RFID Security pp 317-348 | Cite as

Public-Key Cryptography for RFID Tags and Applications

  • Lejla Batina
  • Jorge Guajardo
  • Bart Preneel
  • Pim Tuyls
  • Ingrid Verbauwhede


RFID tags are small wireless devices expected to be pervasive in the future. In addition to their rigorous constraints featuring an extremely low-power budget and small die size, they also give rise to serious security and privacy issues. Typical security services include authentication, key management, and encryption. Although some experts have given up on the feasibility of public-key solutions for RFID, assuming it is too expensive and too power hungry, there exists a firm line of research exploring the limits of compact public-key implementations for RFID devices.

An emerging application is the use of RFID tags for anticounterfeiting by embedding them into a product. Public-Key Cryptography (PKC) offers an attractive solution to the counterfeiting problem and thus, exploring possible implementation options for this application is attractive.

In this chapter, we discuss PKC-based solutions well suited for RFIDs. Our focus is on cryptographic solutions based on elliptic curves. We describe low-cost Elliptic Curve Cryptography (ECC) processors supporting security algorithms and protocols for RFID. We also investigate which PKC-based identification protocols are useful for these anticounterfeiting applications. We argue that identification of RFID tags can reach high security levels. In particular, we elaborate how secure identification protocols based on the DL problem on elliptic curves can be implemented on an RFID tag in a bit more than 10,000 gates. We describe various cases of elliptic curves over F2p with p prime and over composite fields F2 p . Some of the implementations described in this chapter make RFID tags suitable for anticounterfeiting purposes even in the off-line setting. Finally, we compare different implementation options and explore the cost that side-channel attack countermeasures would have on such implementations.


Elliptic Curve Smart Card Elliptic Curf Elliptic Curve Cryptography Elliptic Curve Cryptosystems 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Aigner and M. Feldhofer. Secure symmetric authentication for RFID tags, March 8–9, 2005, Graz, Austria. Telecommunication and Mobile Computing - TCMC, 2005Google Scholar
  2. 2.
    G. Avoine, E. Dysli, and P. Oechslin. Reducing time complexity in RFID systems. In B. Preneel and S. E. Tavares, editors, Selected Areas in Cryptography - SAC 2005, volume LNCS 3897, pp. 291–306, Springer, Berlin, 2005Google Scholar
  3. 3.
    S. Babbage, D. Catalano, L. Granboulan, A. Lenstra, C. Paar, J. Pelzl, T. Pornin, B. Preneel, M. Robshaw, A. Rupp, N. Smart, and M. Ward. ECRYPT Yearly Report on Algorithms and Keysizes (2004). Technical Report D.SPA.10, ECRYPT - European Network of Excellence in Crpytology, March 1, 2005. Revision 1.0. Available at http://www.ecrypt.eu.org/documents.html
  4. 4.
    L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, and I. Verbauwhede. Public key cryptography for RFID-tags. Printed Handout of Workshop on RFID Security - RFIDSec 06, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
  5. 5.
    L. Batina, N. Mentens, K. Sakiyama, B. Preneel, and I. Verbauwhede. Low-cost elliptic curve cryptography for wireless sensor networks. In L. Buttyán, V. D. Gligor, and D. Westhoff, editors, Security and Privacy in Ad-Hoc and Sensor Networks - ESAS 2006, volume LNCS 4357, pp. 6–17, Springer, Berlin, September 20–21, 2006CrossRefGoogle Scholar
  6. 6.
    L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, and I. Verbauwhede. Public-key cryptography for RFID-tags. In IEEE Conference on Pervasive Computing and Communications Workshops, PerCom 2007 Workshops, IEEE International Workshop on Pervasive Computing and Communication Security - PerSec 2007, pp. 217–222, New York, March 19–23, 2007, IEEE Computer Society Press, Washington, DC, 2007Google Scholar
  7. 7.
    L. Batina, N. Mentens, K. Sakiyama, B. Preneel, and I. Verbauwhede. Public-key cryptography on the top of a needle. In International Symposium on Circuits and Systems - ISCAS 2007, pp. 1831–1834, IEEE, New York, NY, May 27–20, 2007CrossRefGoogle Scholar
  8. 8.
