An ECDSA Processor for RFID Authentication

  • Michael Hutter
  • Martin Feldhofer
  • Thomas Plos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6370)


In the last few years, a lot of research has been made to bring asymmetric cryptography on low-cost RFID tags. Many of the proposed implementations include elliptic-curve based coprocessors to provide entity-authentication services through for example identification schemes. This paper presents first results of an 192-bit Elliptic Curve Digital Signature Algorithm (ECDSA) processor that allows both entity and also message authentication by digitally signing challenges from a reader. The proposed architecture enhances the state-of-the-art in designing a low-resource ECDSA-enabled RFID hardware implementation. A tiny microcontroller is integrated to provide protocol scalability and re-use of common algorithms. The proposed processor signs a message within 859 188 clock cycles (127,ms at 6.78,MHz) and has a total chip size of 19 115 gate equivalents.


Radio-Frequency Identification VLSI Design Elliptic Curves ECDSA Authentication Digital Signatures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: Public-Key Cryptography for RFID-Tags. In: Workshop on RFID Security 2006 (RFIDSec 2006), Graz, Austria (July 12-14, 2006)Google Scholar
  2. 2.
    Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 6–17. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Bock, H., Braun, M., Dichtl, M., Hess, E., Heyszl, J., Kargl, W., Koroschetz, H., Meyer, B., Seuschek, H.: A Milestone Towards RFID Products Offering Asymmetric Authentication Based on Elliptic Curve Cryptography. Invited talk at RFIDsec (July 2008)Google Scholar
  4. 4.
    Brier, E., Joye, M.: Weierstraß Elliptic Curves and Side-Channel Attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Ebeid, N., Lambert, R.: Securing the Elliptic Curve Montgomery Ladder Against Fault Attacks. In: Proceedings of Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, Lausanne, Switzerland, pp. 46–50 (September 2009)Google Scholar
  7. 7.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Fürbass, F., Wolkerstorfer, J.: ECC Processor with Low Die Size for RFID Applications. In: Proceedings of 2007 IEEE International Symposium on Circuits and Systems. IEEE, Los Alamitos (May 2007)Google Scholar
  9. 9.
    Großschädl, J., Savacs, E.: Instruction Set Extensions for Fast Arithmetic in Finite Fields GF(p) and GF(2m). In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 133–147. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Hachez, G., Quisquater, J.-J.: Montgomery exponentiation with no final subtractions: Improved results. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 91–100. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Hein, D., Wolkerstorfer, J., Felber, N.: ECC is Ready for RFID A Proof in Silicon. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 401–413. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Hutter, M., Medwed, M., Hein, D., Wolkerstorfer, J.: Attacking ECDSA-Enabled RFID Devices. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009, vol. 5536, pp. 519–534. Springer, Heidelberg (May 2009)Google Scholar
  13. 13.
    International Organisation for Standardization (ISO). Information Technology - Security Techniques - Entity authentication mechanisms - Part 3: Entity authentication using a public key algorithm (1993)Google Scholar
  14. 14.
    International Organisation for Standardization (ISO). ISO/IEC 7816-4: Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 4: Interindustry commands for interchange (1995),
  15. 15.
    Izu, T., Möller, B., Takagi, T.: Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 296–313. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Kaliski, B.: The Montgomery Inverse and its Applications. IEEE Transactions on Computers 44(8), 1064–1065 (1995)zbMATHCrossRefGoogle Scholar
  18. 18.
    Kumar, S.S., Paar, C.: Are standards compliant Elliptic Curve Cryptosystems feasible on RFID? In: Workshop on RFID Security 2006 (RFIDSec 2006), Graz, Austria, July 12-14 (2006)Google Scholar
  19. 19.
    Lee, Y.K., Sakiyama, K., Batina, L., Verbauwhede, I.: Elliptic-Curve-Based Security Processor for RFID. IEEE Transactions on Computers 57(11), 1514–1527 (2008)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Lee, Y.K., Verbauwhede, I.: A Compact Architecture for Montgomery Elliptic Curve Scalar Multiplication Processor. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 115–127. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Meloni, N.: Fast and Secure Elliptic Curve Scalar Multiplication Over Prime Fields Using Special Addition Chains. Cryptology ePrint Archive, Report 2006/216 (2006)Google Scholar
  22. 22.
    Montgomery, P.L.: Modular Multiplication without Trial Division. Mathematics of Computation 44, 519–521 (1985)zbMATHMathSciNetGoogle Scholar
  23. 23.
    National Institute of Standards and Technology (NIST). FIPS-186-2: Digital Signature Standard (DSS) (January 2000),
  24. 24.
    Öztürk, E., Sunar, B., Savas, E.: Low-Power Elliptic Curve Cryptography Using Scaled Modular Arithmetic. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 92–106. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Satoh, A., Takano, K.: A Scalable Dual-Field Elliptic Curve Cryptographic Processor. IEEE Transactions on Computers 52(4), 449–460 (2003)CrossRefGoogle Scholar
  26. 26.
    Schroeppel, R., Beaver, C., Gonzales, R., Miller, R., Draelos, T.: A Low-Power Design for an Elliptic Curve Digital Signature Chip. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 366–380. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Wolkerstorfer, J.: Is Elliptic-Curve Cryptography Suitable for Small Devices? In: Workshop on RFID and Lightweight Crypto, Graz, Austria, July 13-15, pp. 78–91 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Michael Hutter
    • 1
  • Martin Feldhofer
    • 1
  • Thomas Plos
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations