Arcot's "software smart cards" have been discussed in the past on these lists, however the discussion predates the publication of their paper "Software smart cards via cryptographic camouflage" at the IEEE Symposium on Security and Privacy halfway through last year (http://www.itd.nrl.navy.mil/ITD/5540/ieee/SP99-Program.html), so I thought I'd give a quick summary for future reference. What's been pointed out before is that they encrypt a private key without putting in any known structure, and use decoy keys so an attacker never knows when they've got the right one. This introduces a few extra requirements: - The public key has to be kept secret (!!). I've just checked Arcot's web site, this is obviously some new use of the term "public key" with which I wasn't previously familiar. - You can never encrypt recognisable plaintext (ie you can't use something like PKCS #1 padding or OAEP, which ignores the fact that there are very good security reasons why these types of padding are used). - You can never sign recognisable data (same comment as above). - You have to encrypt the signature. This thing has so many holes in it (both practical and security problems) that it's going to be unworkable outside of a few special-case situations, in which case you may as well just use a MAC with a shared secret key or some other conventional solution. Based on Arcot's claims, this is still a public-key scheme though because you can just #define ARCOT_PUBLIC_KEY SECRET_KEY :-). People have referred to it as snake oil, which, strictly speaking, it isn't - if you redefine reality to be the way you want it to be, you can provide any kind of security you like. "Assume a perfectly spherical elephant of negligible mass and volume..." Peter.
