Cryptology ePrint Archive: Report 2010/618

A Forgery Attack on the Candidate LTE Integrity Algorithm 128-EIA3

Thomas Fuhr and Henri Gilbert and Jean-René Reinhard and Marion Videau

Abstract: In this note we show that the message authentication code 128-EIA3 considered for adoption as one of the integrity algorithms of the emerging mobile standard LTE is vulnerable to a simple existential forgery attack. This attack allows, given any message and the associated MAC value under an unknown integrity key and an initial vector, to predict the MAC value of a related message under the same key and the same initial vector with a success probability 1/2.

Category / Keywords: secret-key cryptography / message authentication codes, forgery attacks

Date: received 2 Dec 2010

Contact author: henri gilbert at ssi gouv fr

Available format(s): PDF | BibTeX Citation

Version: 20101208:185724 (All versions of this report)

Short URL: ia.cr/2010/618

Discussion forum: Show discussion | Start new discussion