Coupon Recalculation for the GPS Authentication Scheme

Transcription

1 Coupon Recalculation for the GPS Authentication Scheme Georg Hofferek an Johannes Wolkerstorfer Graz University of Technology, Institute for Applie Information Processing an Communications (IAIK), Inffelgasse 16a, 8010 Graz, Austria. Abstract. Equipping brane goos with RFID tags is an effective measure to fight the growing black market of counterfeit proucts. Asymmetric cryptography is the technology of choice to achieve strong authentication but suffers from its ample eman of area an power resources. The GPS authentication scheme showe that a coupon-base approach can cope with the limite resources of passive RFID tags. This article extens the iea of coupons by recalculating coupons uring the ile time of tags when they are powere but o not actively communicate. This approach relaxes latency requirements an allows to implement GPS harware using only 800 gate equivalents plus storage for 560 bytes. In the average case it has the same performance as the classical couponbase approach but oes not suffer its susceptibility to enial-of-service attacks. 1 Introuction Raio frequency ientification (RFID) is an emerging technology for optimizing logistic processes. Goos or pallets can be equippe with small an cheap RFID labels to give them an electronic ientity. RFID labels can be rea over air interfaces without irect line of sight. The main components of an RFID label are an antenna an an RFID tag. The minimalistic tag is a small chip containing an analog front-en which is connecte to the antenna an a igital part. The chip receives its power for operation over the same antenna which is use for communication. Thus, the available power buget is very small. The functionality of tags is very often limite to basic operations like sening a unique ID upon request. More sophisticate tags may contain sensors or memories for storing more information about the prouct they are attache to. A promising fiel of application for RFID tags is the authentication of goos to prove their genuineness. Proviing unique IDs is a first step but oes not The results presente in this article origin from the European Union fune FP7 project Brige (IST ).

2 solve the problem because the wireless air interface, which operates either on MHz (HF) or aroun 900 MHz (UHF), can be easily eavesroppe. Thus, an attacker coul obtain the UID of an original prouct an prouce an infinite number of clone tags having the same ientity. Cryptographic authentication will inhibit such counterfeiting of goos. This is a fast growing market because the economical amage of counterfeit proucts excees $600 billion annually [1]. During the last years many schemes have been propose to bring strong cryptographic authentication to RFID tags. These activities focuse on efficient harware implementation because RFID tags have fierce constraints regaring silicon area an power consumption. The first choice was implementing symmetric cryptography, which has small footprint. A major work by Felhofer et al. emonstrate the feasibility of implementing AES on passively powere RFID tags [4]. They achieve an AES encryption with a circuit complexity of 3500 gate equivalents taking 1000 clock cycles. On 0.35 µm CMOS technology, the encryption raws an average power of only 5 µw, which is well below the requirements of HF tags. Although symmetric cryptography can be implemente efficiently, it suffers from the key istribution problem. In orer to authenticate a prouct, the verifier must know the secret key. Thus, symmetric cryptography is only applicable in close systems but not in worl-wie logistic processes where not all involve parties are known in avance an in particular not all of them are truste. Asymmetric cryptography overcomes many shortcomings of symmetric cryptography but requires a lot more resources. Area requirements are at least three times higher an the computation time in terms of clock cycles is usually more than hunre times higher. Most research on asymmetric cryptography for RFID centere on elliptic-curve cryptography, which offers reasonable security for RFID systems with key lengths of 113 to 256 bits [16, 19]. The GPS authentication scheme, name after its authors Girault, Poupar, an Stern, offers the possibility to fill the gap between symmetric an asymmetric cryptography [5, 6]. GPS is a public-key-base zero-knowlege protocol which is similar to Schnorr s scheme but uses a composite RSA-like moulus n. GPS is stanarize in ISO/IEC [10]. There are also variants of GPS that are base on elliptic-curve cryptography. One of the remarkable properties of the GPS scheme is the possibility to use coupons. Coupons are lists of values which are neee uring authentication. These values o not epen on any input from the interrogator, so they can be precompute. That shifts the major computational loa from the time of protocol execution to e.g. prouction time of the tag. 2 will go into the etails of the GPS protocol. At this point it is only of interest that resource-constraine RFID tags can compute GPS authentications by having the ability to store a few coupons (each roughly between bits for reasonable parameters) an to compute (non-moular) integer operations (aition, multiplication) with operan sizes of bits. The coupon approach can be efficiently implemente in harware [12, 13]. The promising results of [12, 13] shoul not conceal profoun rawbacks of the approach. First, only a limite number of authentications is possible because 2

