KeeLoq密码Courtois攻击方法的分析和修正.pdfVIP

第 31 卷第 4 期 电 子 与 信 息 学 报 Vol.31No.4 2009 年 4 月 Journal of Electronics Information Technology Apr. 2009 KeeLoq 密码 Courtois 攻击方法的分析和修正 张 斌 王秋艳 金晨辉 (信息工程大学电子技术学院 郑州 450004) 摘 要：KeeLoq 密码是由 Willem Smit 设计的分组密码算法，广泛应用于汽车的无线门锁装置。Courtois 等人在 2007 年提出了破译 KeeLoq 的4 种滑动-代数攻击方法，其中第 4 种滑动-代数攻击方法的计算复杂性最小。本文证 明了 Courtois 的第 4 种滑动-代数攻击方法的攻击原理是错误的，因而无法实现对 KeeLoq 的破译。此外，本文还 对该方法进行了修正，提出了改进的攻击方法，利用232 个已知明文能够以 O(248 ) 次加密的计算复杂性求出 KeeLoq 密码的密钥，成功率为 1。对于 KeeLoq 密码 26％的密钥，其连续 64 圈圈函数形成的复合函数至少具有两个不动 点，此时改进的攻击方法的计算复杂性还可降至O(243 ) 次加密。 关键词：密码分析；KeeLoq 密码；滑动-代数攻击；不动点 中图分类号：TN918.1 文献标识码：A 文章编号：1009-5896(2009)04-0946-04 Analysis and Correction of Courtois Attack to KeeLoq Cipher Zhang Bin Wang Qiu-yan Jin Chen-hui (Electronic Technology Institute, Information Engineering University, Zhengzhou 450004, China) Abstract: KeeLoq is a block cipher designed by Willem Smit which is used in wireless devices that unlock doors in cars. Four slide-algebraic attacks that can break KeeLoq in practice are presented by Courtois et al. in 2007. The computing complexity of the fourth slide-algebraic attack is the smallest. However, the principle of Courtois’ fourth slide-algebraic attack is proved to be wrong in this thesis, so it can not break KeeLoq. The correction is made on Courtois’ fourth slide-algebraic attack and the improving attack is proposed. With 232 known plaintexts, the computing complexity of the improving attack is about O(248 ) KeeLoq encryptions for obtaining key and the success rate is 1. For 26 ％ of keys in KeeLoq, the first 64 rounds of KeeLoq have 2 or more fixed points, then the computing complex