Linear Slide Attacks on the KeeLoq Block Cipher

KeeLoq is a block cipher used in numerous widespread passive entry and remote keyless entry systems as well as in various component identification applications. The KeeLoq algorithm has a 64-bit key and operates on 32-bit blocks. It is based on an NLFSR with a nonlinear feedback function of 5 variables. In this paper new key recovery attacks on KeeLoq are proposed. The first one has a complexity of about 250.6KeeLoq encryptions. The second attack finds the key in 237encryptions and works for the whole key space. In our attacks we use the techniques of guess-and-determine, slide, and linear attacks as well as cycle structure analysis. Both attacks need 232known plaintext-ciphertext pairs. We also analyze the KeeLoq key management and authentication protocols applied in rolling-code and IFF access systems widely used in real-world applications. We demonstrate several practical vulnerabilities.

[1]  Oded Goldreich,et al.  The Bit Extraction Problem of t-Resilient Functions (Preliminary Version) , 1985, FOCS.

[2]  Thomas Siegenthaler,et al.  Decrypting a Class of Stream Ciphers Using Ciphertext Only , 1985, IEEE Transactions on Computers.

[3]  Serge Vaudenay,et al.  How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[4]  Eli Biham,et al.  Improved Slide Attacks , 2007, FSE.

[5]  Oded Goldreich,et al.  The bit extraction problem or t-resilient functions , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[6]  Thomas Siegenthaler,et al.  Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.

[7]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[8]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[9]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .