Point addition using Elliptic Curve calculations on Java Card

Question

I have a smart card which supports JavaCard 2.2.2 and I would like to develop a signature with tickets on elliptic curve. To do that, I need to compute the sum of 2 points on an elliptic curve. I've read the JavaCard's API and I don't think it is possible, in fact there are things about elliptic curves but only for algorithms that are already developed (ECPrivateKey for ECDSA for example ...) But when you want to create an ECPrivateKey, you have to give the parameters which define the elliptic curve, so it is defined somewhere, right ?

To put it in a nutshell, is it possible to develop a Java cardlet which makes computation (sum, product of points...) over an elliptic curve ?

I am a little bit lost aboutthis so thank you very much for your help :)

Answer 1

No, it is not currently possible with the standard Java API, at least not without doing all the required computations yourself, which would require a lot of complex code and the implementation of a multiplier (which will not perform well).

It may just be present in some proprietary API's though (such as certain versions of JCOP, to name a completely random example).

---

Update: 3.0.5 contains ALG_EC_PACE_GM . That still not point addition, but it can be used to implement PACE without proprietary extensions. If the card implements the algorithm in the first place, of course.

Answer 2

I'll post everything that was found based on Maarted Bodewes answer just to make things clear for further readers.

1. Yes, some proprietary JCOP API for ECC on JavaCard exists. Example can be found here . Here is discussion about JCOP.
2. There is neither free tool for integrating this API to existing simulators nor native JCOP simulators available. For free, at least.

3. There is some API provided by Gemalto. At least, I've seen a piece of code that do things like that:

   import com.gemalto.javacard.gostservices.math.ECMathFp; ... private ECPoint point; ...

   Unfortunately, I've no further info about this Gemalto feature.

4. Summing up: there is still nothing to do about ECC on javacard.

   If someone can share details about subject at p.3 - this would be really interesting(for me, at least)

Answer 3

Just in case someone is still looking for a solution:

JCMathlib realizes ECPoint addition. You can load your curve, initialize your EC points and perform all primitive EC point operations.

If it's for prototyping or side-channel attacks are not in your threat model, it should work nicely. But please note that it's unlikely that the lib will ever be as resistant to side-channel attacks as a hardware implementation.

Disclaimer: I'm one of the lib authors. :)