Movatterモバイル変換

[0]ホーム
URL:

Skip to main content

Advertisement

Springer Nature Link
Log in

Real Time Cryptanalysis of A5/1 on a PC

  • Conference paper
  • First Online:

Part of the book series:Lecture Notes in Computer Science ((LNCS,volume 1978))

Included in the following conference series:

Abstract

A5/1 is the strong version of the encryption algorithm used by about 130 million GSM customers in Europe to protect the over-the-air privacy of their cellular voice and data communication. The best published attacks against it require between 240 and 245 steps. This level of security makes it vulnerable to hardware-based attacks by large organizations, but not to software-based attacks on multiple targets by hackers.

In this paper we describe new attacks on A5/1, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets. After a 248 parallelizable data preparation stage (which has to be carried out only once), the actual attacks can be carried out in real time on a single PC.

The first attack requires the output of the A5/1 algorithm during the first two minutes of the conversation, and computes the key in about one second. The second attack requires the output of the A5/1 algorithm during about two seconds of the conversation, and computes the key in several minutes. The two attacks are related, but use different types of time-memory tradeoffs. The attacks were verified with actual implementations, except for the preprocessing stage which was extensively sampled rather than completely executed.

REMARK: We based our attack on the version of the algorithm which was derived by reverse engineering an actual GSM telephone and published at http://www.scard.org. We would like to thank the GSM organization for graciously confirming to us the correctness of this unofficial description. In addition, we would like to stress that this paper considers the narrow issue of the cryptographic strength of A5/1, and not the broader issue of the practical security of fielded GSM systems, about which we make no claims.

Similar content being viewed by others

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. R. Anderson, M. Roe,A5,http://jya.com/crack-a5.htm, 1994.

  2. S. Babbage,A Space/Time Tradeoff in Exhaustive Search Attacks on Stream Ciphers, European Convention on Security and Detection, IEE Conference publication, No. 408, May 1995.

    Google Scholar 

  3. M. Briceno, I. Goldberg, D. Wagner, A pedagogical implementation of A5/1,http://www.scard.org, May 1999.

  4. J. Golic,Cryptanalysis of Alleged A5 Stream Cipher, proceedings of EUROCRYPT’97, LNCS 1233, pp.239–255, Springer-Verlag 1997.

    Google Scholar 

  5. M. E. Hellman,A Cryptanalytic Time-Memory Trade-Off, IEEE Transactions on Information Theory, Vol. IT-26,N4, pp.401–406, July 1980.

    Article MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science department, The Weizmann Institute, 76100, Rehovot, Israel

    Alex Biryukov & Adi Shamir

  2. Computer Science department, University of California, CA 94720, Berkeley, USA

    David Wagner

Authors
  1. Alex Biryukov

    You can also search for this author inPubMed Google Scholar

  2. Adi Shamir

    You can also search for this author inPubMed Google Scholar

  3. David Wagner

    You can also search for this author inPubMed Google Scholar

Editor information

Editors and Affiliations

  1. Karlsruhe University, Germany

    Gerhard Goos

  2. Cornell University, NY, USA

    Juris Hartmanis

  3. Utrecht University, The Netherlands

    Jan van Leeuwen

  4. Counterpane Internet Security, Inc., 3031 Tisch Way, Suite 100PE, CA 95128, San Jose, USA

    Bruce Schneier

Rights and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Biryukov, A., Shamir, A., Wagner, D. (2001). Real Time Cryptanalysis of A5/1 on a PC. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds) Fast Software Encryption. FSE 2000. Lecture Notes in Computer Science, vol 1978. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44706-7_1

Download citation

Publish with us

[8]ページ先頭
©2009-2025 Movatter.jp