Hardware Efficient Authentication based on Random Selection

Lightweight authentication protocols based on random selection were introduced as an alternative design paradigm besides the usage of lightweight block ciphers and the principle of adding based noise. However a comparatively large key length and the use of involved operations made a hardware-efficient implementation a challenging task. In this work we introduce the (n, k, L)-protocol, a variant of linear authentication protocols which overcomes these problems, and analyze its security against all currently known, relevant passive and active attacks. Moreover, we present an implementation of our protocol for FPGAs and ASICs using Verilog and discuss its efficiency w.r.t. generally accepted costs metrics. The respective numbers show that the (n, k, L)-protocol is a viable alternative to existing solutions and is, for example, well suited for the implementation on passive RFID tags.