For many applications such as electronic ticketing, transport or digital access control systems security tokens are used to store relevant or security information. Often the security partly relies on the fact that the security token is authentic, i.e. that a specific piece of hardware is used and the transaction is not simulated by a PC or any other electronic device. Especially for transport applications, the copy protection for tickets is implemented in a way that relies on the fact that only a certain kind of security tokens can provide a serial number of a special form under rather restrictive physical circumstances.
In general, it is not difficult to clone these security tokens by a Field Programmable Gate Array (FPGA), but the costs of cloning usually exceed the benefit of the attack.
To increase the level of security against cloning attacks a cryptographic proof of authenticity is one option. Due to the lack of an existing symmetric key infrastructure and the complex key management a cryptographic proof using asymmetric primitives is the generic solution. Such protocols based on asymmetric primitives can be implemented over a mathematical group where the discrete logarithm problem is hard to solve. In this mathematical group a base element or base point g is chosen which can be then used in the algorithm, e.g. for generating a public key or for authentication of the respective security token.