A Real-World Attack Breaking A5/1 within Hours

Authors:
Timo Gendrullis;Martin Novotný;Andy Rupp
Affiliations:
Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany;Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany;Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany
Venue:
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Year:
2008

Citing 7
Cited 2

Cryptanalysis of the A5/1 GSM Stream Cipher

INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Real Time Cryptanalysis of A5/1 on a PC

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Software-Hardware Trade-Offs: Application to A5/1 Cryptanalysis

CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
An improved correlation attack on a5/1

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Breaking ciphers with COPACOBANA –a cost-optimized parallel code breaker

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Conditional estimators: an effective attack on A5/1

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography

Solving binary linear equation systems over the rationals and binaries

WAIFI'12 Proceedings of the 4th international conference on Arithmetic of Finite Fields
Slid pairs in the initialisation of the A5/1 stream cipher

AISC '13 Proceedings of the Eleventh Australasian Information Security Conference - Volume 138

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we present a real-world hardware-assisted attack on the well-known A5/1 stream cipher which is (still) used to secure GSM communication in most countries all over the world. During the last ten years A5/1 has been intensively analyzed [1,2,3,4,5,6,7]. However, most of the proposed attacks are just of theoretical interest since they lack from practicability -- due to strong preconditions, high computational demands and/or huge storage requirements -- or have never been fully implemented.In contrast to these attacks, our attack which is based on the work by Keller and Seitz [8] is running on an existing special-purpose hardware device, called COPACOBANA [9]. With the knowledge of only 64 bits of keystream the machine is able to reveal the corresponding internal 64-bit state of the cipher in about 6 hours on average. We provide a detailed description of our attack architecture as well as implementation results.