PK -> OTP?

Matt Crawford crawdad at
Wed Mar 16 09:39:59 EST 2005

>> My educated-layman's opinion is that the following is not feasible, 
>> but I'd be happy to be shown wrong ...
>> Given a closed public-key device such as a typical smart card with 
>> its limited set of operations (chiefly "sign"), is it possible to 
>> implement a challenge/response function such that
>> * Both the challenge and the response are short enough for an average 
>> user to be willing to type them when needed.
>> * The challenge can be generated, and the response verified using the 
>> cardholder's public key and a reasonable amount of computation.
> What's wrong with sending the device encryption of a random number 
> (using the public key of the device), and the device sending back the 
> number as proof of possession of the corresponding secret key?

Would it not be the case that the challenge would be as long as the 
key, and hence to long to reasonably expect a user to type into a 

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list