Implementing Public-Key Cryptography on Passive RFID Tags is Practical

Avishai Wool

Passive RFID tags have long been thought to be too weak to implement public-key cryptography: it is commonly assumed that the power consumption, gate count and computation time of full-strength encryption exceed the capabilities of RFID tags. In this paper we demonstrate that these assumptions are incorrect. We present two low-resource implementations of a 1024-bit Rabin encryption variant called WIPR–in embedded software and in hardware. Our experiments with the software implementation show that the main performance bottleneck of the system is not the encryption time but rather the air interface, and that the reader’s implementation of the EPC Class-1 Generation-2 RFID (C1G2) standard has a crucial effect on the system’s overall performance. Next, using a highly-optimized hardware implementation, we investigate the tradeoffs between speed, area and power consumption to derive a practical working point for a hardware implementation of WIPR. Our recommended implementation has a data path area of 4184 gate equivalents (GEs), an encryption time of 180ms and an average power consumption of 11µW, well within the established operating envelope for passive RFID tags.