Cryptanalysis of Alleged A5 Stream Cipher
نویسنده
چکیده
A binary stream cipher, known as A5, consisting of three short LFSRs of total length 64 that are mutually clocked in the stop/go manner is cryptanalyzed. It is allegedly used in the GSM standard for digital cellular mobile telephones. Very short keystream sequences are generated from different initial states obtained by combining a 64-bit secret session key and a known 22-bit public key. A basic divide-and-conquer attack recovering the unknown initial state from a known keystream sequence is first introduced. It exploits the specific clocking rule used and has average computational complexity around 240. A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream sequence is then pointed out. The attack is successful if T · M > 263.32 where T and M are the required computational time and memory (in 128-bit words), respectively. The precomputation time is O(M) and the required number of known keystream sequences generated from different public keys is about T/102. For example, one can choose T ~ 227.67 and M ~ 2 35.65. To obtain the secret session key from the determined internal state, a so-called internal state reversion attack is proposed and analyzed by the theory of critical and subcritical branching processes. ["~" here means approximately] 1 of 20 9/13/00 10:50 AM Cryptanalysis of Alleged A5 Stream Cipher / On Random Mappings and Random Permutations file:///D|/CRYPT-00041.html
منابع مشابه
Cryptanalysis of GSM encryption algorithm A5/1
The A5/1 algorithm is one of the most famous stream cipher algorithms used for over-the-air communication privacy in GSM. The purpose of this paper is to analyze several weaknesses of A5/1, including an improvement to an attack and investigation of the A5/1 state transition. Biham and Dunkelman proposed an attack on A5/1 with a time and data complexity of 239.91and 221.1, ...
متن کاملCryptanalysis of Stream Cipher Alpha1
Komninos, Honary and Darnell recently proposed stream cipher Alpha1. Alpha1 is based on A5/1 and is claimed to be much safer than A5/1. However Alpha1 is insecure: a 29-bit feedback shift register could be recovered with about 3000 known plaintext bits with O(2) operations. The rest of the message could be recovered in the broadcast application in which the same message is encrypted with differ...
متن کاملSoftware-Hardware Trade-Offs: Application to A5/1 Cryptanalysis
This paper shows how a well-balanced trade-off between a generic workstation and dumb but fast reconfigurable hardware can lead to a more efficient implementation of a cryptanalysis than a full hardware or a full software implementation. A realistic cryptanalysis of the A5/1 GSM stream cipher is presented as an illustration of such trade-off. We mention that our cryptanalysis requires only a mi...
متن کاملTwo Trivial Attacks on A5/1:A GSM Stream Cipher
Stream ciphers play an important role in those applications where high throughput remains critical and resources are very restricted e.g. in Europe and North America, A5/1 is widely used stream cipher that ensure confidentiality of conversations in GSM mobile phones. However careful security analysis of such cipher is very important due to widespread practical applicability. The basic building ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1997