Building a Mobile Crypto Engine for e-ID using JavaCard Applets
Category: Network security
Location: Zurich
Contact:
Martin Burkhart
Background
The Swiss e-ID is planned to go live in December 2026 and is based on self-sovereign identity (SSI) principles. A public beta of the future Swiss E-ID is already available. Similiary, The European Union plans to introduce SSI-based solutions for the European Digital Identity (EUDI) soon.
A central element of e-ID security is the use of hardware secure elements (SE) on mobile phones for storage of users’ private keys. SEs bind the identity to a device, as keys in the SE cannot be copied or extracted by malware. For supporting privacy-preserving presentations of e-ID credentials, advanced cryptographic schemes, such as BBS+, are discussed. Also, the support for post-quantum signatures (e.g. ML-DSA/Dilithium) is a pressing issue for identity frameworks. However, standardization of cryptographic algorithms for SEs is complex and slow, involving many organizations (Apple, Google, NIST, IETF, GlobalPlatform, chip vendors, etc.). Today, widely available SEs only support ECDSA and it is unclear when BBS+ or PQC will be available in SEs.
Goals of Thesis
The goal of this thesis is to explore how JavaCard applets could provide more freedom from SE chip vendors and OS manufacturers. In particular, a crypto engine supporting modern cryptographic schemes (BBS+, Dilithium, etc.), should be implemented on brand-specific SDKs, eSIMs or SIM cards. Typically, these cards have severe restrictions on computation power, storage, and bandwidth. Therefore, performance of JavaCard deployments must be evaluated thoroughly. The potential of hybrid TEE/JavaCard architectures should be explored. A technical prototype, integrating the JavaCard applet with open-source components of the e-ID stack should be implemented. Also, the roles of mobile network operators must be discussed, as certain operations on JavaCards can only be performed by them. How would that change the trust relations in the e-ID ecosystem between issuers, verifiers, holders and registry operators? Since the deployment with current SEs will go live already this year, the migration from classical SEs to JavaCard-based deployments should be discussed. Would it be possible to follow a smooth migration path?
Requirements
- Interest in self-sovereign identity solutions
- Solid background in cryptography
- Implementation skills
- Experience with JavaCard applets (e.g., JCDE/JCDK, jCardSim) and mobile platforms
Supervision
The thesis will be supervised by the CYD campus and an expert from Swisscom.