New Secure Authentication Mechanisms
Suppose a smart card is used to authenticate the user to a verification device such as an ATM or an electronic door lock. Furthermore, suppose the method of authentication consists of the smart card proving to the verification device that it knows the secret component of a registered RSA key N. The proof must be such that the verification device does not learn any information about the card's secret key.
Number theorists have long known that this can be achieved by having the smart card produce a modular square root of a randomly generated number. The latter number is called a "challenge", and this type of protocol is called a "challenge-response protocol". The need for both parties to be assured that the other does not control the challenge is critical for security. In this example, if the smart card is allowed to generate the challenge then it can issue a response regardless of whether or not it knows the factorization of N. On the other hand, if the verification device is able to generate the challenge, then it can "steal" the card's secret key. There exist multi-round protocols that allow two parties to jointly generate a random number. Multi-round protocols can be expensive in time and computation, especially so if one of the parties involved is highly constrained in memory and speed. The Randomness Beacon allows a one-round proof (if the Beacon is accessed by the verifier) or even a one-message proof (if the card accesses the Beacon). Note that the time-stamp and signature in the Beacon's output allows one or both of these devices to be off line at the time they perform the authentication protocol.
Return to the NIST Randomness Beacon page.