2010
DOI: 10.1007/s00145-010-9091-9
|View full text |Cite
|
Sign up to set email alerts
|

A Practical Attack on KeeLoq

Abstract: KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is used in remote keyless entry systems and other wireless authentication applications. For example, there are indications that authentication protocols based on KeeLoq are used, or were used by various car manufacturers in antitheft mechanisms. This paper presents a practical key recovery attack against KeeLoq that requires 2 16 known plaintexts and has a time complexity of 2 44.5 KeeLoq encryptions.… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
12
0

Year Published

2011
2011
2024
2024

Publication Types

Select...
7

Relationship

1
6

Authors

Journals

citations
Cited by 25 publications
(12 citation statements)
references
References 14 publications
0
12
0
Order By: Relevance
“…Our practical implementation recovers the full 64-bit secret key from 30 captured authentication frames in about 2 − 6 days using 200 CPU cores. Table 6 shows the comparison of the attack on the Atmel CryptoMemory cipher presented in this paper and that on another proprietary cipher KeeLoq in [1]. One can again conclude that such proprietary ciphers fail to provide enough security even from a practical point of view.…”
Section: Discussionmentioning
confidence: 83%
“…Our practical implementation recovers the full 64-bit secret key from 30 captured authentication frames in about 2 − 6 days using 200 CPU cores. Table 6 shows the comparison of the attack on the Atmel CryptoMemory cipher presented in this paper and that on another proprietary cipher KeeLoq in [1]. One can again conclude that such proprietary ciphers fail to provide enough security even from a practical point of view.…”
Section: Discussionmentioning
confidence: 83%
“…1. For each of the D plaintext-ciphertext pairs (P i , C i ): 7 Thus, we do not exploit the actual fixed-point in a strong way (such as in [1]), but merely some fixed linear relation between X i 1 andX i 3 .…”
Section: Our Generalized Multibridge Attack On 4-round Iterated Even-mentioning
confidence: 99%
“…Furthermore, for all such variants 3 we obtain a complete tradeoff curve of DT = 2 2n in the known plaintext attack model. 1 We define security in the computational model, which calculates the time complexity according to the number of operations that the attacker performs. This model is different from the information theoretical model (used, for example, in [4]), which only considers the number of queries to the internal permutations of the primitive.…”
Section: Introductionmentioning
confidence: 99%
“…For systems with a higher level of mathematical security, several examples of real-world side-channel attacks have demonstrated a huge attack potential: The 112-bit secret key of the Mifare DESfire MF3ICD40 smartcard (based on the 3DES cipher) can be extracted with Electro-Magnetic (EM)-based Side Channel Analysis (SCA) [16]. Likewise, the mathematical weaknesses found in the proprietary remote keyless entry system KeeLoq [1,4] are insufficient for a practical attack. However, a side-channel attack yielding the master key of the system allows to duplicate remote controls by one-time eavesdropping from several hundred meters [8].…”
Section: Related Workmentioning
confidence: 99%