Affiliation:
1. PLA SSF Information Engineering University, Zhengzhou 450001, China
Abstract
GEA-1, a proprietary stream cipher, was initially designed and used to protect against eavesdropping general packet radio service (GPRS) between the phone and the base station. Now, a variety of current mobile phones still support this standard cipher. In this paper, a structural weakness of the GEA-1 stream cipher that has not been found in previous works is discovered and analyzed. That is the probability that two different inputs of GEA-1 generate the identical keystream can be up to , which is quite high compared with an ideal stream cipher that generates random sequences. Based on this newfound weakness, a new practical distinguishing attack on GEA-1 is proposed, which shows that the keystreams generated by GEA-1 are far from random and can be easily distinguished with a practical time cost. After then, a new practical key recovery attack on GEA-1 is presented. It has a time complexity of GEA-1 encryptions and requires only seven related keys, which is much less than the existing related key attack on GEA-1. The experimental results show that GEA-1 can be broken within about 41.75 s on a common PC in the related key setting. These cryptanalytic results show that GEA-1 cannot provide enough security and should be immediately prohibited to be supported in the massive GPRS devices.
Funder
National Natural Science Foundation of China
Publisher
Institution of Engineering and Technology (IET)
Reference16 articles.
1. Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
2. New Attacks on the GPRS Encryption Algorithms GEA-1 and GEA-2
3. ETSI: security algorithms group of experts (sage)Report on the specification, evaluation and usage of the gsm gprs encryption algorithm (gea)1998Technical Report https://www.etsi.org/deliver/etsi_tr/101300_101399/101375/01.01.01
4. GPRS security;C. Brookson,2001
5. Constructing and deconstructing intentional weaknesses in symmetric ciphers;C. Beierle,2021