Author:

Keywords:

cosic, Science & Technology, Technology, Physical Sciences, Computer Science, Theory & Methods, Engineering, Electrical & Electronic, Mathematics, Applied, Computer Science, Engineering, Mathematics, KeeLoq, Cryptanalysis, Block ciphers, Slide attacks, Meet-in-the-middle attacks, SLIDE ATTACKS, CIPHERS, 0101 Pure Mathematics, 0103 Numerical and Computational Mathematics, 0804 Data Format, Computation Theory & Mathematics, 4604 Cybersecurity and privacy, 4613 Theory of computation

Abstract:

KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is used in remote keyless entry systems and other wireless authentication applications. For example, there are indications that authentication protocols based on KeeLoq are used, or were used by various car manufacturers in anti-theft mechanisms. This paper presents a practical key recovery attack against KeeLoq that requires 2 16 known plaintexts and has a time complexity of 2 44.5 KeeLoq encryptions. It is based on the principle of slide attacks and a novel approach to meet-in-the-middle attacks. We investigated the way KeeLoq is intended to be used in practice and conclude that our attack can be used to subvert the security of real systems. In some scenarios the adversary may even reveal the master secret used in an entire class of devices from attacking a single device. Our attack has been fully implemented. We have built a device that can obtain the data required for the attack in less than 100 minutes, and our software experiments show that, given the data, the key can be found in 7.8 days of calculations on 64 CPU cores. © 2010 International Association for Cryptologic Research.