I'd argue that the RSA and DSA situations can be made equivalent if the card has some persistent memory. Some high quality randomness is needed at RSA key generation. For the DSA case, use 256 bits of randomness at initialization to seed a PRNG using AES, say. Output from the PRNG could be then used to provide the nonces for DSA. For extra credit, PRNG seed could be xor'd periodically with whatever randomness is available on chip.
The resulting DSA system requires about the same randomness at initialization as RSA. The additional vulnerability introduced requires breaking AES to exploit, even if no further randomness is available. All things considered, I'd trust an AES PRNG more than a smart card RNG whose long term quality I cannot assess. Better to use both, of course. Arnold Reinhold At 3:09 PM -0700 2/4/02, [EMAIL PROTECTED] wrote: >One could claim that one of the reasons for using RSA digital signatures >with smart cards rather than DSA or EC/DSA is the DSA & EC/DSA requirement >for quality random number generation as part of the signature process. ... > >Cards with quality random numbers ... can > >1) do on card key-gen >2) use DSA or EC/DSA >3) remove dependency on external source to include random number in message >to be signed. > >DSA & EC/DSA because they have a random number as parting of the signing >process precludes duplicate signatures on the same message ... multiple >messages with the same content & same exact signature is a replay. DSA & >EC/DSA doing multiple signings of the same content will always result in a >different signature value. > >I've heard numbers on many of the 8bit smartcards ... power-cycle the card >each time it is asked to generate a random number .... do random number >generation 65,000 times and look at results. For some significant >percentage of 8bit cards it isn't unusual to find 30 percent of the random >numbers duplicated. > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]