On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme

  • Thomas Eisenbarth
  • Timo Kasper
  • Amir Moradi
  • Christof Paar
  • Mahmoud Salmasizadeh
  • Mohammad T. Manzuri Shalmani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5157)


KeeLoq remote keyless entry systems are widely used for access control purposes such as garage openers or car door systems. We present the first successful differential power analysis attacks on numerous commercially available products employing KeeLoq code hopping. Our new techniques combine side-channel cryptanalysis with specific properties of the KeeLoq algorithm. They allow for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored in a receiver. As a result, a remote control can be cloned from only ten power traces, allowing for a practical key recovery in few minutes. After extracting the manufacturer key once, with similar techniques, we demonstrate how to recover the secret key of a remote control and replicate it from a distance, just by eavesdropping on at most two messages. This key-cloning without physical access to the device has serious real-world security implications, as the technically challenging part can be outsourced to specialists. Finally, we mount a denial of service attack on a KeeLoq access control system. All proposed attacks have been verified on several commercial KeeLoq products.


Remote Control Power Trace Correlation Power Analysis Differential Power Analysis Attack Radio Frequency Interface 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bogdanov, A.: Attacks on the KeeLoq Block Cipher and Authentication Systems. In: 3rd Conference on RFID Security 2007 (RFIDSec 2007),
  2. 2.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Chari, S., Rao, J., Rohatgi, P.: Template Attacks. In: Cryptographic Hardware and Embedded Systems-Ches 2002: 4th International Workshop, Redwood Shores, CA, USA, August 13-15 (2002) (Revised Papers)Google Scholar
  4. 4.
    Courtois, N.T., Bard, G.V., Wagner, D.: Algebraic and Slide Attacks on KeeLoq. In: FSE 2008. LNCS. Springer, Heidelberg (2008)Google Scholar
  5. 5.
    Indesteege, S., Keller, N., Dunkelman, O., Biham, E., Preneel, B.: A Practical Attack on KeeLoq. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Schimmler, M.: Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 101–118. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Langer EMV-Technik. Details of Near Field Probe Set RF 2,
  9. 9.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully Attacking Masked AES Hardware Implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Microchip. An Introduction to KeeLoq Code Hopping,
  11. 11.
    Microchip. HCS200, KeeLoq Code Hopping Encoder,
  12. 12.
    Microchip. HCS410, KeeLoq Code Hopping Encoder and Transponder,
  13. 13.
    Microchip. HCS410/WM, KeeLoq Crypto Read/Write Transponder Module,
  14. 14.
    Örs, S.B., Oswald, E., Preneel, B.: Power-Analysis Attacks on an FPGA - First Experimental Results. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 35–50. Springer, Heidelberg (2003)Google Scholar
  15. 15.
    Peeters, E., Standaert, F., Quisquater, J.: Power and Electromagnetic Analysis: Improved Model, Consequences and Comparisons. Integration, the VLSI Journal 40(1), 52–60 (2007)CrossRefGoogle Scholar
  16. 16.
    Schramm, K., Leander, G., Felke, P., Paar, C.: A Collision-Attack on AES: Combining Side Channel- and Differential-Attack. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 163–175. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Thomas Eisenbarth
    • 1
  • Timo Kasper
    • 1
  • Amir Moradi
    • 2
  • Christof Paar
    • 1
  • Mahmoud Salmasizadeh
    • 2
  • Mohammad T. Manzuri Shalmani
    • 2
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany
  2. 2.Department of Computer Engineering and Electronic Research CenterSharif University of TechnologyTehranIran

Personalised recommendations