# Another attack on A5/1

@article{Ekdahl2003AnotherAO, title={Another attack on A5/1}, author={Patrik Ekdahl and Thomas Johansson}, journal={IEEE Trans. Inf. Theory}, year={2003}, volume={49}, pages={284-289} }

A5/1 is a stream cipher used in the Global System for Mobile Communications (GSM) standard. Several time-memory tradeoff attacks against A5/1 have been proposed, most notably the attack by Biryukov, Shamir and Wagner (1978), which can break A5/1 in seconds using huge precomputation time and memory. This article presents a completely different attack on A5/1, based on ideas from correlation attacks. Whereas time-memory tradeoff attacks have a complexity which is exponential with the shift…

## 157 Citations

### An improved attack on A5/1

- Computer Science2011 8th International ISC Conference on Information Security and Cryptology
- 2011

A5/1 is a stream cipher used in GSM to provide over-the-air communication privacy and an improvement on Biham and Dunkelman's attack is identification and elimination of useless states from the precomputed table.

### A time memory trade off attack against A5/1 algorithm

- Computer ScienceProceedings of the IEEE 12th Signal Processing and Communications Applications Conference, 2004.
- 2004

Two types of attacks against the GSM security algorithm, A5/1, are discussed, which obtain the initial state of the LFSRs just after the encryption key (Kc) and frame number are loaded, in the light of known plaintext.

### Basic correlation attack on A5/H

- Computer ScienceProceedings of the IEEE 13th Signal Processing and Communications Applications Conference, 2005.
- 2005

A new method, called basic correlation attack, makes complexity of the attack almost independent of the lengths of shift registers and makes it possible to break A5 with a 5-7 minutes of GSM conversation.

### A modified stream generator for the GSM encryption algorithms A5/1 and A5/2

- Computer Science2005 13th European Signal Processing Conference
- 2005

It is shown that known attacks techniques become impractical by changing just the clocking mechanism of the shift registers used in the algorithms, and security improvements to the vulnerabilities of the algorithms are offered.

### A New Guess-and-Determine Attack on the A5/1

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

A new attack on the A5/1 stream cipher with an average time complexity of 2^(48.5), which is much less than the brute-force attack, which has a 100% success rate and requires about 5.65GB storage.

### Side-Channel Attack on the A5/1 Stream Cipher

- Computer Science, Mathematics2019 22nd Euromicro Conference on Digital System Design (DSD)
- 2019

This paper presents cryptanalysis of the A5/1 stream cipher used in GSM mobile phones, and presents the attack for recovering secret key based on the information on clocking bits of LFSRs that was deduced from power analysis.

### Two Trivial Attacks on A5/1:A GSM Stream Cipher

- Computer Science, MathematicsArXiv
- 2013

This paper compared previous attacks on A5/1 as well as an algebraic attack and a new improved guess and determine attack is proposed.

### Slid Pairs in the Initialisation of the A5/1 Stream Cipher

- Computer Science, MathematicsAISC
- 2013

A sliding property of the A5/1 cipher is demonstrated, where every valid internal state is also a legitimate loaded state and multiple key-IV pairs produce phase shifted keystream sequences.

### A Bitslice Implementation of Anderson’s Attack on A5/1

- Computer Science
- 2018

Using commonly available GPUs this method can quite efficiently recover the secret key using only 64 bits of keystream, and can be made even more efficient by harnessing the computing power of modern Graphics Processing Units (GPUs).

### Cryptanalysis of GSMEncryption AlgorithmA5/1

- Computer Science
- 2013

A method for identification and elimination of useless states from the pre-computed tables and a new approach to access the table in the online phase of the attack which reduces the time complexity to 2 and the required memory in half are proposed.

## References

SHOWING 1-10 OF 10 REFERENCES

### Real Time Cryptanalysis of A5/1 on a PC

- Computer ScienceFSE
- 2000

New attacks on A5/1 are described, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets, which make it vulnerable to hardware-based attacks by large organizations, but not to software- based attacks on multiple targets by hackers.

### Cryptanalysis of Alleged A5 Stream Cipher

- Computer ScienceEUROCRYPT
- 1997

A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream sequence is pointed out, and a so-called internal state reversion attack is proposed and analyzed by the theory of critical and subcritical branching processes.

### Cryptanalysis of the A5/1 GSM Stream Cipher

- Computer Science, MathematicsINDOCRYPT
- 2000

A5/1 is the stream cipher used in most European countries in order to ensure privacy of conversations on GSM mobile phones and is the best known result with respect to the total work complexity.

### Fast correlation attacks on certain stream ciphers

- Computer Science, MathematicsJournal of Cryptology
- 2005

Two new correlation attacks are presented to determine the initial digits of a, provided that the numbert of feedback taps is small, and are demonstrated to be successful against shift registers of considerable lengthk (typically,k=1000).

### BDD-Based Cryptanalysis of Keystream Generators

- Computer Science, MathematicsEUROCRYPT
- 2001

An nO(1)2(1-?)/(1+?)n time bounded attack against LFSR-based generators, which computes the secret initial state x ? {0, 1}n from cn consecutive keystream bits, where a denotes the rate of information, which C reveals about the internal bitstream, and c denotes some small constant.

### Handbook of Applied Cryptography

- Computer Science, Mathematics
- 1996

From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of…

### Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes

- Computer ScienceEUROCRYPT
- 1999

New methods for fast correlation attacks, based on the theory of convolutional codes, are described, which can be applied to arbitrary LFSR feedback polynomials, in opposite to the previous methods, which mainly focus on feedback poynomials of low weight.

### VIII. BIOGRAPHIES

- VIII. BIOGRAPHIES

### A pedagogical implementation of A5/1

- A pedagogical implementation of A5/1
- 1999

### 98) was born in Malmö He received his M.Sc. in Electrical Engineering from Lund University

- May 1998 he became a graduate student at the Department of Information
- 1972