Skip to main content
SpringerLink
Log in

On the Correctness of Security Proofs for the 3GPP Confidentiality and Integrity Algorithms

  • Conference paper
Cryptography and Coding (Cryptography and Coding 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2898))

Included in the following conference series:

Abstract

f8 and f9 are standardized by 3GPP to provide confidentiality and integrity, respectively. It was claimed that f8 and f9′ are secure if the underlying block cipher is a PseudoRandom Permutation (PRP), where f9′ is a slightly modified version of f9. In this paper, however, we disprove both claims by showing a counterexample. We first construct a PRP F with the following property: There is a constant Cst such that for any key K, F K(·)=\(F{^{-1}_{K\oplus{\tt cst}}}(\cdot)\). We then show that f8 and f9′ are completely insecure if F is used as the underlying block cipher. Therefore, PRP assumption does not necessarily imply the security of f8 and f9′, and it is impossible to prove their security under PRP assumption. It should be stressed that these results do not imply the original f8 and f9 (with KASUMI as the underlying block cipher) are insecure, or broken. They simply undermine their provable security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 3GPP TS 35.201 v 3.1.1. Specification of the 3GPP confidentiality and integrity algorithms, Document 1: f8 and f9 specification, Available at, http://www.3gpp.org/tb/other/algorithms.htm

  2. 3GPP TS 35.202 v 3.1.1. Specification of the 3GPP confidentiality and integrity algorithms, Document 2: KASUMI specification, Available at, http://www.3gpp.org/tb/other/algorithms.htm

  3. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of the 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 394–405. IEEE, Los Alamitos (1997)

    Chapter  Google Scholar 

  4. Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)

    Google Scholar 

  5. Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Bellare, M., Rogaway, P., Wagner, D.: A conventional authenticated-encryption mode. See Cryptology ePrint Archive, Report 2003/069., http://eprint.iacr.org/

  7. Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  8. Evaluation report (version 2.0). Specification of the 3GPP confidentiality and integrity algorithms, Report on the evaluation of 3GPP confidentiality and integrity algorithms, Available at http://www.3gpp.org/tb/other/algorithms.htm

  9. Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Hong, D., Kang, J.-S., Preneel, B., Ryu, H.: A concrete security analysis for 3GPP-MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 163–178. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 137–162. Springer, Heidelberg (2003), See http://crypt.cis.ibaraki.ac.jp/

    Chapter  Google Scholar 

  12. Kang, J.-S., Shin, S.-U., Hong, D., Yi, O.: Provable security of KASUMI and 3GPP encryption mode f8. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 255–271. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Knudsen, L.R., Mitchell, C.J.: Analysis of 3gpp-MAC and two-key 3gpp-MAC. Discrete Applied Mathematics 128(1), 181–191 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  14. Kohno, T., Viega, J., Whiting, D.: The CWC authenticated encryption (associated data) mode. See Cryptology ePrint Archive, Report 2003/106, http://eprint.iacr.org/

  15. Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  16. Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of ACM Conference on Computer and Communications Security, ACM CCS 2001, ACM, New York (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Sciences, Ibaraki University, 4–12–1 Nakanarusawa, Hitachi, Ibaraki, 316-8511, Japan

    Tetsu Iwata & Kaoru Kurosawa

Authors
  1. Tetsu Iwata
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kaoru Kurosawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, TW20 0EX, Egham, Surrey, U.K.

    Kenneth G. Paterson

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Iwata, T., Kurosawa, K. (2003). On the Correctness of Security Proofs for the 3GPP Confidentiality and Integrity Algorithms. In: Paterson, K.G. (eds) Cryptography and Coding. Cryptography and Coding 2003. Lecture Notes in Computer Science, vol 2898. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40974-8_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-40974-8_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20663-7

  • Online ISBN: 978-3-540-40974-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation