Smart Theory Meets
Smartcard Practice
Jean-Jacques Quisquater jjq@dice.ucl.ac.be
Research Director CNRS, France and
Université catholique de Louvain, Louvain-la-Neuve, Belgium
UCL Crypto Group http://uclcrypto.org
Part of this work done while visiting scientist at MIT-CSAIL
© UCL Crypto group – October 2004 – DIMACS - Smart Theory Meets Smartcard Practice
b
CONTENTS
• Introduction
• Smart cards
• IBC
• Remote integrity
• Using bad primitives
• Conclusion
© UCL Crypto group DIMACS talk - 2004
2
Goal of the talk
• Show by examples that thinking with
tamperproof and doing crypto with
constrained objects is interesting for
theoretical and practical purposes.
© UCL Crypto group DIMACS talk - 2004
3
Short Story of Smart Cards
• René Barjavel (1966) « La nuit des temps » (Gondas)
• several inventors in USA (IBM - 1968), Japan, Germany,
France
• Roland Moreno (F) pushed the right version (1974)
• Michel Ugon and Louis Guillou were the technical inventors (~
1977)
• SPOM: single chip (security): 1981: first crypto algo and
protocol (secret key): tests in France
• first DES: 1985 (TRASEC, Belgium,TB100 -> Proton)
• first RSA: CORSAIR (Philips): 1989 (coprocessor)
• ...
• in some sense smart angel-in-the-box (Shai Halevi, yesterday).
© UCL Crypto group – October 2004 – DIMACS - Smart Theory Meets Smartcard Practice
Ring by Moreno (1974) and
first smart card (1980)
© UCL Crypto group DIMACS talk - 2004
5
The chip (IC)
Reset Ground Volt Clock
CPU
firewall
coprocessor
DES – RSA -ECC
RAM
© UCL Crypto group DIMACS talk - 2004
ROM
I/O
security
logic
sensors
EEPROM
flash memory
6
A complete computer
© UCL Crypto group DIMACS talk - 2004
7
Passive attacks
CLK
1. timing
2. SPA-DPA
VCC
I/O
Chip
GRD
RST
3. probing
© UCL Crypto group DIMACS talk - 2004
4. measures
of radiations
8
Active fault attacks
(Bellcore attack)
Key=1010110...
© UCL Crypto group DIMACS talk - 2004
9
© UCL Crypto group DIMACS talk - 2004
10
Tamperproof model
  encrypted message 
SENDER k
(Alice)
E(m)
E(m)=10010100111
  
© UCL Crypto group DIMACS talk - 2004
RECEIVER k
(Bob)
D(E(m))=m
Tamperproof model => asymmetric crypto
(DH-RSA – 1980 public)
SENDER k
(Alice)
E(m)
E(m)=10010100111
Only able to encrypt
© UCL Crypto group DIMACS talk - 2004
RECEIVER k
(Bob)
D(E(m))=m
Only able to decrypt
Authority K
E(Id) = k
Identification with identity-based crypto
(Shamir 1984
Guillou 1984
Fiat-Shamir 1986)
Id
k
PROVER k
Id
E(r) = R
Id
Surprise r
Response R
© UCL Crypto group DIMACS talk - 2004
VERIFIER K
E(Id) = k
E(r) = ? R
Identity-Based Encryption
• Adi Shamir: Identity-Based Cryptosystems and
Signature Schemes. CRYPTO 1984: 47-53.
• Yvo Desmedt, Q.: Public-Key Systems Based on the
Difficulty of Tampering (Is There a Difference
Between DES and RSA?). CRYPTO 1986: 111-117.
• Dan Boneh, Matthew K. Franklin: Identity-Based
Encryption from the Weil Pairing. CRYPTO 2001:
213-229.
• Clifford Cocks: An Identity Based Encryption
Scheme Based on Quadratic Residues Source
LNCS, Proc. of the 8th IMA Intern. Conf. on
Cryptography and Coding 2001: 360-363.
© UCL Crypto group DIMACS talk - 2004
14
Hierarchical IBC?
• Was done also in 1984
• The easy way: you iterate the process
with cards being mother, daughter,
granddaughter, aso.
© UCL Crypto group DIMACS talk - 2004
15
Tamperproof model useful?
• Sometimes proof of concept
• Sometimes useful to simulate publickey crypto in closed systems
• Yes, but we don’t know how to
translate tamperproof into trapdoor
in a crypto function.
© UCL Crypto group DIMACS talk - 2004
16
First smart card (1980)
© UCL Crypto group DIMACS talk - 2004
17
Security with two chips or
with a unsecure server?
• One chip is tamperproof but slow,
• The other one is a unsecure memory or a
fast unsecure processor, …
• Philippe Béguin, Q.: Secure Acceleration of DSS Signatures
Using Insecure Server. ASIACRYPT 1994: 249-259
• Possible for El gamal signatures with small memory
• RSA?
• See Philippe Béguin, Q.: Fast Server-Aided RSA Signatures
Secure Against Active Attacks. CRYPTO 1995: 57-69
• but parameters need to be changed due to an attack by
Nguyen–Stern (Asiacrypt 1998). Better?
• Work in progress
© UCL Crypto group DIMACS talk - 2004
18
New problem: “remote integrity”
(better than Tripwire®?)
IICIS 2003: Deswarte,Q, Saïdane
VERIFIER
PROVER
Smart card
Id
M (secret)
Id
Surprise A
Response R
A lot of smart cards
© UCL Crypto group DIMACS talk - 2004
r! A!
h(M)
f(r,h(M))=R?
Protocol for remote integrity
• GENERAL INIT: Let M = (content of the file), integer
n = pq (RSA modulus, 1024 bits) public: factorisation is
secret
a = a random number, 1 <a <n-1, secret (chosen by verifier)
• INIT for ONE FILE: h = aM mod n precomputed by verifier
• Verifier generates a random number r
and computes challenge A = ar mod n
• Smart card computes response: R = AM mod n and send R (or
a part of it)
• Verifier computes C = hr mod n and checks
if R = C = aMr mod n
• Diffie-Hellman protocol
• Problem: Proof!
• Work in progress (optimisations)
© UCL Crypto group DIMACS talk - 2004
20
Using bad primitives?
• Bad random generator
• Breakable hash function h()
• E: resists to linear crypto,
• E: bad for differential crypto
h(r1) (weak
PROVER k
h(), r1!
E(r1+r2) = R
commitment)
r2
Response R, r1
© UCL Crypto group DIMACS talk - 2004
VERIFIER k
E(r1+r2) = R ?
General conclusion
Thinking theoretically with strongly
constrained objects set interesting
problems with practical results.
Many open problems.
UCL©
© UCL Crypto group DIMACS talk - 2004
22