Cryptanalysis of Alleged A5 Stream Cipher

  • Jovan Dj. Golić
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1233)


A binary stream cipher, known as A5, consisting of three short LFSRs of total length 64 that are mutually clocked in the stop/go manner is cryptanalyzed. It is allegedly used in the GSM standard for digital cellular mobile telephones. Very short keystream sequences are generated from different initial states obtained by combining a 64-bit secret session key and a known 22-bit public key. A basic divide-and-conquer attack recovering the unknown initial state from a known keystream sequence is first introduced. It exploits the specific clocking rule used and has average computational complexity around 240. A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream sequence is then pointed out. The attack is successful if T · M ≥ 263.32, where T and M are the required computational time and memory (in 128-bit words), respectively. The precomputation time is O(M) and the required number of known keystream sequences generated from different public keys is about T/102. For example, one can choose T ≈ 227.67 and M ≈ 235.65. To obtain the secret session key from the determined internal state, a so-called internal state reversion attack is proposed and analyzed by the theory of critical and subcritical branching processes.


Internal State Stream Cipher Keystream Generator Vectorial Boolean Function Birthday Paradox 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R. J. Anderson, Internet communication.Google Scholar
  2. 2.
    K. B. Athreya and P. E. Ney, Branching Processes. Berlin: Springer-Verlag, 1972.zbMATHGoogle Scholar
  3. 3.
    J. Daemen, R. Govaerts, and J. Vandewalle, “Resynchronization weakness in synchronous stream ciphers,” Advances in Cryptology — EUROCRYPT’ 92, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pp. 159–167, 1994.Google Scholar
  4. 4.
    J. Dj. Golić and M. J. Mihaljević, “A generalized correlation attack on a class of stream ciphers based on the Levenshtein distance,” Journal of Cryptology, vol. 3(3), pp. 201–212, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    J. Dj. Golić, “On the security of shift register based keystream generators,” Fast Software Encryption — Cambridge’ 93, Lecture Notes in Computer Science, vol. 809, R. J. Anderson ed., Springer-Verlag, pp. 90–100, 1994.Google Scholar
  6. 6.
    J. Dj. Golić, “Towards fast correlation attacks on irregularly clocked shift registers,” Advances in Cryptology — EUROCRYPT’ 95, Lecture Notes in Computer Science, vol. 921, L. C. Guillou and J.-J. Quisquater eds., Springer-Verlag, pp. 248–262, 1995.Google Scholar
  7. 7.
    J. Dj. Golić, “Linear models for keystream generators,” IEEE Trans. Computers, vol. C-45, pp. 41–49, Jan. 1996.Google Scholar
  8. 8.
    J. Dj. Golić, “On the security of nonlinear filter generators,” Fast Software Encryption — Cambridge’ 96, Lecture Notes in Computer Science, vol. 1039, D. Gollmann ed., Springer-Verlag, pp. 173–188, 1996.Google Scholar
  9. 9.
    J. Dj. Golić, A. Clark, and E. Dawson, “Generalized inversion attack on nonlinear filter generators,” submitted.Google Scholar
  10. 10.
    T. H. Harris, The Theory of Branching Processes. Berlin: Springer-Verlag, 1963.zbMATHGoogle Scholar
  11. 11.
    R. Menicocci, “Cryptanalysis of a two-stage Gollmann cascade generator,” Proceedings of SPRC’ 93, Rome, Italy, pp. 62–69, 1993.Google Scholar
  12. 12.
    R. A. Rueppel, “Stream ciphers,” Contemporary Cryptology: The Science of Information Integrity, G. Simmons ed., pp. 65–134. New York: IEEE Press, 1991.Google Scholar
  13. 13.
    B. Schneier, Applied Cryptography. New York: Wiley, 1996.Google Scholar
  14. 14.
    S. Shepherd and W. Chambers, private communication.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Jovan Dj. Golić
    • 1
  1. 1.School of Electrical EngineeringUniversity of BelgradeBeogradYugoslavia

Personalised recommendations