PROOF, two cases:

• Value submitted to smartcard: e (operator Kpu)

  • Information related to r available outside: encrypted value r^e
  • Assuming cryptosystem semantically secure: no one can retrieve r and therefore KI = H(e,r) - except the card and the operator

• Value submitted to smartcard: e’ (man-in-the-middle Kpu)

  • Operator store KI = H(e,r)
  • The card on the other side stores KI = H(e’,r)
  • Since H is collision free, these values cannot match

Previous slide

Next slide

Back to first slide

View graphic version