Another attack on A5/1

  title={Another attack on A5/1},
  author={Patrik Ekdahl and Thomas Johansson},
  journal={IEEE Trans. Inf. Theory},
A5/1 is a stream cipher used in the Global System for Mobile Communications (GSM) standard. Several time-memory tradeoff attacks against A5/1 have been proposed, most notably the attack by Biryukov, Shamir and Wagner (1978), which can break A5/1 in seconds using huge precomputation time and memory. This article presents a completely different attack on A5/1, based on ideas from correlation attacks. Whereas time-memory tradeoff attacks have a complexity which is exponential with the shift… 

Figures and Tables from this paper

An improved attack on A5/1

A5/1 is a stream cipher used in GSM to provide over-the-air communication privacy and an improvement on Biham and Dunkelman's attack is identification and elimination of useless states from the precomputed table.

A time memory trade off attack against A5/1 algorithm

Two types of attacks against the GSM security algorithm, A5/1, are discussed, which obtain the initial state of the LFSRs just after the encryption key (Kc) and frame number are loaded, in the light of known plaintext.

Basic correlation attack on A5/H

  • M. EralpE. AnarimI. Erguler
  • Computer Science
    Proceedings of the IEEE 13th Signal Processing and Communications Applications Conference, 2005.
  • 2005
A new method, called basic correlation attack, makes complexity of the attack almost independent of the lengths of shift registers and makes it possible to break A5 with a 5-7 minutes of GSM conversation.

A modified stream generator for the GSM encryption algorithms A5/1 and A5/2

It is shown that known attacks techniques become impractical by changing just the clocking mechanism of the shift registers used in the algorithms, and security improvements to the vulnerabilities of the algorithms are offered.

A New Guess-and-Determine Attack on the A5/1

A new attack on the A5/1 stream cipher with an average time complexity of 2^(48.5), which is much less than the brute-force attack, which has a 100% success rate and requires about 5.65GB storage.

Side-Channel Attack on the A5/1 Stream Cipher

This paper presents cryptanalysis of the A5/1 stream cipher used in GSM mobile phones, and presents the attack for recovering secret key based on the information on clocking bits of LFSRs that was deduced from power analysis.

Two Trivial Attacks on A5/1:A GSM Stream Cipher

This paper compared previous attacks on A5/1 as well as an algebraic attack and a new improved guess and determine attack is proposed.

Slid Pairs in the Initialisation of the A5/1 Stream Cipher

A sliding property of the A5/1 cipher is demonstrated, where every valid internal state is also a legitimate loaded state and multiple key-IV pairs produce phase shifted keystream sequences.

A Bitslice Implementation of Anderson’s Attack on A5/1

Using commonly available GPUs this method can quite efficiently recover the secret key using only 64 bits of keystream, and can be made even more efficient by harnessing the computing power of modern Graphics Processing Units (GPUs).

Cryptanalysis of GSMEncryption AlgorithmA5/1

A method for identification and elimination of useless states from the pre-computed tables and a new approach to access the table in the online phase of the attack which reduces the time complexity to 2 and the required memory in half are proposed.



Real Time Cryptanalysis of A5/1 on a PC

New attacks on A5/1 are described, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets, which make it vulnerable to hardware-based attacks by large organizations, but not to software- based attacks on multiple targets by hackers.

Cryptanalysis of Alleged A5 Stream Cipher

A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream sequence is pointed out, and a so-called internal state reversion attack is proposed and analyzed by the theory of critical and subcritical branching processes.

Cryptanalysis of the A5/1 GSM Stream Cipher

A5/1 is the stream cipher used in most European countries in order to ensure privacy of conversations on GSM mobile phones and is the best known result with respect to the total work complexity.

Fast correlation attacks on certain stream ciphers

Two new correlation attacks are presented to determine the initial digits of a, provided that the numbert of feedback taps is small, and are demonstrated to be successful against shift registers of considerable lengthk (typically,k=1000).

BDD-Based Cryptanalysis of Keystream Generators

An nO(1)2(1-?)/(1+?)n time bounded attack against LFSR-based generators, which computes the secret initial state x ? {0, 1}n from cn consecutive keystream bits, where a denotes the rate of information, which C reveals about the internal bitstream, and c denotes some small constant.

Handbook of Applied Cryptography

From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of

Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes

New methods for fast correlation attacks, based on the theory of convolutional codes, are described, which can be applied to arbitrary LFSR feedback polynomials, in opposite to the previous methods, which mainly focus on feedback poynomials of low weight.



A pedagogical implementation of A5/1

  • A pedagogical implementation of A5/1
  • 1999

98) was born in Malmö He received his M.Sc. in Electrical Engineering from Lund University

  • May 1998 he became a graduate student at the Department of Information
  • 1972