The advancement of information and communications technology, especially the Internet, has created an opportunity to improve the administrative efficiency and service quality in governments of many nations. However, due to the lack of communication security services, sensitive documents could not be transmitted securely over open networks using off-the-shelf software. Digital signature is by far one of the most important cryptographic techniques used in the e-government and e-commerce applications. It provides authentication of senders or receivers (they are who they claim to be) and offers non-repudiation of transmission (senders can‘t deny their digital signature in the signed documents and the document cannot be altered in transmission without being detected). This paper presents our efforts in the implementation of digital signature algorithms on smartcards without coprocessor. New arithmetic algorithms are proposed and implemented for this research. Besides, we evaluated the performance of well-known RSA and ESIGN digital signature algorithms on an 8-bit smart card. Smartcard [1-2], or smart card, is a plastic card with an embedded microcomputer chip. The dimension of a smartcard is the size of an ordinary credit card, which can be easily carried around in a wallet. Smartcards are much more difficult to duplicate than magnetic strip cards and cryptographic functions can be implemented inside these cards. With substantial cost reductions and the ability to handle multiple applications on a single card, the smartcards are about to enter a period of the rapid growth. An individual bearing a single smartcard will be able to electronically and securely interact with several servers or service provides. As a consequence, an entirely new type of commercial and educational landscape is being created. However, smartcard itself has limited computing power and memory capacity. This makes it a difficult job to efficiently implement the cryptographic functions inside smartcard. One of the e-government's [3] objectives is to facilitate the exchange and integration of information between different agencies and the Internet is being used as the communication channel to exchange information between all sectors of society. However, due to the lack of communication security services and the export control of U.S.A. and many nations, sensitive information could not be securely transferred between and within governmental agencies over the Internet using off-the-shelf software. Here, the security services [4] mean data confidentiality, authentication, access control, data integrity, and non-repudiation. Cryptography [5-6] is the only practical means for providing security services over an insecure channel such as Internet. The increasing use of electronic means of data communications, coupled with the growth of computer usage, has extended the need to protect information. Considerable progress has been made in the techniques for encryption, authentication, and fending off attacks from intruders over the last decade. Nevertheless, the impose of export controls on those computer software or hardware devices has precluded the use of secure products or has made such imported products very expensive. In the public-key cryptography [4] or public-key scheme, each entity has a pair of public key and corresponding private key; private key shall be kept secretly at every entity and could be individually stored at the built-in EEPROM area of the smartcard while the public key is openly available to each other entity. Public-key infrastructures (PKI) [6] are comprised of supporting services that are needed for using public-key technologies on a large scale and are widely adopted in the e-government projects worldwide. Digital signature is a core technique in the PKI. Digital signature [5-6] is by far one of the most important cryptographic techniques employed in the e-government and e-commerce applications. A digital signature algorithm allows an entity to use its private key to electronically sign a message and generate a signature that is dependent on both message itself and the entity’s private-key information. The computed signature is then attached to the message and sent with the message. The signature verification process could be performed by any receiving party and cannot be repudiated. Recipient could verify the signature by doing some computation involving the received message, the attached signature, and sender's public key. If the results properly hold in a predefined mathematical relation, the signature is accepted as genuine. Otherwise, the signature may be fraudulent or the message altered. In this paper, we carry out the implementation of digital signature algorithms on smartcards. New arithmetic algorithms are proposed and implemented and we also evaluated the performance of well-knows RSA [7] and ESIGN [8] digital signature algorithms on the Hitachi 8-bit smart cards. In order to understand the cost-effectiveness of different smart cards, we evaluated digital signature schemes on the low-cost 8-bit chip without using the coprocessor. The 8-bit H8/300 Smartcards The smartcard IC chip we adopted for implementing and evaluating digital signature algorithms is the Hitachi H8/3113 [9]. It contains an 8-bit H8/300 microprocessor, 32-Kbyte ROM, 16-Kbyte EEPROM, 2.5K-byte RAM, an arithmetic coprocessor, a random number generator, and a watchdog timer. The on-chip coprocessor could be used to calculate A mod N modular exponentiation at a high speed. Figure 1 shows block diagram of the Hitachi H8/3113 chip. The ROM area of the chip is used for chip operating system while the EEPROM is used for personalized data and for storing cryptographic keys with data retention time of 10 years and rewrite endurance of 100,000 times. The chip also has many built-in protection measures to prevent physical attack. These measures include high/low frequency detector, high/low voltage detector, concealment of ROM code, scattered layout, multi-metal layer, removal of test pin, etc. The H8/3113 is a powerful 8-bit microcomputer suitable for the implementation of both symmetric and asymmetric cryptographic algorithms [5]. With built-in random number generator and coprocessor, one could do high-speed key generation for most public-key cryptographic algorithms. Its functional drawback is in low input/output rate of smart card since only two I/O pins are available. The device can operate at a maximum of 10 MHz external clock rate or a cycle time of 200 ns. Figure 1. Block diagram of H8/3113 smartcard chip
[1]
Adi Shamir,et al.
A method for obtaining digital signatures and public-key cryptosystems
,
1978,
CACM.
[2]
James H. Burrows,et al.
Secure Hash Standard
,
1995
.
[3]
Alfred Menezes,et al.
Handbook of Applied Cryptography
,
2018
.
[4]
Alfred Menezes,et al.
The Elliptic Curve Digital Signature Algorithm (ECDSA)
,
2001,
International Journal of Information Security.
[5]
Donald E. Knuth.
The Art of Computer Programming 2 / Seminumerical Algorithms
,
1971
.
[6]
W. Ford,et al.
Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption
,
2000
.
[7]
Donald E. Knuth,et al.
The art of computer programming. Vol.2: Seminumerical algorithms
,
1981
.
[8]
Donald Ervin Knuth,et al.
The Art of Computer Programming
,
1968
.
[9]
Hikaru Morita,et al.
A Modular-Multiplication Algorithm Using Lookahead Determination (Special Section on Cryptography and Information Security)
,
1993
.
[10]
Tatsuaki Okamoto.
A fast signature scheme based on congruential polynomial operations
,
1990,
IEEE Trans. Inf. Theory.
[11]
Soon Ae Chun,et al.
E-Government: Human-Centered Systems for Business Services
,
2001
.
[12]
Hikaru Morita,et al.
A Modular-Multiplication Algorithm using Lookahead Determination
,
1993
.
[13]
Wolfgang Rankl,et al.
Smart Card Handbook
,
1997
.