Signing data
Opened this issue · 2 comments
Dear David,
I've correctly compiled and tested the published code and I'm trying to add an APDU to sing a data sent by the reader, but I'm not familiar with the math.
Can you give me a suggestion?
Thanks, Stefano
Hi Stefano,
This repo only includes an implementation of the Curve25519 key exchange (i.e. Diffie-Hellman). You could probably still implement something like ECDSA on top of Curve25519, but normally signatures rather use Ed25519 (see here: https://ed25519.cr.yp.to/). You can find some more info here: https://crypto.stackexchange.com/questions/27866/why-curve25519-for-encryption-but-ed25519-for-signatures
The issue with implementing would be that Ed25519 uses a twisted Edwards curve, while "normal" Curve25519 uses Montgomery curves (that this project converts to Weierstrass Form to use the built-in accelerators of Javacards). Tbh I have not looked into whether something similar can be done for Edwards curves.
Best
David
Thanks David. I've facing a curious situation. The ed2519 is not used in common smartcard use case, mainly because there are no chip implementing the JCOP 3.1 that support this curve and because the common use cases where the signature is requires by a smartcard use more common signature schema like RSA of ECC Secp256k1.
But a new use case is rising up with the potential of a very wide adoption: Distributed Identity. Until today the W3C DID standard has been used in very rare cases and mainly due too the cost of the required distributed network (required by the standard) like Ethereum or Bitcoin. But a new DLT is now ready to be used and has no transaction fees: IOTA (iota.org). That means that a Distributed Identity solution can be delivered we almost no costs. The common application require a smartphone to manage the user identity and sign a challenge to prof to be the identity controller when needed. The signature used on IOTA is the ed25519.
Clearly a human can manage (sing) his identity with a smartphone, but device can't. So I guess there is billions of potential small devices and passive objects that will benefit of the Distributed Identity based on a smartcard abel to sign with the ed25519.
The problem is: until there will be not a smartcard usable in a POC the scenario remain a futuristic view. But if we can proof the solution, the chip maker will follow for sure.
I'll look into the links you post, but I'm not sure to have the skill to address this problem, even simply for a demo.
I understand you used one curve conversion property that can lead to a not compliant signature, but the reader application can manipulate the signature obtaining the expected result. this workaround would be more than acceptable.
Thanks, Stefano