Abstract
KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is used in remote keyless entry systems and other wireless authentication applications. For example, there are indications that authentication protocols based on KeeLoq are used, or were used by various car manufacturers in anti-theft mechanisms. This paper presents a practical key recovery attack against KeeLoq that requires 2 16 known plaintexts and has a time complexity of 2 44.5 KeeLoq encryptions. It is based on the principle of slide attacks and a novel approach to meet-in-the-middle attacks. We investigated the way KeeLoq is intended to be used in practice and conclude that our attack can be used to subvert the security of real systems. In some scenarios the adversary may even reveal the master secret used in an entire class of devices from attacking a single device. Our attack has been fully implemented. We have built a device that can obtain the data required for the attack in less than 100 minutes, and our software experiments show that, given the data, the key can be found in 7.8 days of calculations on 64 CPU cores.
Original language | English |
---|---|
Pages (from-to) | 136-157 |
Number of pages | 22 |
Journal | Journal of Cryptology |
Volume | 25 |
Issue number | 1 |
DOIs | |
State | Published - Jan 2012 |
Externally published | Yes |
Keywords
- Block ciphers
- Cryptanalysis
- KeeLoq
- Meet-in-the-middle attacks
- Slide attacks
ASJC Scopus subject areas
- Software
- Computer Science Applications
- Applied Mathematics