A smart card implementation of the fiat-shamir identification scheme

Abstract

This paper describes results and experiences gained from the test implementation of an interactive identification scheme. It was intended to exploit the feasibility of an asymmetric crypto protocol for a state-of-the-art smart card environment. For that reason the identification scheme proposed by Fiat and Shamir was implemented between an actual smart card microprocessor and an industry standard personal computer with a smart card interface. The limits of a current smart card processor in terms of volatile and nonvolatile memory capacity and instruction set turned out to be a rather strict limitation for the choice of the algorithm used. The most time consuming task during the protocol is modular multiplication. Due to the processor structure it is performed as separate multiplication and reduction, where reduction is led back to integer multiplication. The current implementation allows the authentication of a 120 byte identification string at a security level of 2−20 within an average time of about 6 seconds. The experiences gained during this implementation led to a set of requirements for a future specialised processor for asymmetric cryptographic protocols that will be needed to increase this performance by some orders of magnitude.