    M. Bellare, C. Namprempre, and G. Neven. Security proofs for identity-based identification and signature schemes. In C. Cachin and J. Camenisch, editors, Advances in Cryptology -Eurocrypt 2004, volume LNCS 3027, pp. 268–286, Springer, Berlin, 2004Google Scholar
  9. 9.
    G. Bertoni, J. Guajardo, S.S. Kumar, G. Orlando, C. Paar, and T.J. Wollinger. Efficient GF(pm ) arithmetic architectures for cryptographic applications. In M. Joye, editors, Topics in Cryptology - CT-RSA 2003, volume LNCS 2612, pp. 158–175, Springer, Berlin, 2003CrossRefGoogle Scholar
  10. 10.
    T. Beth. Efficient zero-knowledge identification scheme for smart cards. In C.G. Günther, editor, Advances in Cryptology - EUROCRYPT'88, pp. 77-84, 1988Google Scholar
  11. 11.
    T. Beth and D. Gollmann. Algorithm engineering for public key algorithm. IEEE Journal on Selected Areas in Communications, 7(4): 458–465, May 1989CrossRefGoogle Scholar
  12. 12.
    I. Blake, G. Seroussi, and N.P. Smart. Elliptic Curves in Cryptography. London Mathematical Society Lecture Notes Series, Cambridge University Press, Cambridge, 1999MATHGoogle Scholar
  13. 13.
    M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener. Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security -A Report by an Ad Hoc Group of Cryptographers and Computer Scientists, January 1996. Available at http://theory.lcs.mit.edu/∼rivest/publications.html
  14. 14.
    D. Boneh and M.K. Franklin. Identity-based encryption from the weil pairing. SIAM Journal of Computing, 32(3): 586–615, 2003MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    S. Bono, M. Green, A. Stubblefield, A. Juels, A. Rubin, and M. Szydlo. Security analysis of a cryptographically enabled RFID device. In P. McDaniel, editors, USENIX Security Symposium - Security’05, pp. 1–16, Usenix, Berkeley, CA 2005Google Scholar
  16. 16.
    P. Bulens, G.M. de Dormale, and J.-J. Quisquater. Hardware for collision search on elliptic curve over GF (2m ). In Special-Purpose Hardware for Attacking Cryptographic Systems -SHARCS’06, Cologne, Germany, April 03–04, 2006Google Scholar
  17. 17.
    D. Carluccio, T. Kasper, and C. Paar. Implementation details of a multi purpose ISO 14443 RFID-tool. Printed Handout of Workshop on RFID Security - RFIDSec 06, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
  18. 18.
    D. Carluccio, K. Lemke, and C. Paar. Electromagnetic side channel analysis of a contactless smart card: First results. Printed Handout of Workshop on RFID Security - RFIDSec 06, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
  19. 19.
    Certicom Corp. Certicom ECC Challenge. Available at http://www.certicom.com/index. php?action=res\,ecc challenge
  20. 20.
    D.V. Chudnovsky and G.V. Chudnovsky. Sequences of numbers generated by addition in formal groups and new primality and factorization tests. Advances in Applied Mathematics, 7(4): 385–434, 1986MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    M. Ciet, J.-J. Quisquater, and F. Sica. A secure family of composite finite fields suitable for fast implementation of elliptic curve cryptography. In C. Pandu Rangan and C. Ding, editors, Progress in Cryptology - INDOCRYPT 2001, volume LNCS 2247, pp. 108–116. Springer, Berlin, 2001CrossRefGoogle Scholar
  22. 22.
    H. Cohen and G. Frey. Handbook of Elliptic and Hyperelliptic Curve Cryptography. Discrete Mathematics and Its Applications 34. Chapman & Hall/CRC, Boca Raton, FL, 2005Google Scholar
  23. 23.
    M. Feldhofer and C. Rechberger. A case against currently used hash functions in RFID protocols. Printed Handout of Workshop on RFID Security - RFIDSec 06, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
  24. 24.
    M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong authentication for RFID systems using the AES algorithm. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems - CHES 2004, volume LNCS 3156, pp. 357–370, Springer, Berlin, 2004Google Scholar
  25. 25.
    G. Frey. How to disguise an elliptic curve (Weil descent). Presentation given at the second Elliptic Curve Cryptography Workshop (ECC’98). Slides available at http://www.cacr. math.uwaterloo.ca/September 14–16, 1998
  26. 26.
