Squealing Euros: Privacy Protection in RFID-Enabled Banknotes

  • Ari Juels
  • Ravikanth Pappu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2742)


Thanks to their broad international acceptance and availability in high denominations, there is widespread concern that Euro banknotes may provide an attractive new currency for criminal transactions. With this in mind, the European Central Bank has proposed to embed small, radio-frequency-emitting identification (RFID) tags in Euro banknotes by 2005 as a tracking mechanism for law enforcement agencies. The ECB has not disclosed technical details regarding its plan. In this paper, we explore some of the risks to individual privacy that RFID tags embedded in currency may pose if improperly deployed. Acknowledging the severe resource constraints of these tags, we propose a simple and practical system that provides a high degree of privacy assurance. Our scheme involves only elementary cryptography. Its effectiveness depends on a careful separation of the privileges offered by optical vs. radio-frequency contact with banknotes, and full exploitation of the limited access-control capabilities of RFID tags.


Banknotes cryptography RFID privacy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Security technology: Where’s the smart money? The Economist, pp. 69–70, February 9 (2002)Google Scholar
  2. 2.
    European Central Bank Euro FAQ (2002), Euro circulation discussed at
  3. 3.
    Registry of Motor Vehicles reforms: Progress report III (2002), Available at
  4. 4.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Shacham, H., Lynn, B.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Brands, S.: Untraceable off-line cash in wallets with observers (extended abstract). In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  7. 7.
    Brickell, E., Gemmell, P., Kravitz, D.: Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In: SODA 1995, pp. 157– 166 (1995)Google Scholar
  8. 8.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  9. 9.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  10. 10.
    Atmel Corporation. Atmel TK5552 data sheet (2001), Available at
  11. 11.
    Epson corporation. Epson cheque-imaging scanner: TM-H6000II with TransScan (2002), Specifications available at
  12. 12.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)CrossRefzbMATHGoogle Scholar
  14. 14.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comp. Sys. Sci. 28(1), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Jakobsson, M.: Privacy vs. Authenticity. PhD thesis, University of California at San Diego (1997)Google Scholar
  17. 17.
    Sarma, S.: Towards the five-cent tag. Technical Report MIT-AUTOID-WH-006, MIT Auto ID Center (2001), Available from
  18. 18.
    Sarma, S.: Radio-frequency identification systems. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003) (to appear)CrossRefGoogle Scholar
  19. 19.
    Shamir, A.: How to share a secret. Communications of the Association for Computing Machinery 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Stajano, F., Anderson, R.: The resurrecting duckling: Security issues for adhoc wireless networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 172–194. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Takaragi, K., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An ultra small individual recognition security chip. IEEE Micro. 21(6), 43–49 (2001)CrossRefGoogle Scholar
  22. 22.
    Wallace, C.P.: The color of money. Time Europe 158(11) (September 10 2001)Google Scholar
  23. 23.
    Yoshida, J.: Euro bank notes to embed RFID chips by 2005. EE Times (December 19 2001), Available at

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Ari Juels
    • 1
  • Ravikanth Pappu
    • 2
  1. 1.RSA LaboratoriesBedfordUSA
  2. 2.ThingMagic, LLCUSA

Personalised recommendations