a5/1 stream cipher
DESCRIPTION
A5/1 Stream Cipher. A5/1 is a stream cipher used to provide over-the-air communication privacy in the GSM cellular telephone standard. Course Name: Cryptography Level: UG/PG. Authors Phani Swathi Chitta Mentor Prof. Saravanan Vijayakumaran. Learning Objectives. - PowerPoint PPT PresentationTRANSCRIPT
A5/1 Stream CipherA5/1 is a stream cipher used to provide over-the-
air communication privacy in the GSM cellular telephone standard
AuthorsPhani Swathi Chitta
MentorProf. Saravanan Vijayakumaran
Course Name: Cryptography Level: UG/PG
Learning ObjectivesAfter interacting with this Learning Object, the learner will be able to:• Explain the regular operation of A5/1• Explain the operation of initial state generation using session key
and publicly known frame number
Definitions of the components/Keywords:
5
3
2
4
1 •A5/1 is built from three short linear feedback shift registers (LFSR) of lengths 19, 22, and 23 bits, which are denoted by R1, R2 and R3 respectively. The rightmost bit in each register is labeled as bit zero. The taps of R1 are at bit positions 13,16,17,18; the taps of R2 are at bit positions 20,21 and the taps of R3 are at bit positions 7, 20,21,22.
•When a register is clocked, its taps are XORed together and the result is stored in the rightmost bit of the left-shifted register.
•They are clocked in a stop/go fashion using the following majority rule: Each register has a single "clocking" tap (bit 8 for R1, bit 10 for R2, and bit 10 for for R3); each clock cycle, the majority function of the clocking taps is calculated and only those registers whose clocking taps agree with the majority bit are actually clocked. At each step either two or three registers are clocked.
LFSR number Length in bits
Feedback polynomial Clocking bit
Tapped bits
1 19 x19 + x18 + x17 + x14 + 1 8 13,16,17,18
2 22 x22 + x21 + 1 10 20,21
3 23 x23 + x22 + x21 + x8 + 1 10 7,20,21,22
Master Layout 1
5
3
2
4
11 0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
The master layout figure should appear first R1, R2, R3 are three linear feedback shift registers C1,C2 and C3 are clocking bits
Part 1 - Regular operation of A5/1Part 2 - Operation of initial state generation using session key and publicly known frame number
1 0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 1: 1
5
32
4
1
Instruction for the animator Text to be displayed in the working area (DT)• The first sentence in DT should appear
with master layout figure.• The first blue circle should blink once and
red 1 should appear.• The second sentence in DT should appear
with step 1 figure.
• The contents of the three LFSRs represent the state of the A5/1 stream cipher
• The MSBs of all the registers are XORed to generate the output of the stream cipher
LFSR – Linear Feedback Shift Register
MSB – Most Significant Bit
LSB – Least Significant Bit
1 0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 2: 1
5
2
4
1
Instruction for the animator Text to be displayed in the working area (DT)• The orange lines should blink once. • The registers are clocked in a stop/go fashion using the majority rule.
• A register is clocked if the clocking bit agrees with the majority bit.
3
1 0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
1 0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 3: 1
5
2
4
1
Instruction for the animator Text to be displayed in the working area (DT)• The 3 violet circles in first register and 3
violet circles in third register should blink once.
• The text in DT should be displayed.• After the text in DT red 1 at R1 and red 0 at
R3 should appear
• The LFSRs R1 and R3 are clocked as their clocking bits C1 and C3 agree with the majority of C1, C2 and C3.
• LFSR R2 is not clocked.• When a register is clocked, its taps are XORed together to generate the new
LSB.
3
1
0
0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 4: 1
5
2
4
1
Instruction for the animator Text to be displayed in the working area (DT)• The figure in step4 should be shown such
that the bits (1s and 0s ) are moved to left in R1 and R3.
• The contents of LFSRs R1 and R3 are left shifted.
3
1
0
Step 5: 1
5
2
4
Instruction for the animator Text to be displayed in the working area (DT)• The figure in step 5 should appear such
that the red 1 and 0 are placed in R1 and R3.
• The new LSBs which were generated prior to left shifting of the registers is stored in the rightmost bit of the left -shifted registers.
3
0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 0
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
1
Step 6: 1
5
2
4
Instruction for the animator Text to be displayed in the working area (DT)• The first blue circle should blink once and
green 1 should appear.• The sentence in DT should appear with
step 6 figure.
• The MSBs of all the registers are XORed to generate the output of the stream cipher
3
0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 0
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
1 1
Step 7: 1
5
2
4
Instruction for the animator Text to be displayed in the working area (DT)• The orange lines should blink once. • The registers are clocked in a stop/go fashion using the majority rule.
• A register is clocked if the clocking bit agrees with the majority bit.
3
0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 0
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
1 1
Step 8: 1
5
2
4
Instruction for the animator Text to be displayed in the working area (DT)• The 3 violet circles in first register and 1
violet circle in second register should blink once.
• The text in DT should be displayed.• After the text in DT green 0 at R1 and
green 1 at R2 should appear
• The LFSRs R1 and R2 are clocked as their clocking bits C1 and C2 agree with the majority of C1, C2 and C3.
• LFSR R3 is not clocked.• When a register is clocked, its taps are XORed together to generate the new
LSB.
3
0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1
1 0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 0
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
1 1
1
0
Step 9: 1
5
2
4
Instruction for the animator Text to be displayed in the working area (DT)• The figure in step9 should be shown such
that the bits (1s and 0s ) are moved to left in R1 and R2.
