The exclusive promotional activities on JCOP J3H145 card and Feitian R301 Smartcard Reader are in full swing. Please check this page for details.

Searching for java card that supports BIP 0039, BIP0042, ed25519

JavaCard Applet Development Related Questions and Answers.
Posts: 1
Joined: Fri Oct 19, 2018 1:16 am
Points :18

Searching for java card that supports BIP 0039, BIP0042, ed25519

Post by Alex2018 » Sun Oct 21, 2018 11:18 pm

Is there any java card that supports BIP 0039, BIP0042, ed25519? Or support one of the three algorithms?
Any information is great appreciated.

Posts: 141
Joined: Tue Sep 27, 2016 10:58 am
Points :1884

Re: Searching for java card that supports BIP 0039, BIP0042, ed25519

Post by tay00000 » Tue Oct 23, 2018 11:17 am

Sorry, you will not be able to find X25519 capable algorithms on any JavaCard.

The simple reason is JavaCards up till now are struggling hard to get NIST Fp and Fm curves with some cards having some NIST curve support and others preferring other NIST curve support depending on vendor.

X25519 being not NIST approved will not be chosen by many chip manufacturers and you have to see if the card manufacturers can make a firmware customization for you but here's the problem with firmware customization, the X25519 curve will take too long to do something simple like generating a digital signature even if a special firmware were used because most JavaCard chip specifications are not built to be fast in the first place.

Essentially the X25519 is actually two types of curves. The Curve25519 for ECDH which everybody loves and the EdDSA-x25519 for ECDSA. Curve25519 is Montgomery Curve and the X25519 EdDSA is a Twisted Edwards Curve. The cryptographic modules in smart cards usually only come equipped with short Weierstrass curves thus making it very difficult to handle the other two types.

The cryptographic modules in almost all smart card chips are made to conform to only NIST curves and not X25519 curves and there is no such thing as a work-around although many tried and many failed, including myself as I tried a few times and failed to produce a proper X25519 implementation on JavaCard. X25519 curves do not use the same type of curves called the short Weierstrass curves that NIST curves have.

Something very technical in case you have an interest: ... -joppe.pdf.

The slides did mention that Curve25519 can be written as a Weierstrass curve but nobody has been known to successfully got it working and by doing so via converting may expose side channel attacks and unintended consequences and also when executing the curves under certain parameters, it may not actually function properly for certain parameters and conditions.

In short, if you want to look for X25519, I am one of them who tried and failed and many others have. The reason that Ledger team went their own ways of using non-JavaCard but raw ARM instructions and low level languages is because they realize the difficulty and huge limitations that JavaCard has on many of the highly exotic and non-standard algorithms that many blockchain algorithms requires.

Regarding BIP39, you need to hard-code in a pretty huge library of Mnemonic Code library in probably English and whichever languages you want. You also must have PBKDF2 algorithm to convert the Mnemonic Code to a passphrase and perform PBKDF2 on it to derive the master seed and from the master seed to your keypairs. This can be done but very tedious if you do not have experience in coding bitwise operations in highly efficient manner and do not have much experience in JavaCard.

I am not sure why you need BIP42 on card since your card should only be concerned with handling private keys and digital signatures and nothing more otherwise it would be too complex.

- BIP39 == Possible but hard to do
- BIP42 == Not sure what you want it for on card
- X25519 == Please look at other hardware with dedicated hardware backed X25519 family support for now

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 9 guests

JavaCard OS : Disclaimer