On the Security of the Algebraic Eraser Tag Authentication Protocol

Conference paper

DOI: 10.1007/978-3-319-39555-5_1

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9696)
Cite this paper as:
Blackburn S.R., Robshaw M.J.B. (2016) On the Security of the Algebraic Eraser Tag Authentication Protocol. In: Manulis M., Sadeghi AR., Schneider S. (eds) Applied Cryptography and Network Security. ACNS 2016. Lecture Notes in Computer Science, vol 9696. Springer, Cham


The Algebraic Eraser has been gaining prominence as SecureRF, the company commercializing the algorithm, increases its marketing reach. The scheme is claimed to be well-suited to IoT applications but a lack of detail in available documentation has hampered peer-review. Recently more details of the system have emerged after a tag authentication protocol built using the Algebraic Eraser was proposed for standardization in ISO/IEC SC31 and SecureRF provided an open public description of the protocol. In this paper we describe a range of attacks on this protocol that include very efficient and practical tag impersonation as well as partial, and total, tag secret key recovery. Most of these results have been practically verified, they contrast with the 80-bit security that is claimed for the protocol, and they emphasize the importance of independent public review for any cryptographic proposal.


Algebraic Eraser Cryptanalysis Tag authentication IoT 

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Information Security GroupRoyal Holloway University of LondonEghamUK
  2. 2.ImpinjSeattleUSA

Personalised recommendations