Cryptanalysis of the A5/1 GSM Stream Cipher
INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Real Time Cryptanalysis of A5/1 on a PC
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Software-Hardware Trade-Offs: Application to A5/1 Cryptanalysis
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
An improved correlation attack on a5/1
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Breaking ciphers with COPACOBANA –a cost-optimized parallel code breaker
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Conditional estimators: an effective attack on A5/1
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Solving binary linear equation systems over the rationals and binaries
WAIFI'12 Proceedings of the 4th international conference on Arithmetic of Finite Fields
Slid pairs in the initialisation of the A5/1 stream cipher
AISC '13 Proceedings of the Eleventh Australasian Information Security Conference - Volume 138
Hi-index | 0.00 |
In this paper we present a real-world hardware-assisted attack on the well-known A5/1 stream cipher which is (still) used to secure GSM communication in most countries all over the world. During the last ten years A5/1 has been intensively analyzed [1,2,3,4,5,6,7]. However, most of the proposed attacks are just of theoretical interest since they lack from practicability -- due to strong preconditions, high computational demands and/or huge storage requirements -- or have never been fully implemented.In contrast to these attacks, our attack which is based on the work by Keller and Seitz [8] is running on an existing special-purpose hardware device, called COPACOBANA [9]. With the knowledge of only 64 bits of keystream the machine is able to reveal the corresponding internal 64-bit state of the cipher in about 6 hours on average. We provide a detailed description of our attack architecture as well as implementation results.