Public Key Authentication with One (Online) Single Addition

We focus on the GPS identification scheme implementation in low cost chips, i.e not equipped with a microprocessor (such as those embedded in some prepaid telephone cards or RFID tags). We present three solutions to decrease the overall number of manipulated bits during the computation of the answer by a factor two or three. All the solutions stand in the use of low Hamming weight parameters. The first one consists in building the private key as the product of low Hamming weight sub-keys. The second one suggests the choice of full size low Hamming weight private keys. Finally, the third solution corresponds to a variant of the basic GPS scheme in which large challenges with low Hamming weight are used. Whereas the first solution does not withdraw the need for a multiplier in the chip, the two other ones are ideally suited to low cost chips as they can be implemented with only one serial addition. Therefore, as a surprising result, one entity can be public key authenticated by doing one on-line addition only at the time of authentication!