< Back to previous page


A Practical Attack on KeeLoq

Journal Contribution - Journal Article

KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is used in remote keyless entry systems and other wireless authentication applications. For example, there are indications that authentication protocols based on KeeLoq are used, or were used by various car manufacturers in anti-theft mechanisms. This paper presents a practical key recovery attack against KeeLoq that requires 2 16 known plaintexts and has a time complexity of 2 44.5 KeeLoq encryptions. It is based on the principle of slide attacks and a novel approach to meet-in-the-middle attacks. We investigated the way KeeLoq is intended to be used in practice and conclude that our attack can be used to subvert the security of real systems. In some scenarios the adversary may even reveal the master secret used in an entire class of devices from attacking a single device. Our attack has been fully implemented. We have built a device that can obtain the data required for the attack in less than 100 minutes, and our software experiments show that, given the data, the key can be found in 7.8 days of calculations on 64 CPU cores. © 2010 International Association for Cryptologic Research.
Journal: Journal of Cryptology
ISSN: 0933-2790
Issue: 1
Volume: 25
Pages: 136 - 157
Publication year:2012
Keywords:Computer science/information technology, Electrical & electronic engineering, Applied mathematics