Smart cards are small, portable, tamper-resistant devices offering users conve-

nient storage and processing capabilities, and as such they play a prominent role

in providing the required security level in banking transactions, the GSM and

UMTS cellular systems or pay TV environments, to put only a few examples.

Smart cards are amenable to cryptographic implementations, as they contain

multiple software and hardware countermeasures designed to protect sensible

information such as the keying material [7].

The two most widely used smart card platforms are Java Card [8], developed

by Sun with the support from several leading smart card providers during the

1990s, and MULTOS (a multi-application operating system controlled by the

MULTOS Consortium) [9]. Though both platforms implement cryptographic

capabilities, the public-key cryptography capabilities provided by Java Card are

more complete, specially regarding ECC functionality.

In the present work, we describe two implementations, using prime and binary

fields, of the best known encryption scheme using elliptic curves, the Elliptic

Curve Integrated Encryption Scheme (ECIES). To our knowledge, there are no

smart card implementations of this encryption scheme, so this is the first time

that ECIES is implemented, and its performance is analysed, in Java Cards. We

also provide a performance comparison of both implementations using different

combinations of plaintext lengths and key sizes.

This paper is organized as follows: Section 2 presents a brief introduction to

ECC and ECIES. Section 3 includes a summary of the ECIES support in Java

Card. Section 4 provides the main characteristics of the smart cards used in the

tests and offers some details about the applet development phase. Finally, in

Section 5 we present the experimental results of the tests along with the most

important findings and conclusions.

2 Elliptic Curve Cryptography and ECIES

An elliptic curve E defined over a finite field

is a plane non-singular cubic

curve with at least a rational point [10]. In practice, generic elliptic curves are

managed using the following equation, known as the Weierstrass equation in

non-homogeneous form [11], where the elements a 1 ,a 2 ,a 3 ,a 4 ,a 6 ∈ F

F

and Δ

=0,

being Δ the discriminant of the curve E [12]:

E : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6 .

(1)

The homogeneous version of the Weierstrass equation implies the existence of

a special point, called the point at infinity, which is denoted as

O

and does not

have a counterpart in the ane plane.

When working with finite fields, it is possible to obtain simplified versions of

the Weierstrass equation. If the finite field is a prime field, i.e.

F p ,where

p> 3 is a prime number, the equation defining the elliptic curve becomes:

F

=

y 2 = x 3 + ax + b.

(2)