CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the A5/1 GSM Stream Cipher
INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Real Time Cryptanalysis of A5/1 on a PC
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Random Fault Attack against Shrinking Generator
Algorithmic Aspects of Wireless Sensor Networks
Fault Analysis of Rabbit: Toward a Secret Key Leakage
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Side channel attacks on irregularly decimated generators
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Fault cryptanalysis and the shrinking generator
WEA'06 Proceedings of the 5th international conference on Experimental Algorithms
Hi-index | 0.00 |
A5/1 pseudo-random bit generator, known from GSM networks, potentially might be used for different purposes, such as secret hiding during cryptographic hardware testing, stream encryption in piconets and others. The main advantages of A5/1 are low cost and a fixed output ratio. We show that a hardware implementation of A5/1 and similar constructions must be quite careful. It faces a danger of a new kind of attack, which significantly reduces possible keyspace, allowing full recovery of A5/1 internal registers' content. We use “fault analysis” strategy: we disturb the A5/1 encrypting device (namely, clocking of the LFSR registers) so it produces an incorrect keystream, and through error analysis we deduce the state of the internal registers. If a secret material is used to initialize the generator, like in GSM, this may enable recovering the secret. The attack is based on unique properties of the clocking scheme used by A5/1, which is the basic security component of this construction. The computations that have to be performed in our attack are about 100 times faster than in the cases of the previous fault-less cryptanalysis methods.