algebraic and slide attacks on keeloq
play

Algebraic and Slide Attacks on KeeLoq Nicolas T. Courtois 1 Gregory - PowerPoint PPT Presentation

Jun 04, 2023 •41 likes •171 views

Algebraic and Slide Attacks on KeeLoq Nicolas T. Courtois 1 Gregory V. Bard 2 1 - University College of London, UK 2 - University of Maryland, US KeeLoq and Algebraic Cryptanalysis KeeLoq Block cipher used to unlock doors and the alarm in

  1. Algebraic and Slide Attacks on KeeLoq Nicolas T. Courtois 1 Gregory V. Bard 2 1 - University College of London, UK 2 - University of Maryland, US

  2. KeeLoq and Algebraic Cryptanalysis KeeLoq Block cipher used to unlock doors and the alarm in Chrysler, Daewoo, Fiat, GM, Honda, Jaguar, Toyota, Volvo, Volkswagen, etc… 2 Courtois, Bard, 2007

  3. KeeLoq and Algebraic Cryptanalysis How Much Worth is KeeLoq • Designed in the 80's by Willem Smit. • In 1995 sold to Microchip Inc for more than 10 Million of US$. ?? 3 Courtois, Bard, 2007

  4. KeeLoq and Algebraic Cryptanalysis Algebraic Cryptanalysis [Shannon] Breaking a « good » cipher should require: “as much work as solving a system of simultaneous equations in a large number of unknowns of a complex type” [Shannon, 1949] 4 Courtois, Bard, 2007

  5. KeeLoq and Algebraic Cryptanalysis KeeLoq Encryption Block Cipher •Highly unbalanced Feistel •528 rounds •32-bit block / state •64-bit key •1 bit updated / round •1 key bit / round only ! Sliding property: periodic cipher with period 64. 5 Courtois, Bard, 2007

  6. KeeLoq and Algebraic Cryptanalysis Algebraic Attacks on KeeLoq We have found MANY attacks. One is particularly simple: 6 Courtois, Bard, 2007

  7. KeeLoq and Algebraic Cryptanalysis KeeLoq and Sliding Classical Sliding Attack [Grossman-Tuckerman 1977]: • Take 2 n/2 known plaintexts (here n=32, easy !) • We have a “slid pair” (P i ,P j ) s.t. 64 64 64 64 16 rounds rounds rounds rounds r P i P j C i 64 64 64 64 16 rounds rounds rounds rounds r P j C i C j Classical sliding fails – because of the “odd” 16 rounds: 7 Courtois, Bard, 2007

  8. KeeLoq and Algebraic Cryptanalysis Classical Sliding – Not Easy Classical Sliding Attack [Grossman - Tuckerman 1977]: Classical Sliding Attack [Grossman- -Tuckerman 1977]: Tuckerman 1977]: Classical Sliding Attack [Grossman n/2 known plaintexts (here n/2 • Take 2 known plaintexts (here n=32 , easy !) • Take 2 2 n/2 known plaintexts (here n=32 n=32, easy !) , easy !) • Take • We have a “ slid pair ” (P , P ) . • We have a “ “slid pair slid pair” ” (P (P i ,P P j ). . • We have a i , j ) i j 512 528 64 64 64 64 16 rounds rounds rounds rounds r P i P j C i 464 528 64 64 64 64 16 rounds rounds rounds rounds r P j C i C j HARD - Problem: What’s the values here ? 8 Courtois, Bard, 2007

  9. KeeLoq and Algebraic Cryptanalysis Algebraic Sliding Answer [our attack]: 512 528 64 64 64 64 16 rounds rounds rounds rounds r P i P j C i 464 528 64 64 64 64 16 rounds rounds rounds rounds r P j C i C j We don’t care !!!!! 9 Courtois, Bard, 2007

  10. KeeLoq and Algebraic Cryptanalysis Algebraic Attack: We are able to use C i ,C j directly ! Merge 2 systems of equations: 0 16 512 528 64 64 64 64 16 32 32 bits bits rounds rounds rounds rounds r P i P j C i ignore all these ! 464 528 64 64 64 64 16 32 32 bits bits rounds rounds rounds rounds r P j C i C j common 64-bit key 10 Courtois, Bard, 2007

