Cryptanalysis of GSM Encryption in 2G/3G Networks Without Rainbow Tables

  • Bin ZhangEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11923)


The GSM standard developed by ETSI for 2G networks adopts the A5/1 stream cipher to protect the over-the-air privacy in cell phone and has become the de-facto global standard in mobile communications, though the emerging of subsequent 3G/4G standards. There are many cryptanalytic results available so far and the most notable ones share the need of a heavy pre-computation with large rainbow tables or distributed cracking network. In this paper, we present a fast near collision attack on GSM encryption in 2G/3G networks, which is completely new and more threatening compared to the previous best results. We adapt the fast near collision attack proposed at Eurocrypt 2018 with the concrete irregular clocking manner in A5/1 to have a state recovery attack with a low complexity. It is shown that if the first 64 bits of one keystream frame are available, the secret key of A5/1 can be reliably found in \(2^{31.79}\) cipher ticks, given around 1 MB memory and after the pre-computation of \(2^{20.26}\) cipher ticks. Our current implementation clearly certified the validity of the suggested attack. Due to the fact that A5/3 and GPRS share the same key with A5/1, this can be converted into attacks against any GSM network eventually.


Cryptanalysis GSM A5/1 Near collision 



The author would like to thank the anonymous reviewers for very helpful comments and Yanyi Liu, Hui Peng and Di Zhai for the discussions on the topic. This work is supported by the National Key R&D Research programm (Grant No. 2017YFB0802504), the program of the National Natural Science Foundation of China (Grant No. 61572482), National Cryptography Development Fund (Grant No. MMJJ20170107) and National Grand Fundamental Research 973 Programs of China (Grant No. 2013CB338002).


  1. 1.
    Barkan, E., Biham, E.: Conditional estimators: an effective attack on A5/1. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 1–19. Springer, Heidelberg (2006). Scholar
  2. 2.
    Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003). Scholar
  3. 3.
    Biham, E., Dunkelman, O.: Cryptanalysis of the A5/1 GSM stream cipher. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 43–51. Springer, Heidelberg (2000). Scholar
  4. 4.
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000). Scholar
  5. 5.
    Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001). Scholar
  6. 6.
    Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of A5/1, May 1999.
  7. 7.
    Ekdahl, P., Johansson, T.: Another attack on A5/1. IEEE Trans. Inf. Theory 49(1), 284–289 (2003)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Gendrullis, T., Novotný, M., Rupp, A.: A real-world attack breaking A5/1 within hours. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 266–282. Springer, Heidelberg (2008). Scholar
  9. 9.
    Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997). Scholar
  10. 10.
    Koch, P.C.: Cryptanalysis of stream ciphers-analysis and application of the near collision attack for stream ciphers. Technical University of Denmark, Master thesis supervisor, Christian Rechberger, pp. 111–122, November 2013Google Scholar
  11. 11.
    Lu, J., Li, Z., Henricksen, M.: Time–memory trade-off attack on the GSM A5/1 stream cipher using commodity GPGPU. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 350–369. Springer, Cham (2015). Scholar
  12. 12.
    Maximov, A., Johansson, T., Babbage, S.: An improved correlation attack on A5/1. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 1–18. Springer, Heidelberg (2004). Scholar
  13. 13.
    Nohl, K.: Attacking phone privacy. In: Black Hat USA 2010 Lecture Notes (2010).
  14. 14.
    Pornin, T., Stern, J.: Software-hardware trade-offs: application to A5/1 cryptanalysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 318–327. Springer, Heidelberg (2000). Scholar
  15. 15.
    Zhang, B., Li, Z., Feng, D., Lin, D.: Near collision attack on the grain v1 stream cipher. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 518–538. Springer, Heidelberg (2014). Scholar
  16. 16.
    Zhang, B., Xu, C., Meier, W.: Fast near collision attack on the grain v1 stream cipher. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 771–802. Springer, Cham (2018). Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.TCA, SKLCSInstitute of Software, Chinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of CryptologyBeijingChina
  3. 3.University of Chinese Academy of SciencesBeijingChina
  4. 4.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of SciencesBeijingChina

Personalised recommendations