Issue No. 03 - June (1996 vol. 16)
Public-key cryptography today is having a significant impact throughout the microprocessor and microcomputer world. From smart cards to network protocols, from electronic payment systems to optimized arithmetic techniques, public-key cryptography affects microcomputer systems at every level.
The main concept of public-key cryptography is that users can communicate securely—with privacy from eavesdroppers and assurance that messages exchanged are authentic—without first sharing secret information. 1 With non-public-key (that is, secret-key) techniques, such sharing of secrets is essential at some point, which limits the flexibility of a security system, or at least requires that users place significant trust in a central authority. With public-key techniques, parties have pairs of keys: a secret private key and a public key available to other users. (For details, see the box, What is public-key cryptography?) Only one party knows a given private key, but the public key need not be kept secret and can be given to anyone.
In a sense, the move from secret- to public-key techniques parallels the transition from mainframes to microcomputers, as the ownership of data—keys in the case of cryptography—moves from a central authority to the users. Just as the transition in computing devices has opened opportunities for networking and communications, so the transition to public-key cryptography lends itself to all kinds of opportunities, including secure electronic commerce.
The most notable microprocessor-related impact of public-key technology is perhaps in the area of integrated circuit cards, variously known as smart cards or chip cards, the development of which coincided with the maturation of public-key cryptography. While initial IC cards were generally passive storage devices, a limited processing capability is now fairly standard. These cards often also have some degree of physical protection, making them suitable for storing secrets such as private keys.
IC card technology has influenced public-key cryptography in the sense that designers have developed public-key systems specifically to meet the stringent memory and communication bandwidth requirements of IC cards (for example, the Guillou-Quisquater identification scheme 2). Likewise, public-key cryptography has affected IC card design in the introduction of coprocessors for the arithmetic in public-key systems.
David Naccache and David M'Raïhi's article, "Cryptographic Smart Cards," covers the latter kind of impact, surveying the arithmetic coprocessors for IC cards currently available and categorizing their features. A remarkable number of such coprocessors are available, reflecting the commitment of manufacturers to public-key technology based on modular arithmetic (for example, RSA and DSA—see the box). Two boxes accompany the article, "Toward available personal portable security," by Stephan Ondrusch, and "Motorola's SC49: A public-key microcontroller," by Carol H. Fancher. These boxes offer further comments on IC cards and cryptography, discussing such issues as performance, public-key certificate storage, and "electronic wallets."
While arithmetic coprocessors are convenient (and arguably essential) for dedicated hardware such as IC cards, software implementations are equally important. For those techniques based on modular arithmetic, researchers have developed a variety of implementation methods, particularly for the central step of modular multiplication (the computation of a × b mod n, for some fixed modulus n). One of the more promising methods, in terms of simplicity and speed, is that introduced by Peter Montgomery. 3 "Analyzing and Comparing Montgomery Multiplication Algorithms," by Çetin Koç, Tolga Acar, and Burton S. Kaliski, Jr., compares several approaches to this method.
Public-key technology finds many applications in microcomputer networking. Electronic mail is one example (and perhaps the most common illustration of the technology); parties can send mail confidentially and ensure its authenticity by applying public-key encryption and digital signatures. Electronic mail falls into the class of store-and-forward applications, as it is possible for one party to send protected mail, without the immediate participation of the recipient. Session-oriented applications assume the direct involvement of multiple participants, and as a result can sometimes employ a different set of cryptographic techniques. (For instance, in the session-oriented case, it may not be so important to the parties to have a digitally signed receipt of a transaction; an interactive identification scheme may be sufficient.)
"Transparent Authentication and Confidentiality for Stream Sockets," by André Zúquete and Paulo Guedes, describes a session-oriented application, in which parties on a network authenticate one another and agree on a session key with which they encrypt subsequent communications. The key agreement technique is Diffie-Hellman (see the box).
Electronic payment systems have become a public-key technology application of intense interest, especially with the potential for electronic commerce on the Internet. Such systems take many forms, from anonymous digital cash following David Chaum's pioneering work 4 to credit-card-oriented systems such as VISA and MasterCard's recently announced Secure Electronic Transaction (SET) specifications. 5
Non-public-key systems are certainly possible for electronic payments, and indeed the backbone of the world's financial networks has long relied on secret-key technology. But public-key technology offers a much more open system, as merchants and consumers can join the system simply by presenting a public key (and for legal reasons, possibly a proof of identity); no sharing of secrets with other parties is necessary.
"SCALPS: Smart Card for Limited Payment Systems," by Jean-François Dhem, Daniel Veithen, and Jean-Jacques Quisquater describes one payment system based on public-key cryptography, specifically on a variant of the Guillou-Quisquater identification scheme. 2 SCALPS complements the other articles in the issue as well; it employs IC cards, and the multiple-precision arithmetic follows Montgomery's method.
Of course, for electronic payment systems and many other applications of public-key technology to become a part of everyday life, such applications need a legal standing. Indeed, it is only recently that the concept of a digital signature has been given a legal interpretation. One reason is that there are more issues to consider than just the cryptographic operations. Ownership of a key pair is one issue (whose signature is it?); the recovery from the compromise of a key is another. The sidebar, "Legal recognition of digital signatures," by Lee Hollaar and Alan Asay, gives a synopsis of efforts in this area.
These articles offer a view into some of the ways public-key technology affects microcomputer and microprocessor systems today. We can find many other illustrations. As a popular example, one might consider Netscape's Navigator, a browser for the World Wide Web. The key icon in the lower left-hand corner of the Navigator display is either intact or broken depending on whether the current connection is secured. Regardless, the public-key cryptography is already there; the only difference is whether the Web server turns security on. One may expect the Netscape key—as well as its counterparts in other applications—to be intact more often as public-key cryptography becomes a standard feature of the microcomputer world.
An LEQSF PLEx grant, LEQSF(1993-96)-ENH-PLEx-03, funded part of this work.
Mahdi Abdelguerfi, a professor of computer science at the University of New Orleans, participates in research on database systems, information retrieval, and VLSI architectures for encryption. He is the recipient of the 1991 University of New Orleans Early Career Achievement award for excellence.Abdelguerfi received a Dipl in electrical engineering from the National Polytechnic School of Algiers, Algeria, and MS and PhD degrees in computer engineering from Wayne State University, Detroit. He is a member of the IEEE, the ACM, Eta Kappa Nu, and Tau Beta Pi.
Burton S. Kaliski, Jr. is chief scientist of RSA Laboratories. His research interests include cryptography and computer arithmetic.Kaliski received BS, MS, and PhD degrees in computer science from the Massachusetts Institute of Technology. He is a member of the IEEE Computer Society, Sigma Xi, and Tau Beta Pi. He chairs IEEE P1363, a group developing standards for public-key cryptography. He performed part of this work during his time at the Isaac Newton Institute for Mathematical Sciences, University of Cambridge (UK).
Wayne Patterson is vice president for research, dean of graduate studies, and professor of computer science at the University of Charleston, South Carolina. He is the author of the widely used textbook, Mathematical Cryptology, and numerous research articles, primarily in the areas of cryptology and parallel computer arithmetic.Patterson received BS and MS degrees in math from the University of Toronto, an MS in computer science from the University of New Brunswick, and a PhD from the University of Michigan. He is a member of the ACM, the IEEE Computer Society, and the International Association for Cryptologic Research.