News | September 11, 2006

RFID Breakthrough: A Big Security Breakthrough For RFID Tags

SecureRF Corporation is introducing the world's first secure RFID tag solution based on a breakthrough in cryptography that is a lightweight yet highly secure solution, the foundation of the company's strategy. SecureRF is targeting high value asset tracking, monitoring and anti-counterfeiting applications in the pharmaceutical, defense and homeland security sectors. Until now, existing security algorithms could not provide strong authentication and data protection on RFID tags. That is because these algorithms, many of them over 20 years old, rely on multiplying large numbers and require more computing resources than are available on RFID tags.

Security for RFID tags is now available with SecureRF's performance breakthrough, the Algebraic Eraser™ (AE). This new security algorithm is thousands of times more efficient than other commercial solutions.

The AE uses a relatively new but well developed branch of mathematics called infinite group theory. The algorithm works based on quick iterations of small numbers, so it achieves the same security strength as current solutions but requires far less computing resources. This means that for the first time, SecureRF makes strong data protection and authentication security available on passive EPC Global Gen 2 compliant RFID tags and on active RFID tags.

The AE engine supports a wide range of cryptographic functions including authentication, data protection and repudiation. It is suitable for both symmetric (private key) or asymmetric (public key) cryptosystems, as well as hash functions, digital signatures or other cryptographic uses. In addition to its own secure RFID tag solution, SecureRF can deliver the AE security engine as a software toolkit, gates for a chip or even a chip itself, addressing a wide range of applications and environments.

SecureRF's founders include three world-class mathematicians/cryptographers who developed the AE algorithm. Dr. Iris Anshel, CTO, has published extensive research in the field and has experience in the commercialization of security technology as a co-founder of Arithmetica. Dr. Dorian Goldfeld, board member, has been a recipient of NSF grants every year since 1976. He is a Sloan fellow, a Cole Prize Winner in Number Theory and professor of mathematics at Columbia University. Dr. Michael Anshel, board member, is a co-author of four related patents, an advisor to the National Institute of Standards and Technology (NIST) Advanced Technology Program, and professor in Computer Science at the City College of New York.

More About the Algebraic Eraser
How can the AE security algorithm be so efficient and yet be highly secure at the same time? In part, the answer hinges on attributes of the mathematics of infinite group theory.

A layperson can think of infinite group theory as the mathematics of braids or knots. The quality that makes this desirable for cryptography is akin to the fact that a fishing line can get entangled in a few seconds while it may take hours to untangle. With infinite groups, calculating in one direction is easy, but reversing it is extremely difficult.

Another feature of the algorithm is a cloaking function that erases part of the information as it goes along, hence the name Algebraic Eraser. This increases efficiency because smaller numbers are used. It also increases security, because the AE process itself effectively erases the data that would be required for the system to be reversed (and hence broken). Traditional cryptographic algorithms do not have an erasing feature and require the multiplication and division of very large numbers thus contributing to the need for large storage and processing resources.

In fact as greater security levels are demanded the more efficient the AE becomes compared to existing algorithms. Traditional cryptographic functions require computational levels that grow exponentially as the keysize increases. The AE however is the world's first algorithm to have computational requirements that increase in direct proportion (linearly) to the keysize, thus running orders of magnitude faster than has been previously seen.

The principle measure of cryptographic security strength in a brute force attack is the number of "guesses" required to get the correct answer. By quickly calculating a large quantity of small numbers, the AE algorithm creates a problem that would require a tremendous number of "guesses" to solve. That is how the AE algorithm provides strong data protection and authentication while being so efficient it can fit on an RFID tag.

More information about SecureRF can be found on its Web site at www.securerf.com.