3 storage is costly. Precompute coupons have to be store in non-volatile memory at the time of personalization. RFID tags usually use EEPROM memory as non-volatile memory. Memory sizes are kept at minimum to keep the cost of the tags low. Thus, only a few to a ozen of coupons are reasonable. This opens the oor for enial-of-service attacks. Any RFID interrogator can request a GPS authentication from a tag, an few requests are sufficient to exhaust all coupons. This type of attack is ifficult to prevent because the tag has no notion of time to limit the number of requests per time interval, nor oes it have the possibility to authenticate interrogators. In orer to authenticate an interrogator the tag woul nee the same computational resources as the reaer. This woul nullify the avantages of the coupon approach. The coupon-recalculation approach presente in this article aresses these rawbacks. When RFID tags have the possibility to compute fresh GPS coupons uring their ile time, an unlimite number of authentications is possible. Moreover the storage requirements can be lowere to store just a few coupons. When the comprehensive number-theoretic computations are one in the ile time, an thus well ahea of the actual use of the result, the requirements for the harware change completely: Latency of the computation is no longer a key issue. Furthermore the processing can take comparatively long because RFID tags are usually long in the (electro-)magnetic fiel of the reaer in comparison to the actual interrogation time. This allows to rethink harware architectures for multi-precision moular arithmetic raically. We will show that tiny multiplyaccumulate structures are sufficient to compute strong public-key cryptography on RFID tags. The remainer of the article etails the GPS authentication scheme an the coupon-recalculation approach in 2. 3 sketches the propose harware architectures. 4 presents algorithmic etails an architectural etails of a igitserial approach optimize for small footprint an low power consumption. 5 presents achieve results an 6 conclues the article. 2 GPS Authentication 2.1 Basic Algorithm an Parameters GPS authentication is a zero-knowlege authentication protocol that allows small harware implementations of the prover wanting to assure its ientity. A thorough analysis of the GPS authentication scheme, incluing comparisons with similar schemes is given in [9]. There, mathematical properties an backgroun information are given, along with security consierations an references to almost all other literature about GPS. This section will only present the most important facts. The GPS protocol is epicte by Fig. 1. The prover first computes a commitment x, which is sent to the verifier. After having receive the verifier s challenge c, the prover calculates the response y, which can then be checke by the verifier. The parameters ρ, δ, an σ etermine the bit lengths of the ranom value r, the challenge c, an the secret key s, respectively. Common values are σ = 160, 3

4 Prover Moulus n = p q Base g Domain Parameters Verifier Moulus n = p q Base g Keys Private Key s : 0 s < 2 σ Public Key v = g s mo n Public Key v = g s mo n Protocol Choose r at ranom, 0 r < 2 ρ Calc. x = hash (g r mo n) x c Choose challenge c 0 c < 2 δ Calculate y = r (s c) y Check x =? hash ((g y v c ) mo n), if yes, accept prover; if no, reject prover. Fig. 1. Sketch of the basic GPS protocol, as stanarize in [10]. δ = 20, an ρ = σ + δ + 80 = 260. The composite moulus n shoul be at least 1024 bits long. The integer subtraction in the last step can be substitute by aition if the public key is change to v = g s mo n (cf. [15]). This simplifies the computation an allows an implementation of the prover without requiring signe numbers. The hash function shown in Fig. 1 is optional [10]. It mainly reuces banwith requirements for transmitting the commitment. In ultra-low footprint implementations it can be omitte. 2.2 Coupon Approach The computation of the commitment x oes not epen on any input from the verifier. This computation can alreay be one ahea of the actual protocol execution. This observation was mae by Girault in [7]. This paves the way for the so-calle coupon approach. A set of coupons (r i, x i ) can be precompute (e.g. at prouction time of the tag) an store in non-volatile memory. When the protocol interaction starts, the prover selects a coupon (r i, x i ) from memory an sens x i to the verifier. After receiving the challenge c, the prover can compute the response y = r i + s c. McLoone et al. use this approach in their implementations [12, 13]. They manage to implement the final integer operations on a 4

