An Improved SCARE Cryptanalysis Against a Secret A3/A8 GSM Algorithm

  • Christophe Clavier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4812)


Side-channel analysis has been recognized for several years as a practical and powerful means to reveal secret keys of publicly known cryptographic algorithms. Rarely this kind of cryptanalysis has been applied to reverse engineer a non-trivial part of the specifications of a proprietary algorithm. The target here is no more one’s secret key value but the undisclosed specifications of the cryptographic algorithm itself.

In [8], Novak described how to recover the content of one (out of two) substitution table of a secret instance of the A3/A8 algorithm, the authentication and session key generation algorithm for GSM networks. His attack presents however two drawbacks from a practical viewpoint. First, in order to retrieve one substitution table (T 2), the attacker must know the content of an other one (T 1). Second, the attacker must also know the value of the secret key K.

In this paper, we improve on Novak’s cryptanalysis and show how to retrieve both substitution tables (T 1 and T 2) without any prior knowledge about the secret key. Furthermore, our attack also recovers the secret key.

With this contribution, we intend to present a practical SCARE (Side Channel Analysis for Reverse Engineering) attack, anticipate a growing interest for this new area of side-channel signal exploitation, and remind, if needed, that security cannot be achieved by obscurity alone.


GSM Authentication A3/A8 Reverse Engineering Substitution Table Side Channel Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Daudigny, R., Ledig, H., Muller, F., Valette, F.: SCARE of the DES. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 393–406. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Erdös, P., Rnyi, A.: On the evolution of random graphs, Magyar Tud. Akad. Mat. Kut. Int. Kzl. 5, 17–61 (1960)zbMATHGoogle Scholar
  5. 5.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  6. 6.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  8. 8.
    Novak, R.: Side-Channel Attack on Substitution Blocks. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 307–318. Springer, Heidelberg (2003)Google Scholar
  9. 9.
    Schramm, K., Leander, G., Felke, P., Paar, C.: A Collision-Attack on AES Combining Side Channel- and Differential-Attack. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 163–175. Springer, Heidelberg (2004)Google Scholar
  10. 10.
    Schramm, K., Wollinger, T., Paar, C.: A New Class of Collision Attacks and its Application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Quisquater, J-J., Samyde, D.: A new tool for non-intrusive analysis of smart cards based on electro-magnetic emissions, the SEMA and DEMA methods. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 14–18. Springer, Heidelberg (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Christophe Clavier
    • 1
  1. 1.Gemalto, Security Labs, La Vigie, Avenue du Jujubier, ZI Athélia IV, F-13705 La Ciotat CedexFrance

Personalised recommendations