Cryptanalysis of the DECT Standard Cipher

The DECT Standard Cipher (DSC) is a proprietary 64-bit stream cipher based on irregularly clocked LFSRs and a non-linear output combiner. The cipher is meant to provide confidentiality for cordless telephony. This paper illustrates how the DSC was reverse-engineered from a hardware implementation using custom firmware and information on the structure of the cipher gathered from a patent. Beyond disclosing the DSC, the paper proposes a practical attack against DSC that recovers the secret key from 215 keystreams on a standard PC with a success rate of 50% within hours; somewhat faster when a CUDA graphics adapter is available.

[1]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[2]  Thomas Johansson,et al.  Another attack on A5/1 , 2003, IEEE Trans. Inf. Theory.

[3]  Eli Biham,et al.  Differential Cryptanalysis in Stream Ciphers , 2007, IACR Cryptol. ePrint Arch..

[4]  Alexander Maximov,et al.  An Improved Correlation Attack on A5/1 , 2004, Selected Areas in Cryptography.

[5]  Marc Fischlin,et al.  Topics in Cryptology – CT-RSA 2009 , 2009 .

[6]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[7]  Erik Tews,et al.  Attacks on the DECT Authentication Mechanisms , 2009, CT-RSA.

[8]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[9]  Martijn Stam,et al.  Selected Areas in Cryptography – SAC 2015 , 2015, Lecture Notes in Computer Science.

[10]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[11]  Eli Biham,et al.  Conditional Estimators: An Effective Attack on A5/1 , 2005, Selected Areas in Cryptography.

[12]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, Journal of Cryptology.