SLUAAW0 May 2025 BQ41Z50
ECC offers several important differences compared to Secure Hash Algorithm (SHA) authentication schemes such a SHA-1. First, ECC uses asymmetric keys so the host and gauge do not share a single key or secret and a key pair (one public and one private) must be used to authenticate the device. Both schemes can have a challenge length of 20-bytes to provide a random challenge.
One major difference between the two authentication protocols pertains to authentication verification. With SHA, the host can start verification in parallel to the gauge because the host already contains the secret key and random challenge once verification is initiated, while the gauge begins once the gauge has received the challenge. ECC requires the host to wait for the response from the gauge to complete the verification process. However, the host can pre-start certain calculations while waiting on this response.
A second major difference between the two authentication protocols is verifying key programming. When using the same key and challenge then SHA produces the same response. Therefore, the challenge-response pair can be used to verify if the key is programmed correctly. With ECC, the same key and same challenge does not produce the same response. A separate verification function must be implemented to verify the key is programmed correctly.
| SHA-1 HMAC | ECC | |
|---|---|---|
| TI Product | BQ40z50 and BQ41z50 | BQ41z50 |
| Key Type | Symmetric Key (Shared Secret) | Asymmetric Key (Public and Private Key Pair) |
| Hash Function | 160-bit | 256-bit (SHA-2) |
| Key Length | 128-bit | 233-bit Key |
| Authentication Response Time | <100ms | <100ms |
| Challenge Length | 20-byte | 8 - 19 byte |
| Response Length | 20-byte | 60 bytes (or 2 x 30 bytes) |
| Deterministic response for a given key and challenge | No | Yes |
| Verify key programmed without using private data |
Yes Use known Challenge-response Pair |
Yes Verify function using public key |