One could claim that one of the reasons for using RSA digital signatures with smart cards rather than DSA or EC/DSA is the DSA & EC/DSA requirement for quality random number generation as part of the signature process.
A lot of the RSA digital signatures have the infrastructure that creates the message to be signed to also generate and include a large random number (nonce) in the message. This was acceptable to a large class of smartcards that didn't have quality random number generation (either for the purposes of ken-gen and/or signatures). Effective because of the short-comings of the random number generation ... they had external source doing the key-gen and injecting the key ... along with no requirement for (on-card) random number during the signing process (typically a requirement that the external source include a random nonce in the body of the message). 1) A typical message would have a 20-byte nonce random number, which computed to a 20-byte SHA1 and then encrypted with RSA resulting in 20-byte signature (basic message plus 40-byte infrastructure overhead, signature plus nonce). 2) It is possible to compute a 20-byte SHA1 against the basic message, and then do a DSA signature resulting in 40-byte signature (basic message plus 40-byte infrastructure overhead). The difference between #1 and #2 is that a smartcard has eliminated any dependency in number #1 on the infrastructure providing the message with a random number. Cards with quality random numbers ... can 1) do on card key-gen 2) use DSA or EC/DSA 3) remove dependency on external source to include random number in message to be signed. DSA & EC/DSA because they have a random number as parting of the signing process precludes duplicate signatures on the same message ... multiple messages with the same content & same exact signature is a replay. DSA & EC/DSA doing multiple signings of the same content will always result in a different signature value. I've heard numbers on many of the 8bit smartcards ... power-cycle the card each time it is asked to generate a random number .... do random number generation 65,000 times and look at results. For some significant percentage of 8bit cards it isn't unusual to find 30 percent of the random numbers duplicated. [EMAIL PROTECTED] on 2/4/2002 2:17 pm wrote: An 8-bit 1/2 MIP smart card can generate 1024 bit RSA key pair in about 20 seconds and 512 bit key pair in less than 5 seconds. Since this isn't typically done in the checkout lane this is certainly an acceptable time/security trade-off by many lights. A device that can't generate a key pair probably has other more compelling shortcomings as a security token. Cheers, Scott --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
