International Association for Cryptologic Research

International Association
for Cryptologic Research


Sébastien Canard


Privacy-Preserving RFID Systems: Model and Constructions
In this paper, we study systems where a reader wants to authenticate and identify legitimate RFID tags. Such system needs thus to be correct (legitimate tags are accepted) and sound (fake tags are rejected). Moreover, an RFID tag in a privacy-preserving system should be anonymous and untraceable, except for the legitimate reader. We here present the first security model for RFID authentication/identification privacy-preserving systems which is at the same time complete and easy to use. Our correctness property permits to take into account active adversaries. Our soundness property incorporates the case of adversaries realizing relay attacks. Finally, our privacy model includes adversaries with no restrictions on their interactions with the system and moreover takes into account the case of ``future correlations''. We next propose several constructions, based on the work from Vaudenay, proving that (i) our strongest property is at least as strong as those of Vaudenay and (ii) this property is reachable by efficient schemes.
A handy multi-coupon system
Sébastien Canard Aline Gouget Emeline Hufschmitt
A coupon is an electronic data that represents the right to access a service provided by a service provider (e.g. gift certificates or movie tickets). Recently, a privacy-protecting multi-coupon system that allows a user to withdraw a predefined number of single coupons from the service provider has been proposed by Chen et al. at Financial Crypto 2005. In this system, every coupon has the same value which is predetermined by the system. The main drawbacks of Chen et al. proposal are that the redemption protocol of their system is inefficient, and that no formal security model is proposed. In this paper, we consequently propose a formal security model for coupon systems and design a practical multi-coupon system with new features: the quantity of single coupons in a multi-coupon is not defined by the system and the value of each coupon is chosen in a predefined set of values.