bitgamma
commented
2 years ago Closed bitgamma closed 1 year ago
bitgamma
commented
2 years ago bitgamma
commented
1 year ago will be implemented in a different way
martinpaljak
commented
1 year ago How exactly ? :)
bitgamma
commented
1 year ago we have to make use of a vendor specific API to access the low level modular arithmetic processor. It is in an another repository which will be opened very soon as well but it won't work on off-the-shelves cards. We will keep feature parity as much as possible between the two versions though. For now the only revelevant difference is ECDSA being determinstic.
Some services (zk among others) rely on the signature being always the same for the same message. This requires implementing deterministic ECDSA as per https://datatracker.ietf.org/doc/html/rfc6979#page-10.
The JavaCard 3.0.5 API does not define a specific algorithm for deterministic ECDSA but a vendor could implement it either by defining an ad-hoc algorithm or by accepting k to be provided as the 3rd parameter of the Signature.init method (algorithm specific initialization data). In the second case k will be calculated in the applet itself (trivial).
It is to be clarified if the JCOP4 cards used for Keycard have this ability so that the applet can be extended accordingly.
Alternatively a software implementation of ECDSA could be done, however feasilbility and performance are yet to be investigated. Also unlike the hardened vendor-provided implementation a software implementation could be susceptible to side channel attacks.