Nonce Generation security and Signing performance

[boemekeld]

Hi @dufkan,

I am planning to integrate your implementation into our project for signing Cardano transactions as a proof-of-concept while we await the arrival of chips supporting Javacard 3.1 in the market.

To accomplish this, I intend to use deterministic nonce generation, based on the transaction hash (32 bytes) and the private key.

Question 1) Does the security "WARNING" mentioned in the README also apply to the deterministic nonce generation, or is it related solely to the random generation process?

Question 2) How long does it typically take to sign 32 bytes with offloading disabled? I attempted to run tests with J3R180 using two different card readers, but I encountered the error "No card terminal found".

Question 3) Which card reader do you recommend using?

Thank you for your excellent work on this project!

[dufkan]

Hi,

I am glad that you like this project.

Re 1) Yes, the leakage is independent on the nonce generation approach.

Re 2) I just run the measurement with J3R200 and it took around 800 ms with offloading disabled. The error you were getting was most likely caused by the reader index being set to 2 in tests. I changed it to 0 in beee548, which is a more reasonable default.

Re 3) I have been using the Gemalto GemPC Twin reader, but any reader should work.