Authors: Antonín Dufka, Petr Švenda
Primary contact: Antonin Dufka <dufkan@mail.muni.cz>
Conference: 18th International Conference on Availability, Reliability and Security (ARES 2023)
@inproceedings{2023-ares-dufka, author = {Dufka, Antonin and Svenda, Petr}, title = {Enabling Efficient Threshold Signature Computation via Java Card API}, year = {2023}, isbn = {9798400707728}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3600160.3600180}, doi = {10.1145/3600160.3600180}, booktitle = {Proceedings of the 18th International Conference on Availability, Reliability and Security}, articleno = {2}, numpages = {10}, keywords = {Schnorr signatures, smartcards, threshold cryptography, elliptic curves, Java Card}, location = {Benevento, Italy}, series = {ARES '23} }
Threshold signatures are becoming an increasingly popular method of signing key protection, primarily due to their ability to produce signatures that require the cooperation of multiple parties yet appear indistinguishable from a regular signature. This unique feature allows for their easy integration with existing systems, making them highly desirable in applications like national identity systems and transaction authorization, where they are being gradually deployed; their growing importance is further attested by NIST’s recently initiated efforts to standardize threshold schemes.
An issue often encountered in the deployment of threshold schemes is that their execution is not supported by current secure hardware, which is necessary for the secure handling of secrets, as storing the shares in regular memory puts them at an increased risk of compromise. This raises the question of whether it is possible to run state-of-the-art threshold protocols with current secure hardware that we attempt to answer for cryptographic smartcards.
We analyzed algorithms available on smartcards with the Java Card platform and repurposed them to construct operations needed in threshold protocols. We use these derived operations to implement , a state-of-the-art threshold signature scheme currently in a standardization process, making it the first open smartcard implementation of a threshold protocol supporting an arbitrary threshold. We demonstrate the practicality of this approach on the latest smartcards with no requirement for proprietary libraries.