A practical attack on KeeLoq

Wim Aerts, Eli Biham, Dieter De Moitié, Elke De Mulder, Orr Dunkelman, Sebastiaan Indesteege, Nathan Keller, Bart Preneel, Guy A.E. Vandenbosch, Ingrid Verbauwhede

Research output: Contribution to journalArticlepeer-review


KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is used in remote keyless entry systems and other wireless authentication applications. For example, there are indications that authentication protocols based on KeeLoq are used, or were used by various car manufacturers in anti-theft mechanisms. This paper presents a practical key recovery attack against KeeLoq that requires 2 16 known plaintexts and has a time complexity of 2 44.5 KeeLoq encryptions. It is based on the principle of slide attacks and a novel approach to meet-in-the-middle attacks. We investigated the way KeeLoq is intended to be used in practice and conclude that our attack can be used to subvert the security of real systems. In some scenarios the adversary may even reveal the master secret used in an entire class of devices from attacking a single device. Our attack has been fully implemented. We have built a device that can obtain the data required for the attack in less than 100 minutes, and our software experiments show that, given the data, the key can be found in 7.8 days of calculations on 64 CPU cores.

Original languageEnglish
Pages (from-to)136-157
Number of pages22
JournalJournal of Cryptology
Issue number1
StatePublished - Jan 2012
Externally publishedYes


  • Block ciphers
  • Cryptanalysis
  • KeeLoq
  • Meet-in-the-middle attacks
  • Slide attacks

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Applied Mathematics


Dive into the research topics of 'A practical attack on KeeLoq'. Together they form a unique fingerprint.

Cite this