Paper 2007/402

Robust, Anonymous RFID Authentication with Constant Key-Lookup

Mike Burmester, Breno de Medeiros, and Rossana Motta


A considerable number of anonymous RFID authentication schemes have been proposed. However, current proposals either do not provide robust security guarantees, or suffer from scalability issues when the number of tags issued by the system is very large. In this paper, we focus on approaches that reconcile these important requirements. In particular, we seek to reduce the complexity of identifying tags by the back-end server in anonymous RFID authentication protocols---what we term the key-lookup problem. We propose a compiler that transforms a generic RFID authentication protocol (supporting anonymity) into one that achieves the same guarantees with constant key-lookup cost even when the number of tags is very large (billions of tags and beyond). This approach uses a lightweight one-way trapdoor function and produces protocols that are suitable for deployment into current tag architectures. We then explore the issue of minimal assumptions required, and show that one-way trapdoor functions are necessary to achieve highly scalable, robustly secure solutions. We then relax the requirement of unlinkable anonymity, and consider scalable solutions that are provably secure and for which the loss of privacy is minimal.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
RFIDprivacyavailabilityscalabilityunlinkabilityrobust security.
Contact author(s)
burmester @ cs fsu edu
2007-10-21: received
Short URL
Creative Commons Attribution


      author = {Mike Burmester and Breno de Medeiros and Rossana Motta},
      title = {Robust, Anonymous RFID Authentication with Constant Key-Lookup},
      howpublished = {Cryptology ePrint Archive, Paper 2007/402},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.