Advertisement

Conditional Estimators: An Effective Attack on A5/1

  • Elad Barkan
  • Eli Biham
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3897)

Abstract

Irregularly-clocked linear feedback shift registers (LFSRs) are commonly used in stream ciphers. We propose to harness the power of conditional estimators for correlation attacks on these ciphers. Conditional estimators compensate for some of the obfuscating effects of the irregular clocking, resulting in a correlation with a considerably higher bias. On GSM’s cipher A5/1, a factor two is gained in the correlation bias compared to previous correlation attacks. We mount an attack on A5/1 using conditional estimators and using three weaknesses that we observe in one of A5/1’s LFSRs (known as R2). The weaknesses imply a new criterion that should be taken into account by cipher designers. Given 1500–2000 known-frames (about 4.9–9.2 conversation seconds of known keystream), our attack completes within a few tens of seconds to a few minutes on a PC, with a success rate of about 91%. To complete our attack, we present a source of known-keystream in GSM that can provide the keystream for our attack given 3–4 minutes of GSM ciphertext, transforming our attack to a ciphertext-only attack.

Keywords

Linear Feedback Stream Cipher Incoming Edge European Telecommunication Standard Institute Previous Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Anderson, R.J.: On Fibonacci Keystream Generators. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 346–352. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  2. 2.
    Dijkstra, E.W.: A Note on Two Problems in Connexion with Graphs. Numerische Mathematik 1, 269–271 (1959)MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Dunkelman, O.: Cryptanalysis of the A5/1 GSM Stream Cipher. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 43–51. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Biryukov, A., Shamir, A., Wagner, D.: Real Time Cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of the GSM A5/1 and A5/2 “voice privacy” encryption algorithms (1999), http://cryptome.org/gsm-a512.htm (originally on http://www.scard.org)
  7. 7.
    Ekdahl, P., Johansson, T.: Another Attack on A5/1. IEEE Transactions on Information Theory 49(1), 284–289 (2003)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    European Telecommunications Standards Institute (ETSI), Digital cellular telecommunications system (Phase 2+); Mobile radio interface; Layer 3 specification, TS 100 940 (GSM 04.08), http://www.etsi.org
  9. 9.
    Golic, J.: Cryptanalysis of Alleged A5 Stream Cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  10. 10.
    Hoffman, W., Pavley, R.: A Method for the Solution of the Nth Best Path Problem. Journal of the ACM (JACM) 6(4), 506–514 (1959)CrossRefMATHGoogle Scholar
  11. 11.
    Maximov, A., Johansson, T., Babbage, S.: An improved correlation attack on A5/1. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 1–18. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Meier, W., Staffelbach, O.: Fast Correlation Attacks on Certain Stream Ciphers. Journal of Cryptology 1(3), 159–176 (1989)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Siegenthaler, T.: Decrypting a Class of Stream Ciphers Using Ciphertext Only. IEEE Transactions on Computers 49(1), 81–85 (1985)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Elad Barkan
    • 1
  • Eli Biham
    • 1
  1. 1.Computer Science DepartmentTechnion – Israel Institute of TechnologyHaifaIsrael

Personalised recommendations