Primitive use of NFC for blockchain applications

Every NFC chip has a 4- or 7-byte UID, and usually manufactures guarantee that the 7-byte UID is unique. Also authentic chips manufactured by NXP Semiconductors have a 32-byte ECC signature that is also easy to read.

A simple NFC reader in a phone or in a vending machine can read this data, do SHA256 hash on it, and that would be a private key for blockchain operation. For example, a shopkeeper would see the public key, and send some deposit tokens or fidelity points to an associated EOSIO account. A vending machine can automatically deduct some amount from such an account.

One issue is that most NFC cards in your wallet have a 4-byte UID. It gives only 4 billion possible combinations, so a private key would be cracked within a day. Most chips that are used are Mifare Classic chips which have a very poor security schema. The data on such a chip can be cracked and modified within minutes, or at maximum an hour.

The newest generation NTAG213/215/216 chips by NXP Semiconductors have 7-byte UID, and are accompanied with vendor ECC signature. This would produce a much more reliable private key. Also an application can write and lock some random seed in the memory sectors of the chip.

Here’s a simple demo of reading the UID and vendor signature and producing a private key. The program prints out a corresponding public key:

EDIT: I applied two Motorola Android phones of different generations to the reader, and it showed the UID differing in one byte only. Not really good for any practical use.

Written by

Telegram: cc32d9, EOS account: "cc32dninexxx"

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store