RFID is a technique for storing and recovering data remotely by using markers known as radio tags or RFID tags. A radio tag is a small item, such as a sticky label, and it is suitable for being stuck on or incorporated in items or goods. It comprises an antenna associated with an electronic chip enabling it to receive and respond to radio requests transmitted from a transceiver referred to as a reader. For example, radio tags are used to identify people when the tags are incorporated in passports, or in travel tickets, or payment cards, or to identify goods like a bar code.
In conventional manner, when a tag comes within the range of a radio reader, the reader interacts with the tag and interrogates it. During such an interrogation, the reader can recover information that is specific to the tag, such as a tag identifier, or conventionally data that participates in authenticating the tag with a reader. This facility whereby a reader can recover information from a tag in spontaneous manner is not without drawbacks in terms of security. It can happen that the reader is corrupted and under the control of an illintentioned person, and in certain circumstances spontaneous recovery of information from a tag contributes to using up the authentication resources specific to the tag. This can contribute to perpetrating a denial-of-service attack against the tag. It would therefore be advantageous for a tag to be able to distinguish in one way or another between a reader that is authentic or legitimate, and a reader that is corrupt. In order to distinguish a legitimate reader from a corrupt reader, it then becomes necessary for the tag to authenticate the reader before authenticating itself with the reader.
There are several schemes in existence for authenticating a tag with a radio reader. By way of example, a “GPS” authentication scheme (or “cryptoGPS scheme”) is known when its name is derived from the names of the inventors Girault, Paillés, Poupard and Stern [M. Girault, G. Poupard, and J. Stern, “On the fly authentication and signature schemes based on groups of unknown order”, Journal of Cryptology, pp. 463-488, Vol. 19, No. 4, 2006]. The GPS scheme is a public key authentication scheme based on the discrete logarithm problem in a multiplicative group. GPS is conventionally used so that a device, usually a device having very little calculation power, such as a radio tag, can authenticate itself with a second device, typically a device having more power, such as a radio reader. The scheme is such that the calculation costs involved in authentication for the less powerful device can be considerably reduced by means of a certain number of optimizations, and in particular by the use of “coupons”. With GPS, the more costly calculations are performed by the more powerful device. This characteristic makes the GPS protocol very well suited to authenticating radio tags with radio readers. Nevertheless, it is not easy to transpose that scheme in such a manner as to enable a tag, to authenticate a reader. A mere transposition of that scheme to enabling the tag to authenticate the reader would give rise to costly calculation being performed by the radio tag which continues to be a device that is very limited in terms of calculation power.