4

I am working on smart cards and especially Java Card. I encountered a lot of difficulties to developp my own cryptographic algorithm due to the restricted API: no access to the crypto-processor to compute an addition of points on EC or a modular multiplication for example.

I heard that MULTOS is more flexible for this kind of feature, is that true? Could you please mention some examples of crypto-processor features (modular arithmetics, elliptic curve points addition etc.) available in MULTOS API, but not available in Java Card?

vojta
  • 5,591
  • 2
  • 24
  • 64
Raoul722
  • 1,222
  • 13
  • 30
  • Please read what Bruce Schneier has to say about developing your own crypto algorithm. – KevinDTimm Sep 03 '15 at 20:58
  • The question is about VM smart cards API, not about risks of developping my own crypto algorithm... I know that it's not recommanded but I just want to make a bench and to find the more flexible smart card to do it. Ty – Raoul722 Sep 03 '15 at 21:22
  • 1
    I am quite familiar with both Java Card and MULTOS and I do not find this question off-topic... Yes, MULTOS has much more straigthforward access to crypto processor. Yes, you can compute addition of points on EC using MULTOS, yes, you can do modular multiplication as often as you wish. However, coding for MULTOS is really no pleasure, it is very low-level, there is almost no IDE and the MULTOS community is quite small and restricted to a few big players on the market, so it is difficult to get the documentation (and there is even no MULTOS tag here at SO!). – vojta Sep 04 '15 at 06:48
  • Nowadays Java Card is winning the battle, I think. – vojta Sep 04 '15 at 06:49
  • Thanks for your comment, it is strange that a platform such as MULTOS which provides interesting features isn't more popular... It is frustrating that the related market is restricted, I would appreciate test this technology but whatever... – Raoul722 Sep 04 '15 at 10:16
  • 1
    @Raoul722 Try contacting MULTOS international: http://www.multosinternational.com/contact-us.html. A few years ago they offered some free samples to our company... – vojta Sep 04 '15 at 12:41
  • Ok, I will try. Ty for the tips! – Raoul722 Sep 04 '15 at 12:54
  • This question could be **objectively** answered by listing some MULTOS methods that give more access to the cryptoprocessor than the standard Java Card API. Note though that Java Card can be extended by a proprietary API. This would make applets non-portable. *The last part of the question "I investigated to find a product that could interest me but I didn't find a lot of things... So is MULTOS still appreciated or Java Card took the average on the smart card battle?" is* ***strongly subjective*** *and enough reason to leave the question closed.* – Maarten Bodewes Sep 06 '15 at 11:22
  • 2
    ... this ***strongly subjective*** part of the question has been removed so I have voted to reopen. Now the wait is for somebody that has access to the MULTOS docs to list a few ECC operations here that cannot be performed by the standard Java Card API. – Maarten Bodewes Sep 07 '15 at 15:18
  • @MaartenBodewes MULTOS docs are freely available [here](https://www.multos.com/developer_centre/technical_library/), [this document](https://www.multos.com/uploads/CAPI.pdf) describes the available APIs. – vlp Sep 09 '15 at 21:19
  • @vlp Thanks. Unfortunately I did not find that many methods with regards to ECC. There's ECIES, but that can be implemented using ECDH. The only thing I did find are modular multiplication and such, so that will at least allow programmers to write their own libraries. – Maarten Bodewes Sep 09 '15 at 21:57
  • Thanks for the link. Regarding ECC, in fact there is nothing new beside Java Card. But stiff there are interesting features such as standard/modular operations on big integers. But note it seems that the key sizes supported for algorithms are smaller than recents Java Cards (128 bits for AES). But probably like in Java Card, every smart cards ha its own features. – Raoul722 Sep 09 '15 at 22:27
  • 3
    @MaartenBodewes MULTOS does provide more features than Java Card, although they are not part of C-API as posted by "vlp". However, you can use low-level API (MAL language) to access them. See this document: https://www.multos.com/uploads/MDRM.pdf (ECC addition primitive is on page 108, for example). – vojta Sep 11 '15 at 11:44

0 Answers0