    G. Frey, M. Müller, and H.-G. Rück. The tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Transactions on Information Theory, 45(5): 1717–1719, 1999MATHCrossRefGoogle Scholar
  27. 27.
    S.D. Galbraith and N.P. Smart. A cryptographic application of Weil descent. In M. Walker, editors, Cryptography and Coding - IMA Int. Conf., volume LNCS 1746, pp. 191–200. Springer, Berlin, 1999. The full version of the paper is HP Labs Technical Report, HPL-1999–70CrossRefGoogle Scholar
  28. 28.
    S.D. Galbraith, F. Hess, and N.P. Smart. Extending the GHS Weil descent attack. In Lars R. Knudsen, editors, Advances in Cryptology - EUROCRYPT 2002, volume LNCS 2332, pp. 29–44, Springer, Berlin, 2002CrossRefGoogle Scholar
  29. 29.
    G. Gaubatz, J.P. Kaps, and B. Sunar. Public key cryptography in sensor networks - revisited. In C. Castelluccia, H. Hartenstein, C. Paar, and D. Westhoff, editors, European Workshop on Security in Ad-Hoc and Sensor Networks - ESAS 2004, volume LNCS 3313, pp. 2–18, Springer, Berlin, August 6, 2004Google Scholar
  30. 30.
    G. Gaubatz, J.-P. Kaps, E. Özt ürk, and B. Sunar. State of the art in ultra-low power public key cryptography for wireless sensor networks. In IEEE International Workshop on Pervasive Computing and Communication Security - PerSec 2005, Kauai Island, Hawaii, March 2005Google Scholar
  31. 31.
    P. Gaudry. An algorithm for solving the discrete log problem on hyperelliptic curves. In B. Preneel, editors, Advances in Cryptology - EUROCRYPT 2000, volume LNCS 1807, pp. 19–34, Springer, Berlin, 2000CrossRefGoogle Scholar
  32. 32.
    P. Gaudry, F. Hess, and N.P. Smart. Constructive and destructive facets of weil descent on elliptic curves. Journal of Cryptology, 15(1): 19–46, 2002CrossRefMathSciNetGoogle Scholar
  33. 33.
    J. Goodman and A.P. Chandrakasan. An energy-efficient reconfigurable public-key cryptography processor. IEEE Journal of Solid-State Circuits, 36(11): 1808–1820 November 2001CrossRefGoogle Scholar
  34. 34.
    J. Guajardo and C. Paar. Itoh-Tsujii inversion in standard basis and its application in cryptography and codes. Designs, Codes and Cryptography, 25(2): 207–216, 2002MATHCrossRefMathSciNetGoogle Scholar
  35. 35.
    J. Guajardo, Sandeep S. Kumar, T. Kerins, and P. Tuyls. Finite field multipliers for area constrained environments. Presented at the second Benelux Workshop on Information and System Security - WISSEC 2007, September 20–21, 2007Google Scholar
  36. 36.
    T.E. G üneysu. Efficient Hardware Architectures for Solving the Discrete Logarithm Problem on Elliptic Curves. Diplomarbeit, Chair for Communication Security - Ruhr-Universit ät Bochum, January 31, 2006. Available at http://www.crypto.rub.de/theses.html
  37. 37.
    T. Güneysu, C. Paar, and J. Pelzl. On the security of elliptic curve cryptosystems against attacks with special-purpose hardware. In Special-Purpose Hardware for Attacking Cryptographic Systems - SHARCS’06, Cologne, Germany, April 03–04, 2006Google Scholar
  38. 38.
    D. Hankerson, A. Menezes, and S. Vanstone. Guide to Elliptic Curve Cryptography, Springer, Berlin, 2004MATHGoogle Scholar
  39. 39.
    R. Harley. Elliptic Curve Discrete Logarithms Project. Available at http://pauillac. inria.fr/∼harley/ecdl/December 2000. Website
  40. 40.
    F. Hess. The GHS attack revisited. In Eli Biham, editors, Advances in Cryptology - EURO-CRYPT 2003, volume LNCS 2656, pp. 374–387, Springer, Berlin, 2003Google Scholar
  41. 41.
    D.M. Hopkins, L.T. Kontnik, and M.T. Turnage. Counterfeiting Exposed: Protecting Your Brand and Customers. Business Strategy, Wiley, New York, NY, 2003Google Scholar
  42. 42.