5 gps_application power ata power Coupon Recalculation Challenge-Response Authentication Fig. 2. Application scenario for the coupon recalculation approach. circuit size smaller than 1000 gate equivalents in less than 150 clock cycles by exploiting a special variant of GPS base on challenges with a low Hamming weight (cf. [8]). However, these implementations are susceptible to enial-of-service attacks. Once all coupons are use, the tag cannot authenticate itself any more. Due to the authentication being only unilateral a tag cannot etermine whether an authentication request from a reaer is warrantable or not. If a tag containe k coupons, an attacker coul isable the tag by requesting k authentications. Giving tags the ability to (re-)calculate coupons prevents such enial-of-service attacks. 2.3 GPS Coupon Recalculation Approach for RFID The coupon recalculation approach is an extension of the coupon approach. Whenever a tag is ile, but still supplie with power, it can use the time to compute new coupons to refill its coupon storage. RFID tags are powere rather long in comparison to the actual ata transmission times. Tags are in the electromagnetic fiel of reaers for secons, while the protocol interaction completes within millisecons. This also applies for high volume logistic processes like the one shown in Fig. 2. In situations where it is very likely that all coupons have been use an thus nee to be recalculate, RFID tags can be supplie with power before interrogation (see Fig. 2). Power supply requires only the transmission of the carrier frequency (e.g MHZ in HF systems). No sophisticate reaer circuitry is necessary to rive the powering antennas. A simple oscillator is sufficient as interrogator circuit because neither moulation nor emoulation is neee. The application scenario of coupon recalculation changes the requirements for the harware raically. In contrast to previous asymmetric cryptographic har- 5

6 ware neither latency nor throughput are of particular interest. Instea, harware implementations can focus on minimizing silicon area an power consumption. The footprint of the circuit is of particular interest because the circuit size has also an linear impact on the power consumption. Thus, the smallest possible harware suits the RFID requirements best. In orer to keep the computation time within limits, the metric A t P, which weighs area, time, an power equally, was use to fin an optimum harware architecture. Besies minimizing the area of the circuit it is also interesting to consier the maximum clock frequency f max. Although RFID tags clock their igital circuitry at low clock frequencies to keep the power consumption low, high f max can be use to accelerate coupon recalculation when a higher power buget is available. This is the case when a single goo has to be authenticate. In such a situation the reaer antenna is usually hel next to the RFID tag. The power ensity of electro-magnetic fiels are at least four times higher when halving the istance between the tag an the antenna. The igital circuit of RFID tags is almost ever optimize for worst-case situations at the far en of the reaer fiel. Detecting higher power ensities an exploiting them by increasing the clock frequency gives an RFID tag with GPS harware the possibility to improve the average performance. Anyhow, next we will analyze harware approaches assuming constant clock frequency. 3 Harware Architecture A harware implementation of the recalculation approach can focus on the power efficiency an on low footprint optimization. For computing a fresh coupon (r, x), a moular exponentiation x = g r mo n has to be compute. The square-anmultiply algorithm is the algorithm of choice for harware implementations, which computes x = log 2 r i=0 g iri. 3.1 Full-Precision Architecture An approach often use for (high-spee) harware is to use a bit-serial fullprecision multiplication to compute the moular multiplications an squarings. Many implementations even use igit-serial approaches to improve latency [3]. Most harware implementations use Montgomery multiplication [14] instea of normal integer multiplication an subsequent moular reuction. Montgomery multiplication simplifies moular reuction. Bit-serial multiplication scheules one operan at full precision, while the other one is processe bit by bit. The isavantage of this approach is that at least five full-precision registers are necessary. Three registers are neee for the multiplication: two for the input values, one for the (intermeiate) result; one register is neee to store an auxiliary variable which is necessary for implementing the square-an-multiply algorithm, an one register is neee to store the moulus. Assuming a moulus of 1024 bits, this woul mean that a full-precision architecture woul nee at least

7 flip-flops, or more than gate equivalents. After aing the necessary components for partial-prouct generation an accumulation, the complete atapath of a full-precision arithmetic unit requires approximately gate equivalents (not counting non-volatile memory for storing omain parameters). When sticking to full-precision architectures, there are no more significant improvements to be mae concerning the circuit s size. The size is mainly etermine by the storage requirements, which epen on the size of the moulus. It is thus reasonable to concentrate on igit-level arithmetic architectures that operate on smaller wor sizes, which will be iscusse in the next section. 3.2 Digit-Level Architecture Bit-serial or igit-serial harware architectures strive for improving performance. In the recalculation approach, performance is of seconary interest. This allows to use harware architectures with smaller footprint an lower power consumption. Multiply-accumulate structures known from signal processing an instruction-set extensions allow to implement multiple-precision arithmetic at minimal harware costs. Fig. 3 shows the architecture of a GPS-enhance RFID tag that uses a igitlevel arithmetic unit to implement multiply-an-accumulate operations. There are two obvious reasons why a igit-level approach ecreases the circuit s size: First the arithmetic unit itself is much smaller because its ata with is only that of one igit (8 to 64 bits), an not of full precision. Secon, the operans an temporary results can be store in a har-macro RAM, which is more area efficient than flip-flop-base storage. Most har-macro RAM circuits are offere either as single-port or ual-port memories. The little area expense of the secon port leas to great time savings in our application. Thus, a ual-porte RAM is use. One port reas a igit as input for the arithmetic unit while the other port is use to write back compute results at a ifferent aress. Non-volatile memory is also necessary, to store omain parameters (e.g. secret key, moulus) an coupons. A igital controller implements the necessary algorithms to perform the overall computation, by means of igit-level operations which are carrie out by the arithmetic unit. The arithmetic unit contains the actual atapath for performing the require operations. 4 etails the arithmetic unit. The with of the ata buses shown in Fig. 3 is equal to the igit size of the arithmetic unit. Thus one igit can be loae from an store to the RAM in every cycle. The igit size is a parameter fixe at synthesis time. Reasonable sizes are between 8 an 64 bits. Larger igit sizes seem impractical because the corresponing -igit multiplier woul be too large. Digit sizes below 8 bits also seem impractical since that woul cause too long computations. Computation time scales quaratically O(k 2 ) with the number of igits k = n to represent a multi-precision wor. 7

8 Non Volatile Memory Dual Porte RAM Aress, Data Rea Aress Write Aress RAM Rea Bus RAM Write Bus Analog Front En Clock, Data Digital Controller Control, Status, Data Arithmetic Unit Fig. 3. Overview of an RFID tag, enhance with a igit-level GPS architecture. 4 Arithmetic Unit The GPS arithmetic unit must be capable of performing moular exponentiation (x = g r mo n) for the coupon recalculation, an (non-moular integer) aition an multiplication (y = r + s c) for the response calculation uring protocol execution. Our approach computes moular exponentiation in a sequence of square-an-multiply operations, which are broken own to igit level. The implementation efficiency of (moular) multiplication is crucial for the GPS harware. It etermines the circuit size an its performance. 4.1 Digit-Level Montgomery Multiplication In our approach moular multiplication is implemente by Montgomery multiplication. There are several ways to break own Montgomery multiplication to igit-level operations. Five ifferent approaches have been analyze by Koç et al. in [11]. They iffer in how much primitive operations (igit aitions, igit multiplications, memory rea/write) an how much temporary memory they require. The one which seems most suitable for our work, ue to its low memory requirements an low number of operations, is referre to by Koç et al. as Coarsely integrate operan scanning (CIOS). [11] explains its etails very well. Basically the CIOS algorithm works as follows: The first igit of the first operan is multiplie with all igits of the secon operan to obtain a partial prouct. After that an interleave reuction step takes place by aing a multiple of the moulus to the partial prouct to make it ivisible by 2, an subsequently shifting the intermeiate result one igit to the right (= ivision by 2 ). Then the next accumulation step is execute: The next partial prouct (obtaine by multiplying the secon igit of the first operan with all igits of the secon operan) is ae to the intermeiate result. This is followe by 8

