Welome to the Internet, here's your private key

Mon Feb 4 17:09:18 EST 2002

One could claim that one of the reasons for using RSA digital signatures
with smart cards rather than DSA or EC/DSA is the DSA & EC/DSA requirement
for quality random number generation as part of the signature process.

A lot of the RSA digital signatures have the infrastructure that creates
the message to be signed to also generate and include a large random number
(nonce) in the message. This was acceptable to a large class of smartcards
that didn't have quality random number generation (either for the purposes
of ken-gen and/or signatures). Effective because of the short-comings of
the random number generation ... they had external source doing the key-gen
and injecting the key ... along with no requirement for (on-card) random
number during the signing process (typically a requirement that the
external source include a random nonce in the body of the message).

1) A typical message would have a 20-byte nonce random number, which
computed to a 20-byte SHA1 and then encrypted with RSA resulting in 20-byte
signature (basic message plus 40-byte infrastructure overhead, signature
plus nonce).

2) It is possible to compute a 20-byte SHA1 against the basic message, and
then do a DSA signature resulting in 40-byte signature (basic message plus
40-byte infrastructure overhead).

The difference between #1 and #2 is that a smartcard has eliminated any
dependency in number #1 on the infrastructure providing the message with a
random number.

Cards with quality random numbers ... can

1) do on card key-gen
2) use DSA or EC/DSA
3) remove dependency on external source to include random number in message
to be signed.

DSA & EC/DSA because they have a random number as parting of the signing
process precludes duplicate signatures on the same message ... multiple
messages with the same content & same exact signature is a replay. DSA &
EC/DSA doing multiple signings of the same content will always result in a
different signature value.

I've heard numbers on many of the 8bit smartcards ... power-cycle the card
each time it is asked to generate a random number .... do random number
generation 65,000 times and look at results. For some significant
percentage of 8bit cards it isn't unusual to find 30 percent of the random
numbers duplicated.

sguthery at mobile-mind.com on 2/4/2002 2:17 pm wrote:

An 8-bit 1/2 MIP smart card can generate 1024 bit RSA key
pair in about 20 seconds and 512 bit key pair in less
than 5 seconds.

Since this isn't typically done in the checkout lane
this is certainly an acceptable time/security trade-off
by many lights.  A device that can't generate a key pair
probably has other more compelling shortcomings as a
security token.

Cheers, Scott

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com