Synchronization Fault Cryptanalysis for Breaking A5/1

  • Marcin Gomułkiewicz
  • Mirosław Kutyłowski
  • Heinrich Theodor Vierhaus
  • Paweł Wlaź
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3503)

Abstract

A5/1 pseudo-random bit generator, known from GSM networks, potentially might be used for different purposes, such as secret hiding during cryptographic hardware testing, stream encryption in piconets and others. The main advantages of A5/1 are low cost and a fixed output ratio.

We show that a hardware implementation of A5/1 and similar constructions must be quite careful. It faces a danger of a new kind of attack, which significantly reduces possible keyspace, allowing full recovery of A5/1 internal registers’ content. We use “fault analysis” strategy: we disturb the A5/1 encrypting device (namely, clocking of the LFSR registers) so it produces an incorrect keystream, and through error analysis we deduce the state of the internal registers. If a secret material is used to initialize the generator, like in GSM, this may enable recovering the secret. The attack is based on unique properties of the clocking scheme used by A5/1, which is the basic security component of this construction.

The computations that have to be performed in our attack are about 100 times faster than in the cases of the previous fault-less cryptanalysis methods.

Keywords

fault cryptanalysis A5/1 GSM LFSR 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Allan, A., Edenfield, D., Joyner, W.H., Kahng, A.B., Roger, M., Zorian, Y.: 2001 Technology Roadmap for Semiconductors. IEEE Computers, 42–53 (2002)Google Scholar
  2. 2.
    Barkan, E., Biham, E., Keller, N.: Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Biham, E., Dunkelman, O.: Cryptanalysis of the A5/1 GSM stream cipher. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 43–51. Springer, Heidelberg (2000)Google Scholar
  5. 5.
    Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of A5/1 and A5/2 “voice privacy” encryption algorithms (1999), http://cryptome.org/gsm-a512.htm
  8. 8.
    Coppersmith, D., Krawczyk, H., Mansour, Y.: The Shrinking Generator. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–39. Springer, Heidelberg (1994)Google Scholar
  9. 9.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Dj Golič, J.: Cryptanalysis of Alleged A5 Stream Cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)Google Scholar
  11. 11.
    Gomułkiewicz, M., Kutyłowski, M., Wlaź, P.: Fault Cryptanalysis for Breaking A5/1. to appear in Tatra Mountains Mathematical PublicationsGoogle Scholar
  12. 12.
    Gomułkiewicz, M., Kutyłowski, M., Vierhaus, H.T., Wlaź, P.: Synchronization Fault Cryptanalysis for Breaking A5/1. Appendix (2005), http://kutylowski.im.pwr.wroc.pl/a5/ or http://mat.pol.lublin.pl/a5/
  13. 13.
    Joyce, M., Lenstra, A.K., Quisquater, J.-J.: Chinese Remaindering Based Cryptosystems in the Presence of Faults. J. of Cryptology 12(4), 241–245 (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Marcin Gomułkiewicz
    • 1
  • Mirosław Kutyłowski
    • 1
  • Heinrich Theodor Vierhaus
    • 2
  • Paweł Wlaź
    • 3
  1. 1.Wrocław University of Technology 
  2. 2.Brandenburg University of TechnologyCottbus
  3. 3.Lublin University of Technology 

Personalised recommendations