    M. Hutter, M. Feldhofer, and S. Mangard. Power and EM attacks on passive 13.56 MHz RFID devices. In P. Paillier and I. Verbauwhede, editors, Cryptographic Hardware and Embedded Systems - CHES 2007, volume LNCS 4727, pp. 320–333, Springer, Berlin, September 10–13, 2007CrossRefGoogle Scholar
  43. 43.
    IEEE P1363–2000: IEEE Standard Specifications for Public Key Cryptography, 2000. Available at http://standards.ieee.org/catalog/olis/busarch.html
  44. 44.
    T. Itoh and S. Tsujii. A fast algorithm for computing multiplicative inverses in GF (2m ) using normal bases. Information and Computation, 78: 171–177, 1988MATHCrossRefMathSciNetGoogle Scholar
  45. 45.
    M. Jacobson, A. Menezes, and A. Stein. Solving elliptic curve discrete logarithm problems using Weil descent. Journal of the Ramanujan Mathematical Society, 16: 231–260, 2001 MATHMathSciNetGoogle Scholar
  46. 46.
    D. Johnson and A. Menezes. The elliptic curve digital signature algorithm (ECDSA). Technical Report CORR 99–34, Department of Combinatorics & Optimization, University of Waterloo, Canada, February 24, 2000. http://www.cacr.math.uwaterloo.ca
  47. 47.
    M. Joye and S.-M. Yen. The montgomery powering ladder. In B.S. Kaliski Jr., Ç.K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems - CHES 2002, volume LNCS 2523, pp. 291–302, Springer, Berlin, 2002Google Scholar
  48. 48.
    A. Juels and S.A. Weis. Authenticating pervasive devices with human protocols. In V. Shoup, editors, Advances in Cryptology - CRYPTO 2005, volume LNCS 3621, pp. 293–308, Springer, Berlin, 2005Google Scholar
  49. 49.
    J.-P. Kaps and B. Sunar. Energy comparison of aes and sha-1 for ubiquitous computing. In X. Zhou, O. Sokolsky, L. Yan, E.-S. Jung, Z. Shao, Y. Mu, D.C. Lee, D. Kim, Y.-S. Jeong, and C.-Z. Xu, editors, Emerging Directions in Embedded and Ubiquitous Computing - EUC 2006 Workshops: NCUS, SecUbiq, USN, TRUST, ESO, and MSA, volume LNCS 4097, pp. 372–381, Springer, Berlin, August 1–4, 2006CrossRefGoogle Scholar
  50. 50.
    A. Karatsuba and Y. Ofman. Multiplication of multidigit numbers on automata. Soviet Physics - Doklady, 7: 595–596, 1963Google Scholar
  51. 51.
    N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48: 203–209, 1988CrossRefMathSciNetGoogle Scholar
  52. 52.
    N. Koblitz. A family of Jacobians suitable for Discrete Log Cryptosystems. In S. Goldwasser, editors, Advances in Cryptology: Proceedings of CRYPTO’88, volume LNCS 403, pp. 94–99, Springer, Berlin, 1988Google Scholar
  53. 53.
    P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In N. Koblitz, editors, Advances in Cryptology: Proceedings of CRYPTO’96, volume LNCS 1109, pp. 104–113, Springer, Berlin, 1996Google Scholar
  54. 54.
    P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. Wiener, editors, Advances in Cryptology - CRYPTO’99, volume LNCS 1666, pp. 388–397, Springer, Berlin, 1999Google Scholar
  55. 55.
    S. Kumar and C. Paar. Are standards compliant elliptic curve cryptosystems feasible on RFID? Printed Handout of Workshop on RFID Security - RFIDSec 06, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
  56. 56.
    Y.K. Lee and I. Verbauwhede. A compact architecture for montgomery elliptic curve scalar multiplication processor. In Workshop on Information Security Applications - WISA 2007, LNCS, Springer, Berlin, August 27–29, 2007CrossRefGoogle Scholar
  57. 57.
    A.K. Lenstra. Key lengths. In H. Bidgoli, editor, Handbook of Information Security. Wiley Publishing, To appear. Electronically published on June30,2004. Available at http://cm.bell-labs.com/who/akl/index.html
  58. 58.
