Synchronization Fault Cryptanalysis for Breaking A5/1

A5/1 pseudo-random bit generator, known from GSM networks, potentially might be used for different purposes, such as secret hiding during cryptographic hardware testing, stream encryption in piconets and others. The main advantages of A5/1 are low cost and a fixed output ratio. We show that a hardware implementation of A5/1 and similar constructions must be quite careful. It faces a danger of a new kind of attack, which significantly reduces possible keyspace, allowing full recovery of A5/1 internal registers' content. We use “fault analysis” strategy: we disturb the A5/1 encrypting device (namely, clocking of the LFSR registers) so it produces an incorrect keystream, and through error analysis we deduce the state of the internal registers. If a secret material is used to initialize the generator, like in GSM, this may enable recovering the secret. The attack is based on unique properties of the clocking scheme used by A5/1, which is the basic security component of this construction. The computations that have to be performed in our attack are about 100 times faster than in the cases of the previous fault-less cryptanalysis methods.

[1]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[2]  Michael Ganley,et al.  Encryption algorithms , 1992 .

[3]  Yervant Zorian,et al.  2001 Technology Roadmap for Semiconductors , 2002, Computer.

[4]  Marc Joye,et al.  Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[5]  Bimal Roy,et al.  Progress in Cryptology —INDOCRYPT 2000 , 2002, Lecture Notes in Computer Science.

[6]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[7]  Eltayeb Salih Abuelyaman,et al.  Differential Fault Analysis , 2005, International Conference on Internet Computing.

[8]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[9]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[10]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[11]  Hugo Krawczyk,et al.  The Shrinking Generator , 1994, CRYPTO.

[12]  Eli Biham,et al.  Cryptanalysis of the A5/1 GSM Stream Cipher , 2000, INDOCRYPT.

[13]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[14]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, CRYPTO.

[15]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[16]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[17]  Jovan Dj. Golic,et al.  Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[18]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.