Abstract
As a non-contact identification technology, RFID (Radio Frequency Identification) is widely used in various Internet of Things applications. However, RFID systems are highly vulnerable to diverse attacks due to the openness of communication links between readers and tags, leading to serious security and privacy concerns. Numerous RFID authentication protocols have been designed that employ hash functions and symmetric cryptography to secure communications. Despite these efforts, such schemes generally exhibit limitations in key management flexibility and scalability, which significantly restricts their applicability in large-scale RFID deployments. Confronted with this challenge, public key cryptography offers an effective solution. Taking into account factors such as parameter size, computational complexity, and resistance to quantum attacks, the NTRU algorithm emerges as one of the most promising choices. Since the NTRU signature algorithm is highly complex and requires large parameters, there are currently only a few NTRU encryption-based RFID authentication protocols available, all of which exhibit significant security flaws-such as supporting only one-way authentication, failing to address public key distribution, and so on. Moreover, performance evaluations of the algorithm in these contexts are often incomplete. This paper proposes a mutual authentication protocol for RFID based on the NTRU encryption algorithm to address security and privacy issues. The security of the protocol is analyzed using the BAN-logic tools and some non-formalized methods, and it is further validated through simulation with the AVISPA tool. With the parameter set (N, p, q) = (443, 3, 2048), the NTRU algorithm can provide 128 bits of post-quantum security strength. This configuration not only demonstrates greater foresight at the theoretical security level but also offers significant advantages in practical energy consumption and computation time when compared to traditional algorithms such as ECC, making it a highly competitive candidate in the field of post-quantum cryptography.