  11. KeeLoq and Algebraic Cryptanalysis System of Equations 64-bit key. Two pairs on 32 bits. Just enough information. Attack: • Write an MQ system. • Gröbner Bases methods – miserably fail. • Convert to a SAT problem • [Cf. Courtois, Jefferson, Bard eprint/2007/024/]. • Solve it. • Takes 2.3 seconds on a PC with MiniSat 2.0. 11 Courtois, Bard, 2007

  12. KeeLoq and Algebraic Cryptanalysis Attack Summary: Given about 2 16 KP. We try all 2 32 pairs (P i ,P j ). • If OK, it takes 2.3 seconds to find the 64-bit key. • If no result - early abort. Total attack complexity about 2 64 CPU clocks which is about 2 53 KeeLoq encryptions. KeeLoq is badly broken. Practical attack, tested and implemented. 12 Courtois, Bard, 2007

  13. KeeLoq and Algebraic Cryptanalysis Other Attacks Our fastest attack: about 2 37 KeeLoq encryptions, but more KP, see: See eprint.iacr.org/2007/062/ 13 Courtois, Bard, 2007

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Attacks on the KeeLoq Block Cipher and Authentication Systems Andrey Bogdanov Chair for

Attacks on the KeeLoq Block Cipher and Authentication Systems Andrey Bogdanov Chair for

Attacks on the KeeLoq Block Cipher and Authentication Systems Andrey Bogdanov Chair for Communication Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de www.crypto.rub.de Abstract. KeeLoq is a block cipher used in numerous

143 views • 13 slides
A Practical Attack on KeeLoq Sebastiaan Indesteege 1 Nathan Keller 2 Orr Dunkelman 1 Eli Biham 3

A Practical Attack on KeeLoq Sebastiaan Indesteege 1 Nathan Keller 2 Orr Dunkelman 1 Eli Biham 3

Introduction Our Attacks Practice Conclusions A Practical Attack on KeeLoq Sebastiaan Indesteege 1 Nathan Keller 2 Orr Dunkelman 1 Eli Biham 3 Bart Preneel 1 1 Dept. ESAT/SCD-COSIC, K.U.Leuven, Belgium. 2 Einstein Institute of Mathematics,

806 views • 38 slides
Algebraic attacks and decomposition of Boolean functions Willi Meier 1 and Enes Pasalic 2 and

Algebraic attacks and decomposition of Boolean functions Willi Meier 1 and Enes Pasalic 2 and

Algebraic attacks and decomposition of Boolean functions Willi Meier 1 and Enes Pasalic 2 and Claude Carlet 2 1 FH Aargau, Switzerland 2 INRIA, Rocquencourt, France Overview Algebraic attacks in general ... and on LFSR-based stream

316 views • 27 slides
Practical Algebraic Attacks on the HITAG2 TM Stream Cipher Nicolas T. Courtois 1 Sean O Neil 2

Practical Algebraic Attacks on the HITAG2 TM Stream Cipher Nicolas T. Courtois 1 Sean O Neil 2

Practical Algebraic Attacks on the HITAG2 TM Stream Cipher Nicolas T. Courtois 1 Sean O Neil 2 Jean-Jacques Quisquater 3 1 - University College London, UK 2 - VEST Corporation, France 3 - Universit Catholique de Louvain, Belgium Algebraic

995 views • 61 slides
Fourth Grade Number Sense and Algebraic Concepts 2015-11-23 www.njctl.org Slide 3 / 308 Slide

Fourth Grade Number Sense and Algebraic Concepts 2015-11-23 www.njctl.org Slide 3 / 308 Slide

Slide 1 / 308 Slide 2 / 308 Fourth Grade Number Sense and Algebraic Concepts 2015-11-23 www.njctl.org Slide 3 / 308 Slide 4 / 308 Table of Contents Click on a topic Vocabulary words are identified with a dotted underline. to go to that

709 views • 52 slides
CSC 530 Lecture Notes Week 10 Algebraic Semantics CSC530-S02-L10 Slide 2 I. A grand vision. A.

CSC 530 Lecture Notes Week 10 Algebraic Semantics CSC530-S02-L10 Slide 2 I. A grand vision. A.