9 another interleave reuction step. These accumulation an reuction steps are repeate for all remaining igits of the first operan. 4.2 Analyzing Digit-Level Operations To perform the esire operations the arithmetic unit consists of two (or more) input registers (of size ) for the operans, an two output registers (of size ). Two output registers are necessary because igit-level operations can prouce results which are larger than the igit size; two output registers are also sufficient, since no atomic igit-level operation of the CIOS algorithm from [11] can prouce results larger than No extra carry registers are neee. The ominant operation performe uring one GPS protocol execution is moular exponentiation, which is broken own into multiplications (by means of squarean-multiply). Single multiplications are performe using the CIOS algorithm. The ominant operation in this algorithm lies within the accumulation step. This operation calculates the sum of three terms: The current value of the Output High register, one igit from RAM, an the prouct of two more igits from RAM; i. e. the result is D 1 + D 2 D 3 + H, where D i enote igits from RAM an H enotes the value of the Output High register at the time before the operation starts. All other (igit-level) operations (within the CIOS algorithm an within algorithms for multi-precision aition an multiplication) can be reuce to this operation. E.g. calculating just the prouct of two igits can be achieve by setting D 1 an H to 0. Our propose arithmetic unit is esigne to compute the operation D 1 + D 2 D 3 + H most efficiently. 4.3 Schematic The operation escribe above has three external inputs D 1, D 2, D 3, thus the most obvious architecture for an arithmetic unit has three input registers. For such a unit it woul be possible to wire the arithmetic components (multiplier, aer) in a way that the operation coul be execute within one single cycle. That is of course assuming that the input registers alreay hol the values D 1, D 2, D 3. Since only one igit per cycle can be loae from a RAM harmacro, spening the area for three input registers oes not bring real spee-up. Thus it is reasonable to use only two input registers. The schematic of the arithmetic unit is epicte in Fig. 4. A high-level moel written in Java prove the efficiency of the approach. An implementation in Verilog is use for synthesis. Both the high-level moel an the Verilog moel are parameterizable concerning the igit size. The -igit multiplier is implemente as pure combinational logic; its area eman scales quaratically with the igit size. However, since only small igit sizes will be consiere, this approach seems possible. Other multiplier architectures (e.g. bit-serial multiplication) woul require aitional resources (e.g. shift registers). They woul also complicate control an prolong execution time. It shoul be note that the implementation etails of the multiplier have been left to the synthesis tool. A simple assign c = a * b statement was put into the Verilog coe, so that the 9

10 RAM Rea Bus Input 1 Input 2 x en 2 2 Output High Output Low 2 RAM Write Bus Fig. 4. Schematic of the arithmetic unit with igit size. synthesis tool woul have the possibility to optimize the circuit while consiering area an clock constraints. The input register D 2 has aitional logic to be able to loa either a value coming from the RAM rea-bus (in), or one of the two constant values ( ) 2 = 0 an ( ) 2 = 1. The reason for this is explaine in the next section. Although Fig. 4 shows a multiplexer, the most efficient implementation which achieves this behavior consists of AND gates an one OR gate. Another possibility woul be to store the constants ( ) 2 = 0 an ( ) 2 = 1 in memory an loa them from there. This approach oes not nee aitional logic in the arithmetic unit but the minimum size of the memory is increase by two entries. Furthermore the execution time of the overall computation will be increase with this approach because loaing constant values into the secon input register allocates the rea bus of the memory. Meanwhile, no meaningful operation of the atapath is possible. 10

