Abstract
The core of the 3rd Generation Partnership Project (3GPP) encryption standard 128-EEA3 is a stream cipher called ZUC. It was designed by the Chinese Academy of Sciences and proposed for inclusion in the cellular wireless standards called “Long Term Evolution” or “4G”. The LFSR-based cipher uses a 128-bit key. In this paper, we first show timing attacks on ZUC that can recover, with about 71.43% success rate, (i) one bit of the secret key immediately, and (ii) information involving 6 other key bits. The time, memory and data requirements of the attacks are negligible. While we see potential improvements to the attacks, we also suggest countermeasures.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Adams, C.M.: Constructing Symmetric Ciphers Using the CAST Design Procedure. Designs, Codes and Cryptography 12, 283–316 (1997)
Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for Step-Reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578–597. Springer, Heidelberg (2009)
Bellare, M., Kohno, T.: Hash Function Balance and Its Impact on Birthday Attacks. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 401–418. Springer, Heidelberg (2004)
Bernstein, D.J.: Cache-timing attacks on AES, Preprint (April 14, 2005), http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Carter, J.L., Wegman, M.N.: Universal Classes of Hash Functions. Journal of Computer and System Sciences 18(2), 143–154 (1979)
Data Assurance and Communication Security Research Center: “Workshop Presentations”. First International Workshop on ZUC Algorithm, December 02-03 (2010), http://www.dacas.cn/zuc10/
Data Assurance and Communication Security Research Center: Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 1: 128-EEA3 and 128-EIA3 Specification. ETSI/SAGE Specification, Version 1.5 (Latest) (January 04, 2011), http://www.gsmworld.com/documents/EEA3_EIA3_specification_v1_5.pdf
Data Assurance and Communication Security Research Center: Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification. ETSI/SAGE Specification, Version 1.5 (Latest) (January 04, 2011), http://gsmworld.com/documents/EEA3_EIA3_ZUC_v1_5.pdf
Fuhr, T., Gilbert, H., Reinhard, J.-R., Videau, M.: A Forgery Attack on the Candidate LTE Integrity Algorithm 128-EIA3. Cryptology ePrint Archive, Report 2010/618 (December 08, 2010), http://eprint.iacr.org/2010/618.pdf
Isobe, T., Shibutani, K.: Preimage Attacks on Reduced Tiger and SHA-2. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 139–155. Springer, Heidelberg (2009)
Leander, G., Zenner, E., Hawkes, P.: Cache Timing Analysis of LFSR-Based Stream Ciphers. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 433–445. Springer, Heidelberg (2009)
Massey, J.L.: An Introduction to Contemporary Cryptology. Proceedings of the IEEE 76(5), 533–549 (1988)
National Institute of Standards and Technology: US Department of Commerce, “Secure Hash Standard (SHS)”. Federal Information Processing Standards Publication, FIPS PUB 180-3 (October 2008), http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf
Nyberg, K., Wallén, J.: Improved Linear Distinguishers for SNOW 2.0. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 144–162. Springer, Heidelberg (2006)
Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES (Extended Version) (revised November 20, 2005), http://www.osvik.no/pub/cache.pdf ; Original version: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Sarkar, P.: On Approximating Addition by Exclusive OR. Cryptology ePrint Archive, Report 2009/047 (February 03, 2009), http://eprint.iacr.org/2009/047.pdf
Sekar, G., Paul, S., Preneel, B.: New Weaknesses in the Keystream Generation Algorithms of the Stream Ciphers TPy and Py. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 249–262. Springer, Heidelberg (2007)
Shannon, C.E.: Communication Theory of Secrecy Systems. Bell Systems Technical Journal 28(4), 656–715 (1949)
Staffelbach, O., Meier, W.: Cryptographic Significance of the Carry for Ciphers Based on Integer Addition. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 602–614. Springer, Heidelberg (1991)
Wu, H., Nguyen, P.H., Wang, H., Ling, S.: Cryptanalysis of the Stream Cipher ZUC in the 3GPP Confidentiality & Integrity Algorithms 128-EEA3 & 128-EIA3. Presentation at the Rump Session of ASIACRYPT 2010 (December 07, 2010), http://www.spms.ntu.edu.sg/Asiacrypt2010/Rump%20Session-%207%20Dec%202010/wu_rump_zuc.pdf
Gosudarstvennyi Standard: Cryptographic Protection for Data Processing Systems. Government Committee of the USSR for Standards, GOST 28147-89 (1989)
Zenner, E.: A Cache Timing Analysis of HC-256. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 199–213. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sekar, G. (2012). The Stream Cipher Core of the 3GPP Encryption Standard 128-EEA3: Timing Attacks and Countermeasures. In: Wu, CK., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2011. Lecture Notes in Computer Science, vol 7537. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34704-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-34704-7_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34703-0
Online ISBN: 978-3-642-34704-7
eBook Packages: Computer ScienceComputer Science (R0)