Abstract
A binary stream cipher, known as A5, consisting of three short LFSRs of total length 64 that are mutually clocked in the stop/go manner is cryptanalyzed. It is allegedly used in the GSM standard for digital cellular mobile telephones. Very short keystream sequences are generated from different initial states obtained by combining a 64-bit secret session key and a known 22-bit public key. A basic divide-and-conquer attack recovering the unknown initial state from a known keystream sequence is first introduced. It exploits the specific clocking rule used and has average computational complexity around 240. A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream sequence is then pointed out. The attack is successful if T · M ≥ 263.32, where T and M are the required computational time and memory (in 128-bit words), respectively. The precomputation time is O(M) and the required number of known keystream sequences generated from different public keys is about T/102. For example, one can choose T ≈ 227.67 and M ≈ 235.65. To obtain the secret session key from the determined internal state, a so-called internal state reversion attack is proposed and analyzed by the theory of critical and subcritical branching processes.
This work was done while the author was with the Information Security Research Centre, Queensland University of Technology, Brisbane, Australia. Part of this work was carried out while the author was on leave at the Isaac Newton Institute for Mathematical Sciences, Cambridge, United Kingdom. This research was supported in part by the Science Fund of Serbia, grant #04M02, through the Mathematical Institute, Serbian Academy of Science and Arts.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
R. J. Anderson, Internet communication.
K. B. Athreya and P. E. Ney, Branching Processes. Berlin: Springer-Verlag, 1972.
J. Daemen, R. Govaerts, and J. Vandewalle, “Resynchronization weakness in synchronous stream ciphers,” Advances in Cryptology — EUROCRYPT’ 92, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pp. 159–167, 1994.
J. Dj. Golić and M. J. Mihaljević, “A generalized correlation attack on a class of stream ciphers based on the Levenshtein distance,” Journal of Cryptology, vol. 3(3), pp. 201–212, 1991.
J. Dj. Golić, “On the security of shift register based keystream generators,” Fast Software Encryption — Cambridge’ 93, Lecture Notes in Computer Science, vol. 809, R. J. Anderson ed., Springer-Verlag, pp. 90–100, 1994.
J. Dj. Golić, “Towards fast correlation attacks on irregularly clocked shift registers,” Advances in Cryptology — EUROCRYPT’ 95, Lecture Notes in Computer Science, vol. 921, L. C. Guillou and J.-J. Quisquater eds., Springer-Verlag, pp. 248–262, 1995.
J. Dj. Golić, “Linear models for keystream generators,” IEEE Trans. Computers, vol. C-45, pp. 41–49, Jan. 1996.
J. Dj. Golić, “On the security of nonlinear filter generators,” Fast Software Encryption — Cambridge’ 96, Lecture Notes in Computer Science, vol. 1039, D. Gollmann ed., Springer-Verlag, pp. 173–188, 1996.
J. Dj. Golić, A. Clark, and E. Dawson, “Generalized inversion attack on nonlinear filter generators,” submitted.
T. H. Harris, The Theory of Branching Processes. Berlin: Springer-Verlag, 1963.
R. Menicocci, “Cryptanalysis of a two-stage Gollmann cascade generator,” Proceedings of SPRC’ 93, Rome, Italy, pp. 62–69, 1993.
R. A. Rueppel, “Stream ciphers,” Contemporary Cryptology: The Science of Information Integrity, G. Simmons ed., pp. 65–134. New York: IEEE Press, 1991.
B. Schneier, Applied Cryptography. New York: Wiley, 1996.
S. Shepherd and W. Chambers, private communication.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Golić, J.D. (1997). Cryptanalysis of Alleged A5 Stream Cipher. In: Fumy, W. (eds) Advances in Cryptology — EUROCRYPT ’97. EUROCRYPT 1997. Lecture Notes in Computer Science, vol 1233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-69053-0_17
Download citation
DOI: https://doi.org/10.1007/3-540-69053-0_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-62975-7
Online ISBN: 978-3-540-69053-5
eBook Packages: Springer Book Archive