11 Table 1. Comparison of synthesis results of the arithmetic unit (not incluing RAM) for ifferent CMOS technologies, an two ifferent igit sizes. Digit Size: 32 bits (RAM for 151 igits neee, approx. 4.7 million clock cycles necessary for computing one coupon) Area Critical Technology [µm 2 ] Path [ns] AMS 0.35 [2] UMC 0.25 [18] UMC 0.13 [17] Digit Size: 8 bits (RAM for 560 igits neee, approx million clock cycles necessary for computing one coupon) Area Critical Technology [µm 2 ] Path [ns] AMS UMC UMC Let us now investigate how the arithmetic unit epicte in Fig. 4 can be use to compute the moular exponentiation x = g r mo n. As it has been explaine, exponentiation is broken own to moular multiplication by the square-anmultiply approach. These multiplications are in turn broken own to igit-level operations. The ominant igit-level operation is D 1 + D 2 D 3 + H, as escribe in 4.2, where D i enote igits in RAM an H enotes the current value of the Output High Register. The sum D 1 + H can be accumulate in two steps by means of the feeback loops shown in Fig. 4. While oing so, the Input 1 register is loae with the constant value ( ) 2 = 1. That way the multiplier output is 1 times its left input. Then in the thir step the values D 2, D 3 are loae to the input registers an the prouct D 2 D 3 is ae to the intermeiate result D 1 + H, thus resulting in the final result D 1 + D 2 D 3 + H. All other igit-level operations are performe in a similar way. 5 Results Our implementation of an arithmetic unit for coupon recalculation of the GPS authentication scheme is parameterizable with respect to the igit size. Smaller igit sizes lea to smaller arithmetic units, but the time necessary to complete one authentication increases heavily with smaller igit sizes. The number of necessary igit-level operations is roughly proportional to the square of the number of igits per operan. Therefore in our opinion igit sizes below 8 bit are unpractical, consiering that the full-precision size of the operans is (at least) 1024 bits. Table 1 shows the synthesis results for the implementation of the arithmetic unit. For synthesis the PKS Shell from Caence was use. Three ifferent CMOS technologies have been use: A 0.35 µm CMOS technology from austriamicrosystems [2], an a 0.25 µm an a 0.13 µm CMOS technology from UMC [17, 18]. The critical path of the circuit is very short, ue to the small arithmetic components, which are only of igit size. That means that it coul be clocke very fast; frequencies up to 290 MHz are possible with UMC 0.13 µm CMOS technology. This opens a wie winow of possibilities for operation. When operate at 11

12 Fig. 5. Layout of the GPS arithmetic unit (igit size: 8 bits) after place-an-route. very low clock frequencies (e.g. 100 khz), the circuit consumes very little power (6.25 µw). We have performe a power simulation of the arithmetic unit (igit size: 8 bit), using the near-spice simulator Nanosim from Synopsys. The circuit was first synthesize for AMS 0.35 µm CMOS technology with PKS Shell, then place an route with First Encounter. The resulting layout can be seen in figure 5. A netlist for Nanosim was extracte with Assura from the layout after place-an-route. The simulation reveals that the arithmetic unit consumes approximately 2.5 µa when clocke with 100 khz. Thus, with 2.5 V supply voltage, the power consumption is 6.25 µw. This is comparable to the results of Felhofer et al. for AES [4]. They use the same CMOS technology an their AES implementation consumes 5 µw. When raising the supply voltage to 3.3 V the performance of the circuit improves. It can be clocke with frequencies up to 125 MHz. At 125 MHz an 3.3 V supply voltage, the circuit raws a current of 3.2 ma. That means that if more power is available the computation can be spe up by a factor of 1250, compare to operation at 100 khz. 12

