Cryptology ePrint Archive: Report 2010/132

On the claimed privacy of EC-RAC III

Junfeng Fan and Jens Hermans and Frederik Vercauteren

Abstract: In this paper we show how to break the most recent version of EC-RAC with respect to privacy. We show that both the ID-Transfer and ID&PWD-Transfer schemes from EC-RAC do not provide the claimed privacy levels by using a man-in-the-middle attack. The existence of these attacks voids the presented privacy proofs for EC-RAC.

Category / Keywords: RFID, identification protocols, elliptic curve cryptosystem

Date: received 9 Mar 2010, last revised 10 Mar 2010

Contact author: fanjunfeng at gmail com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20100310:091745 (All versions of this report)

Short URL: ia.cr/2010/132

Discussion forum: Show discussion | Start new discussion