Abstract:
Many RFID protocols use cryptographic hash functions for
their security. The resource constrained nature of RFID systems forces
the use of light weight cryptographic algorithms. Tav-128 is one such
light weight hash function proposed by Peris-Lopez et al. for an RFID
authentication protocol. In this article we show that Tav-128 is not collision
resistant. We show a practical collision attack against Tav-128 and
produce message pairs of arbitrary length which produce the same hash
value under this hash function. We also study the constituent functions
of Tav-128 and show that the concatenation of nonlinear functions A and
B produces a 64-bit permutation from 32-bit messages. This could be a
useful light weight primitive for future RFID protocols.