Emerging standards specify a communication rate between a contactless smartcard and a terminal that is of the same order of magnitude as the internal clock rate in the card. This gives a natural ground for the known card-terminal communication-computation trade-off, where non-secure operations should rather be performed by the terminal and not in the card. In this paper we treat an implementation of Elliptic Curve Digital Signature Algorithm (ECDSA), the most cost effective digital signature algorithm, which has a potential of being executed under the heavy constraints imposed by a contactless smartcard environment. This algorithm heavily relies on numerous calculations of modular multiplicative inverses. It is shown in this paper that, based on communicating with the terminal, each modular inverse operation needed to be executed in the card during ECDSA signature generation requires only two modular multiplications in the card. Each modular inverse operation performed during signature verification requires only one modular multiplication in the card. A complete ECDSA implementation over integers or over GF(2 n ) is then treated in detail.
- Access control
- Elliptic curve cryptography