CSC530-S02-L10 Slide 1 CSC 530 Lecture Notes Week 10 Algebraic Semantics CSC530-S02-L10 Slide 2 I. A grand vision. A. Algebraic semantics intended to have a wide scope. B. In is grandest form, its a unifying the- oretical framework for:

532 views • 23 slides
Evolutionary Computation Techniques for Constructing SAT-based Attacks in Algebraic Cryptanalysis

Evolutionary Computation Techniques for Constructing SAT-based Attacks in Algebraic Cryptanalysis

Evolutionary Computation Techniques for Constructing SAT-based Attacks in Algebraic Cryptanalysis Artem Pavlenko , Alexander Semenov, Vladimir Ulyantsev {alpavlenko,ulyantsev}@corp.ifmo.ru ITMO University, St. Petersburg, Russia ISDCT SB RAS,

431 views • 25 slides
Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly Qingju

Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly Qingju

Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly Qingju Wang 1 Yonglin Hao 2 Yosuke Todo 3 Chaoyun Li 4 Takanori Isobe 5 Willi Meier 6 1 SnT, University of Luxembourg, LU 2 State Key Laboratory of

577 views • 46 slides
A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of Defense Technology Deshuai Dong 2009-8-26 Outline Preliminaries on Boolean functions Algebraic attacks and Algebraic immunity The

465 views • 46 slides
Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended

Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended

Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended Validation CS 142 Lecture Notes: Security Attacks: Phishing Slide 2 Obviously Illegitimate http://rusprory.mass.hc.ru/old_site/update/index.php CS

550 views • 10 slides
Algebraic Attacks on Stream Ciphers Trial Lecture Rune Steinsmo degrd Centre for

Algebraic Attacks on Stream Ciphers Trial Lecture Rune Steinsmo degrd Centre for

Algebraic Attacks on Stream Ciphers Trial Lecture Rune Steinsmo degrd Centre for Quantifiable Quality of Service in Communication Systems Centre of Excellence NTNU, Norway NTNU, Trondheim, 2012-04-23 www.q2s.ntnu.no Rune Steinsmo

716 views • 49 slides
New Slide Attacks on Almost Self-Similar Ciphers Orr Dunkelman, Nathan Keller, Noam Lasry, Adi

New Slide Attacks on Almost Self-Similar Ciphers Orr Dunkelman, Nathan Keller, Noam Lasry, Adi

Intro SelfSimilar New Summary New Slide Attacks on Almost Self-Similar Ciphers Orr Dunkelman, Nathan Keller, Noam Lasry, Adi Shamir Eurocrypt 2020 Orr Dunkelman New Slide Attacks on Almost Self-Similar Ciphers 1/ 28 Intro SelfSimilar

819 views • 40 slides
What is Algebra? Return to Table of Contents Slide 5 / 191 The word "algebra" is

What is Algebra? Return to Table of Contents Slide 5 / 191 The word "algebra" is

Slide 1 / 191 Slide 2 / 191 5th Grade Algebraic Concepts 2015-10-16 www.njctl.org Slide 3 / 191 click on the topic to go Table of Contents to that section What is Algebra? Order of Operations Grouping Symbols Writing Simple

1.16k views • 68 slides
Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide content (Vern Paxson) Misleading users Browser assumes that clicks and keystrokes = clear indication of what the user wants to do Constitutes

567 views • 24 slides
Algebraic Attacks and Stream Ciphers Mikko Kiviharju Helsinki University of Technology

Algebraic Attacks and Stream Ciphers Mikko Kiviharju Helsinki University of Technology

T-79.514 Special Course on Cryptology November 25 th , 2004 Algebraic Attacks and Stream Ciphers Mikko Kiviharju Helsinki University of Technology mkivihar@cc.hut.fi T-79.514 Special Course on Cryptology Mikko Kiviharju 1 Overview

493 views • 28 slides
Attacks and Countermeasures for White-box Designs Alex Biryukov, Aleksei Udovenko CSC and SnT,

Attacks and Countermeasures for White-box Designs Alex Biryukov, Aleksei Udovenko CSC and SnT,

Attacks and Countermeasures for White-box Designs Alex Biryukov, Aleksei Udovenko CSC and SnT, University of Luxembourg December 5, 2018 Plan 1 Introduction 2 Attacks on Masked White-box Implementations 3 Countermeasures 4 Algebraic Security 0

