Power analysis can be used to attack many implementations of cryptosystems, e.g., RSA and ECC, and the doubling attack is a collision based power analysis performed on two chosen ciphertexts. In this paper, we introduced a modified doubling attack to threaten RSA and ECC implementations by exploiting only one chosen ciphertext of small order. To attack the RSA implementations we selected an input of order two while to attack the ECC implementations we exploited one chosen invalid point of small order on a cryptographically weak curve rather than on the original curve. We showed that several existing power analysis countermeasures for RSA and ECC implementations are still vulnerable to the proposed attack. To prevent the proposed attack, we suggested countermeasures for RSA as well as for ECC.

A multi-application smart card system consists of an issuer, service vendors and cardholders, where cardholders are recipients of smart cards (from the issuer) to be used in connection with applications offered by service vendors. Authentic post-issuance program modification is necessary for a multi-application smart card system because applications in the system are realized after the issuance of a smart card. In this paper, we propose a system where only authentic modification is possible. In the proposed system, the smart card issuer stores a unique long bitstring called PID in a smart card. The smart card is then given to the cardholder. A unique substring of the PID (subPID) is shared between the cardholder and a corresponding service vendor. Another subPID is shared between the issuer and the cardholder. During program modification, a protocol using the subPIDs, a one-way hash function and a pseudorandom number generator function verifies the identity of the parties and the authenticity of the program.

We propose a public-key primitive modulo pkq based on the RSA primitive. The decryption process of the proposed scheme is faster than those of two variants of PKCS #1 version 2.1, namely the RSA cryptosystem using Chinese remainder theorem (CRT) and the Multi-Prime RSA. The message M of the proposed scheme is decrypted from M mod pk and M mod q using the CRT, where we apply the Hensel lifting to calculate M mod pk from M mod p that requires only quadratic complexity ((log2p)2). Moreover, we propose a trick that avoids modular inversions used for the Hensel lifting, and thus the proposed algorithm can be computed without modular inversion. We implemented in software both the proposed scheme with 1024-bit modulus p2q and the 1024-bit Multi-Prime RSA for modulus p1p2p3, where p,q,p1,p2,p3 are 342 bits. The improvements of the proposed scheme over the Multi-Prime RSA are as follows: The key generation is about 49% faster, the decryption time is about 42% faster, and the total secret key size is 33% smaller.

Smart cards and biometrics can be effectively combined for personal authentication over an open network. The combination is achieved as two-step authentication in which the smart card is authenticated based on a public key infrastructure, and the card holder is authenticated using the template stored in the smart card based on the biometric data. The biometric verification has to be executed in the card for security purposes. This paper describes a fingerprint verification method based on a popular biometric verification technique that can be embedded in a smart card. The prototype system that uses this verification method can verify fingerprints in a few seconds by using the data stored on the smart card.