Numeric Comparison
BLE 4.2+ LESC pairing method where both devices display a 6-digit number and the user confirms they match.
What Is Numeric Comparison?
pairing by confirming matching 6-digit numbers." data-category="Security">Numeric Comparison is a BLE pairing association model introduced with LE Secure Connections (LESC) in Bluetooth 4.2. Both devices independently compute and display a 6-digit number derived from the ECDH key exchange. The user visually confirms that both numbers match, then accepts the pairing on one or both devices. This provides MITM protection with minimal user effort.
How It Works
After the ECDH public key exchange, both devices compute a 6-digit verification value from the shared ECDH parameters using the AES-CMAC function (specifically, the g2 function defined in the Core Specification). The resulting value is displayed on both screens. The user checks that the numbers are identical and taps "Confirm" or "Pair" on one device. If the numbers differ, it indicates a MITM attack, and the user should reject the pairing.
When Numeric Comparison Is Selected
Numeric Comparison requires both devices to have display and yes/no-confirmation capabilities:
| Initiator I/O | Responder I/O | Model |
|---|---|---|
| DisplayYesNo | DisplayYesNo | Numeric Comparison |
| KeyboardDisplay | DisplayYesNo | Numeric Comparison |
| DisplayYesNo | KeyboardDisplay | Numeric Comparison |
If either device lacks a display, the SMP falls back to Passkey Entry or Just Works. Numeric Comparison is exclusive to LESC -- Legacy Pairing does not support it.
Security Analysis
Numeric Comparison is considered the gold standard for interactive BLE pairing. An active MITM attacker who intercepts the ECDH exchange and substitutes their own keys will cause the verification values on the two legitimate devices to diverge. The user sees mismatched numbers and rejects the pairing. The probability of an attacker successfully guessing the correct 6-digit value is 1 in 1,000,000 per attempt, and the protocol does not allow reuse of the same ECDH keys, so brute-force retries require restarting from scratch.
Unlike Passkey Entry, the user never enters a secret value that could be observed by an attacker (shoulder surfing). The 6-digit display is a commitment check, not a shared secret, so observing it provides no advantage.
User Experience
Numeric Comparison is the most user-friendly MITM-protected model because it requires only a glance and a tap rather than typing a 6-digit code. The typical flow:
- User initiates pairing from the phone.
- Both the phone and the peripheral display "647291" (for example).
- User confirms the numbers match on the phone.
- Pairing completes.
The entire process takes 3 -- 5 seconds. This is why smartphone-to-accessory pairing (wireless earbuds, smartwatches) prefers Numeric Comparison when the accessory has a screen.
Limitations
The main limitation is the hardware requirement: both devices need a display capable of showing 6 digits. Battery-powered sensors, beacons, and minimal wearables rarely include displays, relegating them to Just Works or Passkey Entry. Some designs work around this by using an LED blink pattern to encode the verification value, though this is non-standard and error-prone.
Related Terms
Related Content
BLE Security: Pairing, Bonding, and Encryption
Protocols & Profiles…No UI needed Passkey Entry Yes Yes One device has keypad Numeric Comparison Yes Yes Both devices have display OOB Pairing Yes Yes NFC…
BLE Pairing Methods Compared: Just Works vs Passkey vs OOB
Security & Privacy…has display OR keyboard Yes (20 bits) Enter 6-digit PIN Numeric Comparison Both devices have display Yes (20 bits) Confirm matching…
Frequently Asked Questions
Our glossary covers 90+ BLE technical terms organized by category. Each term includes a definition, related terms, and links to relevant chips and guides.