use the permalink here, but fortunately this will be replaced with the // post permalink in the editor. const originalURL = `${ document.location.href }?page_id=${ post_id }`; const url = postEndpoint + '?url=' + encodeURIComponent( originalURL ) + '&is_post_share=true' + '&v=5'; const redirect = function () { if ( ! window.open( url, '_blank' ) ) { location.href = url; } }; if ( /Firefox/.test( navigator.userAgent ) ) { setTimeout( redirect, 0 ); } else { redirect(); } }, }; window.wpcom_reblog = wpcom_reblog; })(); </script> <script type="text/javascript"> // <![CDATA[ (function() { try{ if ( window.external &&'msIsSiteMode' in window.external) { if (window.external.msIsSiteMode()) { var jl = document.createElement('script'); jl.type='text/javascript'; jl.async=true; jl.src='/wp-content/plugins/ie-sitemode/custom-jumplist.php'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(jl, s); } } }catch(e){} })(); // ]]> </script><script src="//stats.wp.com/w.js?67" defer></script> <script type="text/javascript"> _tkq = window._tkq || []; _stq = window._stq || []; _tkq.push(['storeContext', {'blog_id':'70204527','blog_tz':'11','user_lang':'en','blog_lang':'en','user_id':'0'}]); _stq.push(['view', {'blog':'70204527','v':'wpcom','tz':'11','user_id':'0','subd':'arthurvandermerwe'}]); _stq.push(['extra', {'crypt':'UE5VTUIlVktzQVNtcFdrRlVoJUNZcTJRQnxOUXcyQXBGVjdTZVlnSlY3P0dzcjlxYzIrNExdSDFwWT1HLEN1ZUpvZWZWfnIxLnNwSG1MMjB6UkUwTHhYMCsxb2haR0pDWDhKaEZVPW41N1RNRXVYdkZaNnAySjdXdW1bUlFrTnxYXTcmVjVPNGprSS41dU5YKzAyTjJIP2ZlN3x6L3lQdXBwJW4xLkFJflMzMmltaT9fP11uclN8WDk2PzU2MXBkcEtNTHM4NkE0WDVTcFA9cElEc20mUVQ1VG1qb1pJUTJ5bGFzQw=='}]); _stq.push([ 'clickTrackerInit', '70204527', '0' ]); </script> <noscript><img src="https://pixel.wp.com/b.gif?v=noscript" style="height:1px;width:1px;overflow:hidden;position:absolute;bottom:1px;" alt="" /></noscript> <script defer id="bilmur" data-customproperties="{"logged_in":"0","wptheme":"pub\/seedlet","wptheme_is_block":"0"}" data-provider="wordpress.com" data-service="simple" src="/wp-content/js/bilmur.min.js?i=12&m=202447"></script><script defer id="bilmur" data-customproperties="{"logged_in":"0","wptheme":"pub\/seedlet","wptheme_is_block":"0"}" data-provider="wordpress.com" data-service="simple" src="/wp-content/js/bilmur-4.min.js?i=12&m=202447"></script><script> ( function() { function getMobileUserAgentInfo() { if ( typeof wpcom_mobile_user_agent_info === 'object' ) { wpcom_mobile_user_agent_info.init(); var mobileStatsQueryString = ''; if ( wpcom_mobile_user_agent_info.matchedPlatformName !== false ) { mobileStatsQueryString += '&x_' + 'mobile_platforms' + '=' + wpcom_mobile_user_agent_info.matchedPlatformName; } if ( wpcom_mobile_user_agent_info.matchedUserAgentName !== false ) { mobileStatsQueryString += '&x_' + 'mobile_devices' + '=' + wpcom_mobile_user_agent_info.matchedUserAgentName; } if ( wpcom_mobile_user_agent_info.isIPad() ) { mobileStatsQueryString += '&x_' + 'ipad_views' + '=' + 'views'; } if ( mobileStatsQueryString != '' ) { new Image().src = document.location.protocol + '//pixel.wp.com/g.gif?v=wpcom-no-pv' + mobileStatsQueryString + '&baba=' + Math.random(); } } } document.addEventListener( 'DOMContentLoaded', getMobileUserAgentInfo ); } )(); </script> </body> </html>