• The contents of LFSRs R1 and R2 are left shifted.
3
1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1
0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1
0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 0
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
1 1
1
0
Step 10: 1
5
2
4
Instruction for the animator Text to be displayed in the working area (DT)• The figure in step 10 should appear such
that the green 1 and 0 are placed in R1 and R2.
• The new LSBs which were generated prior to left shifting of the registers is stored in the rightmost bit of the left -shifted registers.
3
1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 0
0 1 1 1 0 0 1 0 0 1 0 1 0 1 0 1 1 1 0 0 1 1
0 1 0 1 0 1 0 0 1 1 0 1 1 1 0 1 1 0 0 1 0 1 0
clock control
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
1 1
Master Layout 2
5
3
2
4
1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
The master layout figure should appear first R1, R2, R3 are three linear feedback shift registers Initially all the registers are zeros
Part 1 - Regular operation of A5/1Part 2 - Operation of initial state generation using session key and publicly known frame number
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 1: 1
5
32
4
Instruction for the animator Text to be displayed in the working area (DT)• The red 1 in the top bit sequence is placed
at all three registers • After the 1s are shown blink the 0s in the
last boxes of all registers and red 1s
• The LSB of session key is XORed with the LSB of R1, R2, R3.• During the initial state generation the output of the stream cipher is
ignored.
Session key + Frame no. - 64 + 22 bits 111110010100010110110001011010101001010101000001110111001010100100111101100011010101
1
1
1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 2: 1
5
32
4
Instruction for the animator Text to be displayed in the working area (DT)• The red 1s should be placed in the last
boxes of all the registers.• The result of XORing is stored in LSBs of all the registers
Session key + Frame no. - 64 + 22 bits 111110010100010110110001011010101001010101000001110111001010100100111101100011010101
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 3: 1
5
32
4
Instruction for the animator Text to be displayed in the working area (DT)• The small violet circles of first register
should blink and the black 0 should appear• Then the same for the second register and
after for the third register
• The clocking is done i.e., the XOR of taps of all the registers is done together
Session key + Frame no. - 64 + 22 bits 111110010100010110110001011010101001010101000001110111001010100100111101100011010101
0
0
0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 4: 1
5
32
4
Instruction for the animator Text to be displayed in the working area (DT)• The bits should be left shifted and black 0s
should be placed in last boxes• The bits are left shifted and the new LSB from XORing taps is stored in LSB
Session key + Frame no. - 64 + 22 bits 111110010100010110110001011010101001010101000001110111001010100100111101100011010101
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 5: 1
5
32
4
Instruction for the animator Text to be displayed in the working area (DT)• The green 1 in the top bit sequence is
placed at all three registers • When the 1s are shown blink the 0s in the
last boxes and green 1s
• The next bit of session key is XORed with the LSB of R1, R2, R3.
Session key + Frame no. - 64 + 22 bits 111110010100010110110001011010101001010101000001110111001010100100111101100011010101
1
1
1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 6: 1
5
2
4
Instruction for the animator Text to be displayed in the working area (DT)• The green 1s should be placed in the last
boxes of all the registers.• The result of XOR is stored in LSBs of all the registers
Session key + Frame no. - 64 + 22 bits 111110010100010110110001011010101001010101000001110111001010100100111101100011010101
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 7: 1
5
32
4
Instruction for the animator Text to be displayed in the working area (DT)• The small violet circles should blink and the
black 0s should appear• The clocking is done i.e., the XOR of taps of all the registers is done
together
Session key + Frame no. - 64 + 22 bits 111110010100010110110001011010101001010101000001110111001010100100111101100011010101
0
0
0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0
C1
C2
C3
18 17 16
2021
13 0R1
R2
R32122 20 7
0
0
Step 8: 1
5
32
4
Instruction for the animator Text to be displayed in the working area (DT)• The bits should be left shifted and black 0s
should be placed in last boxes• There should be a next button so that the
user can complete the process for 86 times.
• The bits are left shifted and the result of XORed taps is stored in LSB • This process is continued for 86 cycles with regular clocking• The contents of the registers after 86 cycles is called the initial state of the
frame• After this, the registers are clocked for 100cycles with irregular clocking
Session key + Frame no. - 64 + 22 bits 111110010100010110110001011010101001010101000001110111001010100100111101100011010101
Questionnaire1. If the registers R1, R2 and R3 have clocking bits as 1,1,1,
then which registers will be clocked?Answers: a) R1 b) R2 c) R3 d)R1, R2, R3
2. If the registers R1, R2 and R3 have clocking bits as 1,0,0, then which registers will be clocked?
Answers: a)R1 b)R1, R2 c) R2, R3 d) R1, R2, R3
3. The minimum number of registers which are clocked at a time _______
Answers: a) 0 b) 1 c) 2 d) 3 The answers are given in red
1
5
2
4
3
Links for further readingReference websites: http://en.wikipedia.org/wiki/A5/1 http://www.scard.org/gsm/a51.html http://cryptome.org/a51-bsw.htm
Books: Mobile Communication Systems and Security – Man Young Rhee,
John Wiley & Sons(April 2009, Wiley-ieee Press)
Research papers:
Summary• A5/1 is a stream cipher used to provide over-the-air
communication privacy in the GSM cellular telephone standard• A5/1 is built from three short linear feedback shift registers (LFSR) of
lengths 19, 22, and 23 bits, which are denoted by R1, R2 and R3• When a register is clocked, its taps are XORed together and the result is
stored in the rightmost bit of the left-shifted register• They are clocked in a stop/go fashion using the majority rule• At each step either two or three registers are clocked