Designs, Codes and Cryptography

, Volume 38, Issue 3, pp 399–415 | Cite as

Communication-Computation Trade-off in Executing ECDSA in a Contactless Smartcard

  • Benjamin Arazi


Emerging standards specify a communication rate between a contactless smartcard and a terminal that is of the same order of magnitude as the internal clock rate in the card. This gives a natural ground for the known card-terminal communication-computation trade-off, where non-secure operations should rather be performed by the terminal and not in the card. In this paper we treat an implementation of Elliptic Curve Digital Signature Algorithm (ECDSA), the most cost effective digital signature algorithm, which has a potential of being executed under the heavy constraints imposed by a contactless smartcard environment. This algorithm heavily relies on numerous calculations of modular multiplicative inverses. It is shown in this paper that, based on communicating with the terminal, each modular inverse operation needed to be executed in the card during ECDSA signature generation requires only two modular multiplications in the card. Each modular inverse operation performed during signature verification requires only one modular multiplication in the card. A complete ECDSA implementation over integers or over GF(2 n ) is then treated in detail


access control elliptic curve cryptography ECDSA smartcards 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    (US Department of State): Enhance Border Security and Visa Entry Reform Act:
  2. 2.
    Electronic Passports Prep for Check-In: Scholar
  3. 3.
    E-Passport Development Quickens with Security Threats’ (EE-Times):
  4. 4.
    WG3 – Machine-Readable Travel Documents - Scholar
  5. 5.
    WG8 – Contactless Integrated Circuit(s) Cards, Related Devices and Interfaces: http://www.
  6. 6.
    Summary of NIST Standards for Biometric Accuracy, Tamper Resistance, and Interoperability: (p. 18).
  7. 7.
    IEEE Std 1363-2000: Specifications for Public Key Cryptography. August 2000.Google Scholar
  8. 8.
    Infenion Security and Chip Card ICs: SLE66CLX320PGoogle Scholar
  9. 9.
    Multos Product Directory – 20Product %20Directory%20Silicon%20Vendors.pdfGoogle Scholar
  10. 10.
    Draft Agenda for the 31st Meeting of ISO/IEC JTC1/SC17/WG8: http://www.ncits. org/tc_home/ b105htm/b105Doc2003/N03-141-agenda-WG8%20Paris.html (Section 9.8.)Google Scholar
  11. 11.
    N. Kogan, Y. Shavitt and A. Wool, A Practical Revocation Scheme for Broadcast Encryption Using Smart Cards, 24th IEEE Symposium on Security & Privacy, Oakland, CA, 2003.Google Scholar
  12. 12.
    Arazi, B. 1993Architectures for Exponentiation over GF(2n) Adopted for Smartcard ApplicationIEEE Trans. Comput.42494497CrossRefGoogle Scholar
  13. 13.
  14. 14.
    J. D. Dworkin et al, Finite Field Inverse Circuits, US Patent 6,009,450, 1999.Google Scholar
  15. 15.
    Peterson, W.W., Weldon, E.J. 1972Error Correcting CodesMIT PressCambridge, MAGoogle Scholar
  16. 16.
    Montgomery, P. 1985Modular multiplication without trial divisionMath. Comput.44519521MATHGoogle Scholar
  17. 17.
    S. R. Dusse and B. S. Kaliski, “A Cryptographic Library for the Motorola DSP56000 ERO,CRYPT 90, LNCS Vol. 473 (1990) 230–244.Google Scholar
  18. 18.
    Koc, C.E., Acar, T. 1998Montgomery multiplication in GF(2k)Designs, Codes Cryptograp.145769MathSciNetGoogle Scholar
  19. 19.
    Schroeppel, Richard,  et al.  et al. 2003A low-power design for an elliptic curve digital signature chipKaliski, B.S.,Jr. eds. CHES 2002, LNCS 2523Springer-VerlagBerlin Heidelberg366380Google Scholar

Copyright information

© Springer Science+Business Media, Inc. 2006

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringBen Gurion UniversityBeer ShevaIsrael
  2. 2.Department of Computer Engineering and Computer ScienceUniversity of LouisvilleLouisvilleUSA

Personalised recommendations