2

I'm interested in programming Prime numbers in an element field on a SmartCard.

Where can I learn about a smart card's "inputs" and "outputs" so I can call it from a custom application?

The math I need to do is:

 ( (BigInteger * BigIntegerA)/BigInteger) + BigIntegerB

I need to keep BigInteger A and B secret, and resident on the device.

TLDR
  • 700
  • 1
  • 7
  • 17
  • How large are these "BigInteger" values? 2^Integer.MAX_VALUE as in Java 8 or? – dark_st3alth Feb 18 '17 at 23:51
  • Depends on the card. They are just microcontrollers after all, and there are lots of different ones. Pick the one that fits your requirements. – André Borie Feb 19 '17 at 00:36
  • @AndréBorie do you know how I can locate such a product? Should I contact a set of vendors? Not entirely sure how to approach this... – TLDR Feb 19 '17 at 16:54
  • 1
    Look up the data sheets for Infineon, NXP, ST etc. [Here is a list of Smart Card / OS manufacturers](http://www.smartcardbasics.com/smart-card-types.html#operating-systems) (note: I just googled this list, it may not be complete). – Maarten Bodewes Feb 19 '17 at 21:34

1 Answers1

2

A smart card is a general computing device that is Turing complete; basically it is a system-on-a-chip (SoC) with a limited amount of inputs / output. So in principle you can calculate anything with a smart card.

BigInteger (bignum) arithmetic however is tricky on such small processors. Many smart cards are 16 or even 8 bit computing devices (although 32-bit ARM is making some inroads even there). This is problematic for large number calculations such as multiplication and division. Addition can be easily implemented on any CPU of course - it is very easy to extend 8 or 16 bit additions to an N bit addition for any large N.

For this reason, many smart cards contain a coprocessor that contains a Montgomery multiplier, which is mainly used to perform asymmetric cryptography such as RSA and ECC (Elliptic Curve) calculations. The availability of this coprocessor for general purpose calculations depends on the operating system. Java Card for instance contains an optional bignum interface, but this interface is not often implemented.

With these kind of calculations it is likely that you need low level access to the coprocessor. If you want to keep A and B secret then you also need to keep side channel analysis - DPA and sharks with lasers: LFI) in mind, so if you want to perform the calculations yourself you're in danger.

The inputs and outputs can be performed using the normal APDU interface, which is the default for almost any smart card. You may need extended length or chained APDU's though, if your input or output values are large enough (255 bytes is the default maximum input, 256 bytes the default maximum output).

How you program the smart card depends on the operating system on the smart card. Java Card + Global Platform is the default for most manufacturer independent applications, but it has a relatively high level API (often extended with proprietary API's).

dudebrobro
  • 673
  • 3
  • 7
Maarten Bodewes
  • 4,562
  • 15
  • 29