3GPP TR 55.919 V6.1.0 (2002-12) Technical Report 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the A5/3 Encryption Algorithms for GSM and ECSD, and the GEA3 Encryption Algorithm for GPRS; Document 4: Design and evaluation report (Release 6) R GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS The present document has been developed within the 3rd Generation Partnership Project (3GPP TM) and may be further elaborated for the purposes of 3GPP. The present document has not been subject to any approval process by the 3GPP Organizational Partners and shall not be implemented. This Specification is provided for future development work within 3GPP only. The Organizational Partners accept no liability for any use of this Specification. Specifications and reports for implementation of the 3GPP TM system should be obtained via the 3GPP Organizational Partners' Publications Offices. Release 6 2 3GPP TR 55.919 V6.1.0 (2002-12) Keywords GSM, GPRS, security, algorithm 3GPP Postal address 3GPP support office address 650 Route des Lucioles - Sophia Antipolis Valbonne - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Internet http://www.3gpp.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. © 2002, 3GPP Organizational Partners (ARIB, CWTS, ETSI, T1, TTA, TTC). All rights reserved. 3GPP Release 6 3 3GPP TR 55.919 V6.1.0 (2002-12) Contents Foreword ............................................................................................................................................................5 Introduction ........................................................................................................................................................5 1 Scope........................................................................................................................................................6 2 References................................................................................................................................................6 3 Abbreviations ...........................................................................................................................................7 4 Structure of this report..............................................................................................................................8 5 Background to the design and evaluation work .......................................................................................8 6 Summary of algorithm requirements........................................................................................................8 6.1 Use of the algorithm................................................................................................................................................ 8 6.2 Types of implementation......................................................................................................................................... 9 6.3 Type and parameters of algorithm........................................................................................................................... 9 6.4 Implementation and operational considerations .................................................................................................... 10 6.4.1 GSM/ECSD ..................................................................................................................................................... 10 6.4.2 GPRS ............................................................................................................................................................... 10 6.4.3 Implementation complexity ............................................................................................................................. 10 6.5 Security of the algorithm....................................................................................................................................... 11 7 Design and Evaluation Criteria ..............................................................................................................11 7.1 Design Criteria: ..................................................................................................................................................... 11 7.2 Evaluation criteria ................................................................................................................................................. 11 8 GSM A5/3 and GEA3 Encryption Algorithms ......................................................................................11 8.1 KASUMI ............................................................................................................................................................... 12 8.2 Confidentiality function KGCORE ....................................................................................................................... 13 9 Rationale for the chosen design .............................................................................................................13 9.1 General comments................................................................................................................................................. 13 9.2 Design Policy of MISTY1..................................................................................................................................... 14 9.3 Changes from MISTY1 to KASUMI .................................................................................................................... 15 9.3.1 Data Encryption Part........................................................................................................................................ 15 9.3.2 Key Scheduling Part ........................................................................................................................................ 15 9.4 Rationale for the A5/3 and GEA3 design.............................................................................................................. 16 10 Algorithm evaluation .............................................................................................................................16 10.1 Properties of KASUMI components................................................................................................................ 17 10.1.1 FL function ...................................................................................................................................................... 17 10.1.2 FI function ....................................................................................................................................................... 17 10.1.3 The S7 box....................................................................................................................................................... 17 10.1.4 The S9 box....................................................................................................................................................... 17 10.1.5 Key schedule.................................................................................................................................................... 17 10.1.6 Statistical testing of components ..................................................................................................................... 18 10.2 Analysis of KASUMI as a generic 64-bits block cipher.................................................................................. 18 10.2.1 Differential cryptanalysis................................................................................................................................. 18 10.2.2 Linear cryptanalysis......................................................................................................................................... 19 10.2.3 Higher order differential attacks ...................................................................................................................... 19 10.3 Implementation attacks.................................................................................................................................... 20 10.3.1 Statistical evaluation of KASUMI................................................................................................................... 20 10.4 Analysis of the encryption mode used for A5/3 and GEA3............................................................................. 21 10.4.1 Distinguishing attacks on A5/3 and GEA3...................................................................................................... 21 10.5 External evaluation .......................................................................................................................................... 21 10.6 Complexity evaluation..................................................................................................................................... 22 11 Quality control .......................................................................................................................................22 11.1 Algorithm approval.......................................................................................................................................... 22 11.2 Specification testing......................................................................................................................................... 22 3GPP Release