Two-party ECDSA with JavaCard-based smartcards

Dufka,  Antonín; Laud, Peeter; Švenda,  Petr

Two-party ECDSA with JavaCard-based smartcards

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.

Authors	DUFKA Antonín LAUD Peeter ŠVENDA Petr
Year of publication	2025
Type	Article in Proceedings
Conference	Applied Cryptography and Network Security: 23rd International Conference on Applied Cryptography and Network Security
MU Faculty or unit	Faculty of Informatics
Citation
web	https://link.springer.com/chapter/10.1007/978-3-031-95764-2_7
Doi	http://dx.doi.org/10.1007/978-3-031-95764-2_7
Keywords	Smartcards;Two-party ECDSA;Threshold cryptography
Description	Threshold signatures are an effective method for enhancing the security of signing keys based on distributing their storage across multiple devices and enabling direct signing using the produced key shares without reconstructing the original keys. For instance, a private key can be split between a smartphone and a smartcard, with each device controlling a key share. To create a signature, a user simply taps the smartcard on the smartphone, executing the threshold signing protocol over the contactless interface, which results in the signature. However, computing threshold signatures on smartcards presents significant challenges due to their limited computational resources. This issue becomes even more pronounced with ECDSA signatures, the most widely used type of elliptic-curve-based signatures. Unlike other common EC-based signature schemes, threshold ECDSA is computationally intensive because it requires the multiplication of secretly shared values. To address this challenge, we surveyed protocols for computing threshold ECDSA signatures and proposed three approaches viable for computation on current smartcards with different trade-offs. The first approach is based on a two-party protocol by Lindell [22], which is computable on smartcards thanks to their modular exponentiation coprocessor but still relatively slow. The remaining two approaches utilize the preprocessing model with an optional trusted preprocessing party. We implemented all three approaches for the JavaCard platform while considering the hardware constraints and evaluated their performance on a physical smartcard to assess their practicality.
Related projects:	Elektronické důkazy v trestním řízení Cyber-security Excellence Hub in Estonia and South Moravia (CHESS) Applied research at FI: Trust in dynamic software ecosystems, cryptographic implementations, cybersecurity trainings, data fusion for physical sensors and scheduling algorithms in logistics