MIFARE Ultralight EV1 vs MIFARE DESFire Light
MIFARE Ultralight EV1 offers 128 bytes memory with 32-bit password security, making it ideal for limited-use transit tickets, loyalty tokens. MIFARE DESFire Light provides 640 bytes with AES-128 + LRP security, suited for transit tickets, loyalty, micro-payment tokens.
MIFARE Ultralight EV1
MIFARE DESFire Light
MIFARE Ultralight EV1 vs MIFARE DESFire Light
MIFARE Ultralight EV1 and MIFARE DESFire Light are both designed for transit and micropayment applications at low cost, but they represent different price-security trade-offs within NXP's product line. Choosing between them is a question of whether AES authenticationauthenticationIdentity verification of NFC tags/readers via passwords or cryptographyView full → is worth a 3–6x cost increase for your specific token use case.
Overview
MIFARE Ultralight EV1: 48–128 bytes, 32-bit password, 24-bit monotonic counter, OTP. NFC ForumNFC ForumIndustry body developing NFC standards, specifications, and certifications since 2004View full → Type 2 compliant. Cost-minimum transit token for limited-use tickets. The counter is the primary anti-reuse mechanism. Designed for operators who control both the tag stock and the reader infrastructure, where the minimal security of a 32-bit password is compensated by operational controls.
MIFARE DESFire Light: 640 bytes, single application with up to three files, AES-128 with optional LRP cipher, ISO 14443ISO 14443Standard for contactless smart cards at 13.56 MHz (Types A and B)View full →-4 (T=CL). Cost-minimized single-application DESFire for transit tickets and micropayment tokens where Crypto-1Crypto-1Broken proprietary cipher in MIFARE Classic (reverse-engineered 2008)View full → is unacceptable but full DESFire EV3 cost is unjustifiable. The LRP (Leakage Resilient Primitive) cipher option provides additional resistance to side-channel attacks compared to standard AES-128.
Key Differences
- Security: DESFire Light's AES-128 is cryptographically sound. Ultralight EV1's 32-bit password is brutable with targeted NFC hardware — inadequate for high-value stored value or multi-use credentials.
- Memory: DESFire Light 640 bytes vs Ultralight EV1 128 bytes — sufficient for a stored-value balance, transaction history, and access flags in DESFire Light vs a simple counter and minimal payload in Ultralight EV1.
- Counter: Ultralight EV1 has a hardware 24-bit counter that cannot be reset. DESFire Light implements counter/decrement logic via its AES-protected value file structure — cryptographically protected but requiring reader-side AES logic.
- Authentication overhead: DESFire Light requires AES challenge-response and ISO 14443-4 T=CL. Ultralight EV1 is simple ISO 14443-3A — lower reader complexity and faster transaction initiation.
- LRP cipher: DESFire Light supports LRP for additional leakage resistance, relevant for transit operators concerned about side-channel attacks on deployed readers. Ultralight EV1 has no equivalent advanced cipher option.
- Transaction speed: Both chips can meet transit gate throughput requirements. DESFire Light at 424 kbps with AES LRP completes a full authentication cycle under 100 ms. Ultralight EV1 at 106 kbps with simple counter read is also under 100 ms.
- Cost: Ultralight EV1 at $0.05–$0.12 vs DESFire Light at $0.30–$0.70 — a 3–6x premium for AES security and LRP.
Technical Comparison
| Parameter | MIFARE Ultralight EV1 | MIFARE DESFire Light |
|---|---|---|
| NFC Tag Type | Type 2 (ISO 14443-3A) | Type 4 (ISO 14443-4) |
| User memoryUser memoryTag memory portion available for user data storageView full → | 48 or 128 bytes | 640 bytes |
| Security | 32-bit password | AES-128 + LRP |
| Monotonic counter | Yes (hardware 24-bit, unauthenticated) | Via AES value files (authenticated) |
| OTP area | Yes | No |
| Applications | 1 | 1 |
| Data rate | 106 kbps | 106 / 212 / 424 kbps |
| LRP cipher | No | Yes (optional) |
| Data retention | 10 years | 10 years |
| Write endurance | 100,000 writes | 200,000 writes |
| Unit cost (volume) | $0.05–$0.12 | $0.30–$0.70 |
| Target use | Limited-use disposable tickets | AES-secure transit tokens / micropayment |
| ISO 14443 level | Level 3 | Level 4 |
Use Cases
MIFARE Ultralight EV1 Optimal Scenarios
- Single-use tickets: Paper-thin disposable transit tickets where the counter and OTP suffice for limited-use enforcement and cost per unit is paramount
- Event wristbands and festival passes: High-volume, short-duration tokens where AES overhead is cost-prohibitive
- Introductory loyalty tokens: Low-value stamps or promotional tags where cloning risk is accepted as a cost of doing business at volume
MIFARE DESFire Light Optimal Scenarios
- Weekly or monthly transit passes: Long-enough card lifetime to justify the AES cost; transit operators migrating from Crypto-1 Classic cards where the broken cipher is the primary driver for replacement
- Prepaid micropayment tokens: Vending, laundry, or parking where stored value must be AES-protected against modification attacks that would be trivial against Ultralight EV1's password model
- Operator-issued loyalty tokens: Where the backend cannot afford stored-value attacks but cannot justify full DESFire EV3 — DESFire Light is the bridge product
Verdict
The choice is economic: does the value of AES security over a 32-bit password justify a 3–6x increase in cost per token for your specific deployment? For high-value stored-value cards used over weeks or months — where compromising a single card enables value theft — DESFire Light's AES protection is worth the premium. For single-use or short-duration disposable tickets where the counter is the primary control and the transit infrastructure is fully operator-controlled, Ultralight EV1's minimal cost wins. DESFire Light is the transit industry's answer to moving away from both Crypto-1 (Classic) and password-only security (Ultralight) at the lowest possible AES-capable price.
Öneri
Choose MIFARE Ultralight EV1 when you need improved Ultralight with password protection; choose MIFARE DESFire Light when you need DESFire security in a cost-optimized package.