A Case Against Currently Used Hash Functions in RFID Protocols

  • Martin Feldhofer
  • Christian Rechberger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4277)


Designers of RFID security protocols can choose between a wide variety of cryptographic algorithms. However, when implementing these algorithms on RFID tags fierce constraints have to be considered. Looking at the common assumption in the literature that hash functions are implementable in a manner suitable for RFID tags and thus heavily used by RFID security protocol designers we claim the following. Current standards and state-of-the-art low-power implementation techniques favor the use of block ciphers like the Advanced Encryption Standard (AES) instead of hash functions from the SHA family as building blocks for RFID security protocols. In turn, we present a low-power architecture for the widely recommended hash function SHA-256 which is the basis for the smallest and most energy-efficient ASIC implementation published so far. To back up our claim we compare the achieved results with the smallest available AES implementation. The AES module requires only a third of the chip area and half of the mean power. Our conclusions are even stronger since we can show that smaller hash functions like SHA-1, MD5 and MD4 are also less suitable for RFID tags than the AES. Our analysis of the reasons of this result gives some input for future hash function designs.


Hash Function Clock Cycle Block Cipher Advance Encryption Standard Advance Encryption Standard Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Choi, E.Y., Lee, S.-M., Lee, D.H.: Efficient RFID Authentication Protocol for Ubiquitous Computing Environment. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 945–954. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Dadda, L., Macchetti, M., Owen, J.: The Design of a High Speed ASIC Unit for the Hash Function SHA-256 (384, 512). In: 2004 Design, Automation and Test in Europe Conference and Exposition (DATE 2004), vol. 3, pp. 70–75. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  3. 3.
    Dimitriou, T.: A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), Athens, Greece, September 2005, pp. 59–66. IEEE Computer Society Press, Los Alamitos (2005)CrossRefGoogle Scholar
  4. 4.
    Dominkus, S.: A hardware implementation of MD4-family hash algorithms. In: 9th IEEE International Conference on Electronics, Circuits and Systems, October 2002, vol. 3, pp. 1143–1146. IEEE Computer Society Press, Los Alamitos (2002)CrossRefGoogle Scholar
  5. 5.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES Implementation on a Grain of Sand. IEE Proceedings on Information Security 152(1), 13–20 (2005)CrossRefGoogle Scholar
  7. 7.
    Henrici, D., Müller, P.: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), March 2004, pp. 149–153. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  8. 8.
    Kaps, J.-P., Sunar, B.: Energy comparison of AES and SHA-1 for ubiquitous computing. In: 2nd IFIP International Symposium on Network Centric Ubiquitous Systems (NCUS 2006). LNCS, Springer, Heidelberg (2006)Google Scholar
  9. 9.
    Lee, Y., Verbauwhede, I.: Secure and Low-cost RFID Authentication Protocols. In: 2nd IEEE Workshop on Adaptive Wireless Networks (AWiN) (2005)Google Scholar
  10. 10.
    National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), available online at
  11. 11.
    National Institute of Standards and Technology (NIST). FIPS-180-2: Secure Hash Standard (August 2002), available online at
  12. 12.
    Pramstaller, N., Aigner, M.: A Universal and Efficient SHA-256 Implementation for FPGAs. In: Austrochip 2004, pp. 89–93 (2004) ISBN 3-200-00211-5 Google Scholar
  13. 13.
    Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 70–84. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Satoh, A., Inoue, T.: ASIC-Hardware-Focused Comparison for Hash Functions MD5, RIPEMD-160, and SHS. In: International Symposium on Information Technology: Coding and Computing (ITCC 2005), vol. 1, pp. 532–537. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  15. 15.
    Sklavos, N., Koufopavlou, O.: Implementation of the SHA-2 Hash Family Standard Using FPGAs. The Journal of Supercomputing 31(3), 227–248 (2005)zbMATHCrossRefGoogle Scholar
  16. 16.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Martin Feldhofer
    • 1
  • Christian Rechberger
    • 1
  1. 1.Institute for Applied Information Processing and CommunicationsGraz University of TechnologyGrazAustria

Personalised recommendations