WIPR Public Key Identi cation on Two Grains of Sand

We revisit a public key scheme presented by Shamir in [16] (and simultaneously by Naccache in [12]) and examine its applicability for general-purpose RFID tags in the supply chain. Using a combination of new and established space-saving methods, we present WIPR a fulledged public key identi cation scheme which is secure yet highly e cient. 1024-bit WIPR ts completely (including RAM) into 5705 gate equivalents and has a mean current consumption of 10.88μA. The main novelty in our implementation is the replacement of the long pseudorandom sequence, originally stored on EEPROM in [16], by a reversible stream cipher using less than 300 bits of RAM. We show how our scheme can be extended to o er tag-to-reader and reader-to-tag authentication and how it can be t into the existing RFID supply chain infrastructure.

[1]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[2]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[3]  Anna M. Johnston Digitally Watermarking RSA Moduli , 2001, IACR Cryptol. ePrint Arch..

[4]  Máire O'Neill,et al.  Public Key Cryptography and RFID Tags , 2007, CT-RSA.

[5]  Adi Shamir,et al.  Memory Efficient Variants of Public-Key Schemes for Smart Card Applications , 1994, EUROCRYPT.

[6]  Berk Sunar,et al.  State of the art in ultra-low power public key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[7]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[8]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[9]  Serge Vaudenay,et al.  When Stream Cipher Analysis Meets Public-Key Cryptography , 2006, Selected Areas in Cryptography.

[10]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[11]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[12]  Johannes Wolkerstorfer,et al.  ECC Processor with Low Die Size for RFID Applications , 2007, 2007 IEEE International Symposium on Circuits and Systems.

[13]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[14]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.