SPAKE: A Single-Party Public-Key Authenticated Key Exchange Protocol for Contact-Less Applications

  • Jean-Sébastien Coron
  • Aline Gouget
  • Pascal Paillier
  • Karine Villegas
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6054)


SPAKE is a cryptographic protocol that provides lightweight transactions in contact-less applications. In this protocol a verifier (a reader or terminal) authenticates a prover (a contact-less card) relative to a certification authority. Additionally, the prover and the verifier must establish a session key for secure messaging. Contrarily to previous solutions such as Mifare, the protocol is asymmetric in order to allow SAM-less, low cost readers. Because contact-less transactions are subject to very strong time limitations, the protocol also achieves high-speed computations while providing a customizable security level.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 139. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 26. Springer, Heidelberg (1998)Google Scholar
  4. 4.
    Technical documents available,
  5. 5.
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is Secure under the RSA Assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 260. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Coron, J.S., Patarin, J., Seurin, Y.: The Random Oracle Model and the Ideal Cipher Model are Equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1–20. Springer, Heidelberg (2008)Google Scholar
  7. 7.
    European Network of Excellence ECRYPT, Yearly Report on Algorithms and Keysizes (2007-2008),
  8. 8.
    Lenstra Jr., H.W.: Factoring Integers with Elliptic Curves. Ann. Math. 126, 649–673 (1987)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Lenstra, A.K., Lenstra Jr., H.W.: The development of the number field sieve. Lecture Notes in Math, vol. 1554. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  10. 10.
    Girault, M., Poupard, G., Stern, J.: On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order. Journal of Cryptology 19(4), 463–487 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    NXP Semiconductors. MF1ICS70 functional specification (January 2008),
  12. 12.
    Nohl, K., Plötz, H.: Little Security, Despite Obscurity. In: Chaos Communication CongressGoogle Scholar
  13. 13.
    Nohl, K.: Mifare security. In: Chaos Communication CongressGoogle Scholar
  14. 14.
    Courtois, N., Nohl, K., O’Neil, S.: Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive,
  15. 15.
    Courtois, N.: Conditional Multiple Differential Attack on MiFare Classic. In: Rump session of Eurocrypt 2009 (2009)Google Scholar
  16. 16.
    SAGE mathematics library,
  17. 17.
    Shamir, A.: RSA for paranoids. CryptoBytes 1, 1–4 (1995)Google Scholar
  18. 18.
    Sony Global - FeliCa Web Site, Technical documents available,
  19. 19.
    Zimmermann, P.: The ECMNET Project,
  20. 20.
    Zimmermann, P., Dodson, B.: 20 Years of ECM. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 525–542. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
  • Aline Gouget
    • 2
    • 3
  • Pascal Paillier
    • 2
    • 3
  • Karine Villegas
    • 3
  1. 1.University of Luxembourg 
  2. 2.CryptoExperts 
  3. 3.Gemalto Security Labs 

Personalised recommendations