NXP has a custom (I think) encryption protocol known as "Leakage-Resistant Primitive", or LRP, built on top of AES. I think the goal of this is to basically "expand" the length of the key being used. This is used on devices that have 128-bit keys, and, from what I can tell, LRP basically takes a 128-bit key and expands it to a 16,384-bit key. I think the reason for this is because NFC cards typically use 128-bit keys, because they have an limited write memory.
Does anyone know how effective LRP is at getting beyond the small key size, or any other benefits/drawbacks of using LRP?
LRP is described in this document:
https://www.nxp.com/docs/en/application-note/AN12304.pdf
You can view an implementation of LRP here:
https://github.com/johnnyb/ntag424-java/tree/main/src/main/java/net/bplearning/ntag424/lrp