PK -> OTP?

[Amir Herzberg]

Matt Crawford wrote:
> My educated-layman's opinion is that the following is not feasible, but 
> I'd be happy to be shown wrong ...
> 
> Given a closed public-key device such as a typical smart card with its 
> limited set of operations (chiefly "sign"), is it possible to implement 
> a challenge/response function such that
> 
> * Both the challenge and the response are short enough for an average 
> user to be willing to type them when needed.
> 
> * The challenge can be generated, and the response verified using the 
> cardholder's public key and a reasonable amount of computation.

What's wrong with sending the device encryption of a random number 
(using the public key of the device), and the device sending back the 
number as proof of possession of the corresponding secret key?

Best, Amir Herzberg

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com