Advertisement

On Related-Key Attacks and KASUMI: The Case of A5/3

  • Phuong Ha Nguyen
  • Matthew J. B. Robshaw
  • Huaxiong Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7107)

Abstract

Due to its widespread deployment in mobile telephony, the block cipher KASUMI is a prominent target for cryptanalysts. While the cipher offers excellent resistance to differential and linear cryptanalysis, in the related-key model there have been several impressive cryptanalytic results. In this paper we revisit these related-key attacks and highlight a small, but important, detail in the specification of KASUMI for the algorithm A5/3; namely that a 64- and not a 128-bit session key is used. We show that existing related-key attacks on KASUMI in the literature are (negatively) impacted by this feature and we provide evidence that repairing these attacks will be difficult.

Keywords

Block-cipher KASUMI A5/3 related-key attack 64-bit key version of KASUMI 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barkan, E., Biham, E., Keller, N.: Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Dunkelman, O., Keller, N.: A Related-Key Rectangle Attack on the Full KASUMI. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 443–461. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: The Rectangle Attack - Rectangling the Serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Dunkelman, O., Keller, N.: New Results on Boomerang and Rectangle Attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)CrossRefzbMATHGoogle Scholar
  6. 6.
    Biryukov, A., Shamir, A., Wagner, D.: Real Time Cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 37–44. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Blunden, M., Escott, A.: Related Key Attacks on Reduced Round KASUMI. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 277–285. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Dunkelman, O., Keller, N., Shamir, A.: A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 393–410. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    ETSI. TS 135 202 V7.0.0: Universal Mobile Telecommunications System (UMTS); Specification of the 3GPP confidentiality and integrity algorithms; Document 2: KASUMI specification (3GPP TS 35.202 version 7.0.0 Release 7), http://www.etsi.org
  10. 10.
    ETSI. TS 55.216 V6.2.0: 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the A5/3 Encryption Algorithms for GSM and ECSD, and the GEA3 Encryption Algorithm for GPRS; Document 1: A5/3 and GEA3 Specifications (Release 6), http://www.etsi.org
  11. 11.
    ETSI. TS 55.919 V6.1.0: 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the A5/3 Encryption Algorithms for GSM and ECSD, and the GEA3 Encryption Algorithm for GPRS; Document 4: Design and evaluation report (Release 6), http://www.etsi.org
  12. 12.
    ETSI. 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the A5/4 Encryption Algorithms for GSM and ECSD, and the GEA4 Encryption Algorithm for GPRS (Release 9), http://www.etsi.org
  13. 13.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED Block Cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Kelsey, J., Kohno, T., Schneier, B.: Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 75–93. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Kim, J., Hong, S., Preneel, B., Biham, E., Dunkelman, O., Keller, N.: Related-key boomerang and rectangle attacks, http://eprint.iacr.org/2010/019.pdf
  16. 16.
    Kühn, U.: Cryptanalysis of Reduced-Round MISTY. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 325–339. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Kühn, U.: Improved Cryptanalysis of MISTY1. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 61–75. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  19. 19.
    Matsui, M.: New Block Encryption Algorithm MISTY. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 54–68. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  20. 20.
    National Security Agency (NSA). SKIPJACK and KEA algorithm specifications (May 1998), http://csrc.ncsl.nist.gov/encryption/skipjack-1.pdf
  21. 21.
    Rivest, R.L.: The RC5 encryption algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 86–96. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  22. 22.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Phuong Ha Nguyen
    • 1
  • Matthew J. B. Robshaw
    • 2
  • Huaxiong Wang
    • 1
  1. 1.Nanyang Technological UniversitySingapore
  2. 2.Applied Cryptography GroupOrange LabsFrance

Personalised recommendations