Advertisement

Reducing the Collision Probability of Alleged Comp128

  • Helena Handschuh
  • Pascal Paillier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1820)

Abstract

Wagner, Goldberg and Briceno have recently published an attack [2] on what they believe to be Comp128, the GSM A3A8 authentication function [1]. Provided that the attacker has physical access to the card and to its secret PIN code (the card has to be activated), this chosen plaintext attack recovers the secret key of the personalized SIM (Secure Identification Module) card by inducing collisions on the second (out of 40) round of the compression function. In this paper we suggest two different approaches to strengthen the alleged Comp128 algorithm with respect to this attack. An evaluation of the number of chosen plaintexts and the new complexity of the attack are given.

Keywords

Alleged Comp128 chosen plaintext attack authentication compression function cryptanalysis smart cards GSM 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Helena Handschuh
    • 1
    • 2
  • Pascal Paillier
    • 1
    • 2
  1. 1.Cryptography DepartmentGEMPLUSIssy-Les Moulineaux
  2. 2.Computer Science DepartmentENSTParis Cedex 13

Personalised recommendations