International Association for Cryptologic Research

Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and access to the full text. On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely map of contemporary research in cryptology. All entries or changes need to be approved by an editor. You can contact them via phds (at)


Michael Hutter (#624)
Name Michael Hutter
Personal Homepage
Topic of his/her doctorate. Secure and Efficient Implementation of RFID Tags Supporting Cryptography
Category implementation
Keywords Implementation Attacks, Side-Channel Attacks, Fault Analysis, RFID, Elliptic Curves, VLSI
Year of completion 2011
Abstract Radio Frequency Identification (RFID) is a wireless communication technology that has gained a lot of importance in the last decade. This thesis focuses on security aspects of the RFID technology and has been structured into two main parts. The first part analyzes the susceptibility of RFID devices against different implementation attacks. Such attacks make use of physical properties and behavior of electronic devices to extract secret information. We evaluate their vulnerability by presenting results of successful side-channel attacks as well as fault-analysis attacks. Furthermore, we investigate public-key enabled RFID devices that provide cryptographic services like proof-of-origin authentication by digitally signing of data. We present practical attacks on such devices that reveal the private key by power and electromagnetic analysis. The second part makes use of the findings in part one in order to design a low-resource cryptographic processor for passive RFID tags. The design meets fierce requirements concerning chip area (costs), power consumption (contactless operation), and security. First, we introduce new formulae for Elliptic Curve Cryptography (ECC) that allow an efficient implementation on resource-constraint devices using Co-Z coordinate representation over prime fields. Thereafter, we present the design of a hardware processor that applies the new formulae together with several optimization techniques to implement an efficient and secure RFID processor resistant to most of the presented attacks. We combine both symmetric as well as asymmetric primitives into one piece of silicon by implementing AES-128 and ECDSA using the recommended NIST elliptic curve over GFp192. The outcomes of the thesis are as follows. First, we show that passive RFID devices are vulnerable to side-channel attacks as well as fault attacks. Most of our experiments can be performed with low cost and simple measurement setups. By evaluating the vulnerability of such devices, we emphasize the need of appropriate countermeasures for passive RFID devices that prevent impersonation through cloning of tags, forging of digital signatures, or the ability of adversaries to provide a proof of origin of RFID-labeled counterfeited goods, for instance. Second, we present a cryptographic processor for passive RFID devices that implements strong cryptography. We apply new formulae for ECC over GFp that improve the state of the art in low-resource implementations in terms of both memory and speed.
E-Mail Address michael.hutter (at)
Last Change 2011-07-21 04:42:43
To provide an update on this entry, please click .

Contact: phds (at)

[ IACR home page ] [ IACR PhDs page ] © IACR