International Association
for Cryptologic Research

Peris-Lopez et al. recently provides some guidelines that should be followed to

design a secure yoking-proof protocol. In addition, conforming to those guidelines and

EPC C1 G2, they presented a yoking-proof for low-cost RFID tags, named Kazahaya. However,

in this letter, we scrutinize its security showing how an passive adversary can retrieve secret

parameters of patient\'s tag in cost of O(216) o-line PRNG evaluations. Given the tag\'s secret

parameters, any security claims are ruined. Nevertheless, to show other weaknesses of the

protocol and rule out any possible improvement by increasing the length of the used PRNG,

we presented a forgery attack that shows that a proof generated at time tn can be used to

forge a valid proof for any desired time tj . The success probability of this attack is `1\' and the

complexity is negligible.