Abstract
This paper describes in detail a recent smart-card prototype that performs a 20-bit zero-knowledge identification in less than one second on a simple 8-bit microcontroller without any dedicated crypto-engine aboard.
A curious property of our implementation is its inherent linear complexity: unlike all the other protocols brought to our knowledge, the overall performance of our prover (computation and transmission) is simply proportional to the size of the modulus (and not to its square).
Therefore (as paradoxical as this may seem...) there will always exist a modulus size ℓ above which our software-coded prover will be faster than any general- purpose hardware accelerator.
The choice of a very unusual number representation technique (particularly adapted to Fischer-Micali-Rackoff’s protocol) combined with a recent modulo delegation scheme, allows to achieve a complete 20-bit zero-knowledge interaction in 964 ms (with a 4 MHz clock). The microcontroller (ST16623, the prover), which communicates with a PC via an ISO 7816-3 (115,200 baud) interface, uses only 400 EEPROM bytes for storing its 64-byte keys.
An overhead video-projected demonstration will be done at the end of our talk.
Chapter PDF
Keywords
- Modular Multiplication
- Oblivious Transfer
- Modular Reduction
- European Patent Application
- Curious Property
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
O. Brugia, A. di Porto & P. Filiponi, Un metodo per migliorare l’efficienza degli algoritmi di generazione delle chiavi crittografiche basati sull’impiego di grandi numeri primi, Note Recesioni e Notizie, Ministero Poste e Telecommunicazioni, vol. 33, no. 1–2, 1984, pp. 15–22.
U. Feige, A. Fiat & A. Shamir, Zero-knowledge proofs of identity, Proc. 19th. ACM Symp. Theory of Computing, 210–217, (1987) and J. Cryptology, 1 (1988), 77–95.
A. Fiat & A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, Proc. of Crypto'86, Lecture notes in computer science 263, 181–187.
M. Fischer, S. Micali & C. Rackoff, A secure protocol for oblivious transfer, presented at Eurocrypt'84 but missing in the proceedings.
P. Montgomery, Modular multiplication without trial division, Mathematics of computation, vol. 44, 1985, pp. 519–521.
D. Naccache, Method, sender apparatus and receiver apparatus for modulo operation, European patent application no. 91402958.2, November 5, 1991.
D. Naccache, D. M’raïhi, S. Vaudenay & D. Raphaeli, Can DSA be Improved ?, Proceedings of Eurocrypt'94, to appear.
A. Shamir, How to implement public-key schemes with 16,000 bit moduli on a smart-card with 36 bytes of RAM, presented at the rump session of Eurocrypt'94 (05-10-1994 at 20h11).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naccache, D., M’raïhi, D., Wolfowicz, W., di Porto, A. (1995). Are Crypto-Accelerators Really Inevitable?. In: Guillou, L.C., Quisquater, JJ. (eds) Advances in Cryptology — EUROCRYPT ’95. EUROCRYPT 1995. Lecture Notes in Computer Science, vol 921. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49264-X_33
Download citation
DOI: https://doi.org/10.1007/3-540-49264-X_33
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-59409-3
Online ISBN: 978-3-540-49264-1
eBook Packages: Springer Book Archive