Smart card implementation of a digital signature scheme for Twisted Edwards curves

This report presents a new digital signature scheme for Twisted Edwards curves. The scheme was implemented on a smart card, using the Java Card language. The signature scheme is efficient; both signing and verification are faster than ECDSA. The scheme is inversion-free and suitable for batch verification. The Java Card implementation of the scheme is protected against side-channel attacks. The implementation contains many useful techniques that reduce the computation time. Java Card proves to be a worthless platform for high-speed cryptography. Despite the speedups, generating a signature takes more than 28 minutes for a private key of 254 bits.

[1]  Anatolij A. Karatsuba,et al.  Multiplication of Multidigit Numbers on Automata , 1963 .

[2]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[3]  H. C. Williams,et al.  A $p+1$ method of factoring , 1982 .

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[6]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[7]  Peter de Rooij,et al.  Efficient Exponentiation using Procomputation and Vector Addition Chains , 1994, EUROCRYPT.

[8]  Horst G. Zimmer,et al.  Constructing elliptic curves with given group order over large finite fields , 1994, ANTS.

[9]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[10]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[11]  Wolfgang Hugemann Driver Reaction Times in Road Traffic , 2002 .

[12]  Bodo Möller,et al.  Improved Techniques for Fast Exponentiation , 2002, ICISC.

[13]  Lejla Batina,et al.  Secret exponent information leakage for timing analyses , 2002 .

[14]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[15]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[16]  Tsuyoshi Takagi,et al.  Zero-Value Point Attacks on Elliptic Curve Cryptosystem , 2003, ISC.

[17]  Cees J. A. Jansen,et al.  Side-Channel Entropy for Modular Exponentiation Algorithms , 2003 .

[18]  Atsuko Miyaji,et al.  Efficient Countermeasures against RPA, DPA, and SPA , 2004, CHES.

[19]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[20]  Arnold Schönhage,et al.  Schnelle Multiplikation großer Zahlen , 1971, Computing.

[21]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[22]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[23]  Luis Carlos Coronado Garćıa Can Schönhage multiplication speed up the RSA decryption or encryption ? ( extended abstract ) , 2005 .

[24]  Pascal Paillier,et al.  Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[25]  THE SATO-TATE CONJECTURE: INTRODUCTION TO THE PROOF , 2006 .

[26]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[27]  Alexander May,et al.  A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073 , 2007, CRYPTO.

[28]  Tanja Lange,et al.  Analysis and optimization of elliptic-curve single-scalar multiplication , 2007, IACR Cryptol. ePrint Arch..

[29]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[30]  Palash Sarkar,et al.  New Collision Attacks against Up to 24-Step SHA-2 , 2008, INDOCRYPT.

[31]  Connections Between the Riemann Hypothesis and the Sato-Tate Conjecture , 2008 .

[32]  Ed Dawson,et al.  Twisted Edwards Curves Revisited , 2008, IACR Cryptol. ePrint Arch..

[33]  Stéphane Manuel,et al.  Classification and generation of disturbance vectors for collision attacks against SHA-1 , 2011, Des. Codes Cryptogr..

[34]  Michael Harris,et al.  Automorphy for some l-adic lifts of automorphic mod l Galois representations , 2008 .

[35]  Martin Fürer,et al.  Faster integer multiplication , 2007, STOC '07.

[36]  Yu Sasaki,et al.  Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512 , 2009, IACR Cryptol. ePrint Arch..

[37]  By J. M. Pollard Monte Carlo Methods for Index Computation (mod p) , 2010 .

[38]  Seokhie Hong,et al.  Practical second-order correlation power analysis on the message blinding method and its novel countermeasure for RSA , 2010 .

[39]  W. Marsden I and J , 2012 .