13 The synthesis of the 8-bit arithmetic unit requires approximately 800 gate equivalents. After place-an-route the circuit takes up an area of approximately µm 2. In aition, it woul require a RAM har-macro capable of storing 560 bytes. In comparison, the smallest implementation by McLoone et al. [12, 13] requires only 431 gate equivalents. However their implementation can only compute the response y = r + s c in the last step of the GPS protocol, whereas our circuit is capable of calculating the moular exponentiation x = g r mo n to compute new coupons on-tag. Of course our implementation can also be use to calculate the response y. When using stanar sizes for the parameters (cf. 2.1) this calculation takes 627 cycles, incluing time to loa the operans to RAM. 33 of these cycles can be save if a fresh coupon has been compute immeiately before an thus the ranom value r is alreay present in RAM. 6 Conclusion This paper introuce the coupon recalculation approach, which is an area- an power-efficient way to exten the coupon approach of the GPS authentication scheme. During the ile time of RFID tags, fresh coupons are compute for future authentication requests. A full-precision arithmetic unit woul require approximately gate equivalents, plus approximately 2200 bits of nonvolatile memory to store keys an omain parameters (if typical values for GPS parameters are use). Our igit-level approach makes use of an arithmetic unit, which requires only approximately 800 GE for a igit size of 8 bits. In aition RAM resources for storing 560 bytes are neee. One coupon calculation takes about 66.6 million clock cycles, an the maximum clock frequency of the circuit on UMC 0.13 µm CMOS technology is approximately 290 MHz. The approach is very flexible an can be use either when very little power is available (i.e. low clock frequency, longer execution time). When more power is available, the computation can be accelerate by increasing the clock frequency. Up to four coupons can be compute per secon uner such conitions (290 MHz). References 1. ADT Tyco Fire & Security, Alien Technology, Impinj Inc., Intel Corporation, Symbol Technologies, an Xterprise. RFID an UHF A Prescription for RFID Success in the Pharmaceutical Inustry. White paper, austriamicrosystems. 0.35µm CMOS Process Stanar-Cell Library. austriamicrosystems.com/atabooks/inex c35.html. 3. T. Blum an C. Paar. Montgomery moular exponentiation on reconfigurable harware. In Koren an Kornerup, eitors, Proceeings of the 14th IEEE Symposium on Computer Arithmetic (Aelaie, Australia), pages 70 77, Los Alamitos, CA, IEEE Computer Society Press. 4. M. Felhofer, J. Wolkerstorfer, an V. Rijmen. AES implementation on a grain of san. IEEE Proceeings on Information Security, 152(1):13 20, October

14 5. M. Girault. An ientiy-base ientification scheme base on iscrete logarithms moulo a composite number. In I. Daamgar, eitor, Avances in Cryptology Eurocrypt 90, number 473 in Lecture Notes in Computer Science, pages Springer, M. Girault. Self-certifie public keys. In D. Davies, eitor, Avances in Cryptology Eurocrypt 91, number 547 in Lecture Notes in Computer Science, pages Springer, April M. Girault. Low-size coupons for low-cost ic cars. In Smart Car Research an Avance Applications, Proceeings of the Fourth Working Conference on Smart Car Research an Avance Applications, CARDIS 2000, September 20-22, 2000, Bristol, UK, volume 180 of IFIP Conference Proceeings, pages Kluwer, ISBN M. Girault an D. Lefranc. Public key authentication with one (online) single aition. In Cryptographic Harware an Embee Systems CHES 2004, volume 3156 of Lecture Notes in Computer Science, pages Springer, ISBN M. Girault, G. Poupar, an J. Stern. On the fly authentication an signature schemes base on groups of unknown orer. Journal of Cryptology, 19(4): , October ISO/IEC. International Stanar ISO/IEC 9798 Part 5: Mechanisms using zeroknowlege techniques, December C. K. Koç, T. Acar, an B. J. Kaliski. Analyzing an comparing Montgomery multiplication algorithms. IEEE Micro, 16(3):26 33, June M. McLoone an M. Robshaw. Public key cryptography an RFID tags. In Topics in Cryptology CT-RSA 2007, volume 4377 of Lecture Notes in Computer Science. Springer, ISBN M. McLoone an M. J. B. Robshaw. New architectures for low-cost public key cryptography on RFID tags. In IEEE International Symposium on Circuits an Systems, ISCAS 2007, pages , May P. L. Montgomery. Moular multiplication without trial ivision. In Mathematics of Computation, volume 44, pages , NESSIE. Final report of European project number IST , name new european schemes for signatures, integrity, an encryption. esat.kuleuven.be/nessie/bookv015.pf, April P. Tuyls an L. Batina. RFID-Tags for Anti-counterfeiting. In D. Pointcheval, eitor, Topics in Cryptology - CT-RSA 2006, The Cryptographers Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceeings, volume 3860 of Lecture Notes in Computer Science, pages Springer, UMC. UMC stanar cell library 130 nm CMOS process. 18. UMC. UMC stanar cell library 250 nm CMOS process. 19. J. Wolkerstorfer. Is Elliptic-Curve Cryptography Suitable for Small Devices? In Workshop on RFID an Lightweight Crypto, July 13-15, 2005, Graz, Austria, pages 78 91,