Algebraic and Slide Attacks on KeeLoq
- Nicolas T. CourtoisAffiliated withUniversity College London
- , Gregory V. BardAffiliated withFordham University
- , David WagnerAffiliated withUniversity of California - Berkeley
KeeLoq is a block cipher used in wireless devices that unlock the doors and alarms in cars manufactured by Chrysler, Daewoo, Fiat, GM, Honda, Jaguar, Toyota, Volvo, Volkswagen, etc [8,9,33,34]. KeeLoq is inexpensive to implement and economical in gate count, yet according to Microchip  it should have “a level of security comparable to DES”.
In this paper we present several distinct attacks on KeeLoq, each of them is interesting for different reasons. First we show that when about 232 known plaintexts are available, KeeLoq is very weak and for example for 30% of all keys the full key can be recovered with complexity of 228 KeeLoq encryptions. Then we turn our attention to algebraic attacks with the major challenge of breaking KeeLoq given potentially a very small number of known plaintexts.
Our best “direct” algebraic attack can break up to 160 rounds of KeeLoq. Much better results are achieved in combination with slide attacks. Given about 216 known plaintexts, we present a slide-algebraic attack that uses a SAT solver with the complexity equivalent to about 253 KeeLoq encryptions. To the best of our knowledge, this is the first time that a full-round real-life block cipher is broken using an algebraic attack.
Keywordsblock ciphers unbalanced Feistel ciphers slide attacks algebraic cryptanalysis Gröbner bases SAT solvers KeeLoq
- Algebraic and Slide Attacks on KeeLoq
- Book Title
- Fast Software Encryption
- Book Subtitle
- 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers
- pp 97-115
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- block ciphers
- unbalanced Feistel ciphers
- slide attacks
- algebraic cryptanalysis
- Gröbner bases
- SAT solvers
- Industry Sectors
To view the rest of this content please follow the download PDF link above.