low-cost decryption chip?

GemPlus is a smaller chip maker, maybe better luck with them.

ps. you can fit 2 AES implementations on a SC, it's been done.

Look into the work that's ben done for small vs. fast AES in hardware.

JLC

Can you explain why you need encryption in the chip? Why can you not feed it the ciphertext directly and simply have the tag regurgitate it verbatim when queried?

We think that it is feasible to include an AES module on an RFID tag. There is an AES IP module available which is suitable for RFID tags.

The link to that module:

Perhaps the following scientific paper gives some more insights:

MF

The most secure methods dont attract attention to one place and one chip .

Swiss bankers long ago held "scratch" lists , 40 #'s and when customer called , banker first asks for a # ,if they agree , customer prevails .

Computers allow us to use huge "scratch #'s and huge lists . Different lists for each customer .

Each list can also be a key to a decrypting method .

So its not the chip , that is improtant , it only needs to make inconvinient , not stop someone absolutely . You can even use well know easy to hack chips !!

It does NOT matter , because the real deterent is the numbers in the computer ! They always succeed by flood , fill and bloat .

Thus 128 bit encryption is advertising , it is not needed .

I ADD multiple channels and syncronization to stop hackers . Suppose you dont have big computers , you are on 2 FRS radios and you want ABSOLUTE safety . Create your own slow P code and switch the radios at 100 mili seconds and sync the radios with hardware clocks . Then add a Modem on top of that and a cypher on top of that . By the time they figure h/w to read your stuff , you have left the area ! Choose a busy channel , xmit with big gaps leave quiet periods ,only xmit , max .1 seconds , on both radios . Takes time to get a long msg across , but no way will they get you . This is illegal .

Mart> > Is this feasible? Can anyone recommend a manufacturer?

If you want to go really low cost, forget DES and AES, the gate count is too high. I did a project in the 50c realm and we used a stream algorithm based on a self shrinking generator to keep gate count and the resulting silicon surface to a minimum.

Wim

Check carefully about how much security you need *first* - there are some papers about breaks in SS generators. Don't skimp on the security requirement as computing power increases the level of cryptographic protection reduces. Bad security will turn back and bite you, in your example, millions of times.

message

too

based

silicon

Anything more recent or better than Krause's attack; O(2^L*0.65) from 2002?

TIA, Wim

Sorry, I can't help - I don't remember and am in the middle of a computing crisis - the type when you discover that your highly valuable, time consuming backup system is worthless.