797 views • 53 slides
ETD Implementation Copenhagen Airport Presentation Monday 26 th of January to Board of Airlines

ETD Implementation Copenhagen Airport Presentation Monday 26 th of January to Board of Airlines

ETD Implementation Copenhagen Airport Presentation Monday 26 th of January to Board of Airlines representatives in Denmark (BARD) Security 26-01-2015 ETD Implementation Copenhagen Airport The threat Islamic State ACI and national

424 views • 8 slides
3 Spaces VERNITA PETERS PET15449442 B3 DESIGNERS LEVI ROOTS CARIBBEAN SMOKEHOUSE B3 Designers

3 Spaces VERNITA PETERS PET15449442 B3 DESIGNERS LEVI ROOTS CARIBBEAN SMOKEHOUSE B3 Designers

Enterprise & Professional Practice 3 Spaces VERNITA PETERS PET15449442 B3 DESIGNERS LEVI ROOTS CARIBBEAN SMOKEHOUSE B3 Designers Interior Design & Branding Unit 302 Metropolitan Wharf 70 Wapping Wall LONDON E1W 3SS 020 7729

269 views • 10 slides
02 LIVES IN A CO-OP BA3 Studio, Fall 2019 Instructors: Johanna Muszbek, Pietro Pezzani, Dave

02 LIVES IN A CO-OP BA3 Studio, Fall 2019 Instructors: Johanna Muszbek, Pietro Pezzani, Dave

02 LIVES IN A CO-OP BA3 Studio, Fall 2019 Instructors: Johanna Muszbek, Pietro Pezzani, Dave King Individual Site: Golden Lane Estate, London 2 Floor Area: 4,000 m Critics: Alexandros Kallegias, Neil Jackson, Nicholas Ray, Richard Partington

320 views • 7 slides
AIM Radio Apps: Manage your online presence like a pro! The future of radio broadcasting is

AIM Radio Apps: Manage your online presence like a pro! The future of radio broadcasting is

Broadcast Electronics AIM Radio Apps: Manage your online presence like a pro! The future of radio broadcasting is Digital! HD Radio AM and FM offer so much: Simultaneous legacy analog transition period Clean, clear audio

455 views • 24 slides
Madison Street Festival 2019 Grant Committee Selections 2019 Grant Applications Total Amount of

Madison Street Festival 2019 Grant Committee Selections 2019 Grant Applications Total Amount of

Madison Street Festival 2019 Grant Committee Selections 2019 Grant Applications Total Amount of money going back tO Madison City $7,223 14 Grants awarded for 2019 Discovery Middle School- Leslie Hughes Grant will fund dry erase tables and

309 views • 17 slides
Musical Theatre Song: A Comprehensive Course In Selection, Preparation, And Presentation For The

Musical Theatre Song: A Comprehensive Course In Selection, Preparation, And Presentation For The

Musical Theatre Song: A Comprehensive Course In Selection, Preparation, And Presentation For The Modern Performer (Performance Books) Ebook Gratuit Musical Theatre Song is a handbook for musical theatre performers, providing them with the

295 views • 4 slides
Executive Office of the Mayor FY 2017 Request for Applications Pre- Bidders Conference

Executive Office of the Mayor FY 2017 Request for Applications Pre- Bidders Conference

MAYORS OFFICE OF VICTIM SERVICES & JUSTICE GRANTS GOVERNMENT OF THE DISTRICT OF COLUMBIA Executive Office of the Mayor FY 2017 Request for Applications Pre- Bidders Conference Thursday, April 28, 2016 1 Brenda Aleman Program

362 views • 14 slides
Tim Warman President FORWARD-LOOKING INFORMATION AND QUALIFIED PERSON This presentation contains

Tim Warman President FORWARD-LOOKING INFORMATION AND QUALIFIED PERSON This presentation contains

High-Grade Gold Post-PEA Low-Risk Jurisdiction Low Capex August 2014 Tim Warman President FORWARD-LOOKING INFORMATION AND QUALIFIED PERSON This presentation contains forward looking information which may include, but is not

429 views • 26 slides

More recommend