    A.K. Lenstra and E. Verheul. Selecting cryptographic key sizes. Journal of Cryptology, 14(4) : 255–293, December 2001MATHMathSciNetGoogle Scholar
  59. 59.
    J. López and R. Dahab. Fast multiplication on elliptic curves over GF(2m ). In Ç.K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems - CHES, volume LNCS 1717, pp. 316–327, Springer, Berlin, 1999Google Scholar
  60. 60.
    E.D. Mastrovito. VLSI Architectures for Computation in Galois Fields. PhD Thesis, Dept. Electrical Engineering, Link öping University, Link öping, Sweeden, 1991Google Scholar
  61. 61.
    M. Maurer, A. Menezes, and E. Teske. Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree. LMS Journal of Computation and Mathematics, 5: 127–174, 2002MATHMathSciNetGoogle Scholar
  62. 62.
    M. McLoone and M.J.B. Robshaw. Public key cryptography and RFID tags. In Topics in Cryptology - CT-RSA 2007, Volume LNCS 4377, springer, Berlin 2007Google Scholar
  63. 63.
    A. Menezes and M. Qu. Analysis of the Weil descent attack of Gaudry, Hess and Smart. In D. Naccache, editors, Topics in Cryptology - CT-RSA 2001, volume LNCS 2020, pp. 308–318, Springer, Berlin, 2001CrossRefGoogle Scholar
  64. 64.
    A. Menezes and E. Teske. Cryptographic implications of Hess’ generalized GHS attack. Applicable Algebra in Engineering, Communication and Computing, 16(6): 439–460, 2006MATHCrossRefMathSciNetGoogle Scholar
  65. 65.
    A. Menezes, T. Okamoto, and S.A. Vanstone. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory, 39(5): 1639–1646, 1993MATHCrossRefMathSciNetGoogle Scholar
  66. 66.
    A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography, CRC Press, Boca Raton, FL 1997MATHGoogle Scholar
  67. 67.
    A. Menezes, E. Teske, and A. Weng. Weak fields for ECC. In T. Okamoto, editors, Topics in Cryptology — CT-RSA 2004, volume LNCS 2964, pp. 366–386, Springer, Berlin, 2004Google Scholar
  68. 68.
    V.S. Miller. Use of elliptic curves in cryptography. In H.C. Williams, editors, Advances in Cryptology - CRYPTO’85, volume LNCS 218, pp. 417–426, Springer, Berlin, 1985Google Scholar
  69. 69.
    P. Montgomery. Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation, 48: 243–264, 1987MATHCrossRefMathSciNetGoogle Scholar
  70. 70.
    D. Naccache, N.P. Smart, and J. Stern. Projective coordinates leak. In C. Cachin and J. Camenisch, editors, Advances in Cryptology - EUROCRYPT 2004, volume LNCS 3027, pp. 257–267, Springer, Berlin, 2004Google Scholar
  71. 71.
    M. Neve, E. Peeters, D. Samyde, and J.-J. Quisquater. Memories: A survey of their secure uses in smart cards. In second International IEEE Security In Storage Workshop (IEEE SISW 2003), pp. 62–72, Washington DC, USA, 2003Google Scholar
  72. 72.
    G. Neven. Provably Secure Identity-Based Identification Schemes and Transitive Signatures. PhD Thesis, Faculteit Toegepaste Wetenschappen - Departement Computerwetenschappen, Afdeling Informatica. Katholieke Universiteit Leuven, Leuven, Belgium, 2004Google Scholar
  73. 73.
    T. Okamoto. Provably secure and practical identification schemes and corresponding signature schemes. In E.F. Brickell, editors, Advances in Cryptology - CRYPTO’92, volume LNCS 740, pp. 31–53, Springer, Berlin, 1992Google Scholar
  74. 74.
    Y. Oren and A. Shamir. Power analysis of RFID tags. Original Announcement at RSA Conference 2006, February 14th, 2006. Webpage available at http://www.wisdom.weizmann. ac.il/∼yossio/rfid/
  75. 75.
    Y. Oren and A. Shamir. Remote password extraction from RFID tags. IEEE Transactions on Computers, 56(9): 1292–1296, 2007CrossRefMathSciNetGoogle Scholar
  76. 76.
    E. Özturk, B. Sunar, and E. Savaş. Low-power elliptic curve cryptography using scaled modular arithmetic. In M. Joye and J.J. Quisquater, editors, Cryptographic Hardware in Embedded Systems - CHES 2004, volume LNCS 3156, pp. 92–106, Springer, Berlin, 2004Google Scholar
  77. 77.
    J.M. Pollard. Monte Carlo methods for index computation (mod p). Mathematics of Computation, 32: 918–924, 1978MATHCrossRefMathSciNetGoogle Scholar
  78. 78.
    T. Popp, S. Mangard, and E. Oswald. Power analysis attacks and countermeasures. IEEE Design and Test of Computers - Design and Test of ICs for Secure Embedded Computing, 24(6): 535–543, November-December 2007Google Scholar
  79. 79.
    PriceWatch.info. Price History of Athlon 3200+. Available at http://www.pricewatch. info/item/16909
  80. 80.
    RFID and UHF: A Prescription for RFID Success in the Pharmaceutical Industry. White paper, ADT/Tyco Fire and Security, Alien Technology, Impinj Inc., Intel Corporation, Symbol Technologies Inc., and Xterprice, June 2006Google Scholar
  81. 81. K. Sakiyama, L. Batina, N. Mentens, B. Preneel, and I. Verbauwhede. Small-footprint ALU for public-key processors for pervasive security. Printed Handout of Workshop on RFID Security - RFIDSec 06, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
  82. 82.
    C.-P. Schnorr. Efficient identification and signatures for smart cards. In Gilles Brassard, editor, Advances in Cryptology - CRYPTO '89, volume LNCS 435, pp. 239–252, Springer, Berlin, 1989Google Scholar
  83. 83.
    R. Schroeppel, C.L. Beaver, R. Gonzales, R. Miller, and T. Draelos. A low-power design for an elliptic curve digital signature chip. In Burton S. Kaliski Jr., Çetin Kaya Koç, and Christof Paar, editors, Cryptographic Hardware and Embedded Systems - CHES 2002, volume LNCS 2523, pp. 366–380, Springer, Berlin, 2002Google Scholar
  84. 84.
    S.P. Skorobogatov and R.J. Anderson. Optical fault induction attacks. In B.S. Kaliski Jr., Ç.K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems - CHES 2002, volume LNCS 2523, pp. 2–12, Springer, Berlin, 2002Google Scholar
  85. 85.
    N.P. Smart. How secure are elliptic curves over composite extension fields? In B. Pfitzmann, editors, Advances in Cryptology - EUROCRYPT 2001, volume LNCS 2045, pp. 30–39, Springer, Berlin, 2001CrossRefGoogle Scholar
  86. 86.
    L. Song and K.K. Parhi. Low energy digit-serial/parallell finite field multipliers. Kluwer Journal of VLSI Signal Processing Systems, 19(2): 149–166, 1998 Google Scholar
  87. 87.
    P. Tuyls and L. Batina. RFID-tags for anti-counterfeiting. In D. Pointcheval, editors, Topics in Cryptology - CT-RSA 2006, volume LNCS 3860, pp. 115–131, Springer, Berlin, February 13–17 2006CrossRefGoogle Scholar
  88. 88.
    P.C. van Oorschot and M.J. Wiener. Parallel collision search with cryptanalytic applications. Journal of Cryptology, 12(1): 1–28, 1999MATHCrossRefMathSciNetGoogle Scholar
  89. 89.
    J. Westhues. Demo: Cloning a Verichip. http://cq.cx/verichip.pl, Last updated: July 2006
  90. 90.
    J. Wolkerstorfer. Is elliptic-curve cryptography suitable to secure RFID tags?, 2005. Workshop on RFID and Lightweight Crypto, Graz, AustriaGoogle Scholar
  91. 91.
    J. Wolkerstorfer. Scaling ECC hardware to a minimum. In ECRYPT workshop - Cryptographic Advances in Secure Hardware - CRASH 2005, September 6–7 2005. Invited talkGoogle Scholar
  92. 92.
    H. Wu. Bit-parallel finite field multiplier and squarer using polynomial basis. IEEE Transactions on Computers, 51(7): 750–758, 2002CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Lejla Batina
    • 1
  • Jorge Guajardo
  • Bart Preneel
  • Pim Tuyls
  • Ingrid Verbauwhede
  1. 1.ESAT/COSICKatholieke Universiteit LeuvenBelgium

Personalised recommendations