Paper 2012/425
The Stream Cipher Core of the 3GPP Encryption Standard 128-EEA3: Timing Attacks and Countermeasures
Gautham Sekar
Abstract
The core of the 3rd Generation Partnership Project (3GPP) encryption standard 128-EEA3 is a stream cipher called ZUC. It was designed by the Chinese Academy of Sciences and proposed for inclusion in the cellular wireless standards called “Long Term Evolution” or “4G”. The LFSR-based cipher uses a 128-bit key. In this paper, we first show timing attacks on ZUC that can recover, with about 71.43% success rate, (i) one bit of the secret key immediately, and (ii) information involving 6 other key bits. The time, memory and data requirements of the attacks are negligible. While we see potential improvements to the attacks, we also suggest countermeasures.
Note: 1. Update: The constant-time C implementation (ZUC-1.5C) that we have proposed in the paper, is now approved by the 3GPP for inclusion in the LTE standards. This C implementation and the ETSI's evaluation report are available at http://www.gsma.com/technicalprojects/fraud-security/security-algorithms/, under "3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3". 2. Revision 1: Typographical errors in Table 4 (Appendix A) have been corrected (i.e., $\Gamma_6$ --> $\Gamma_5$).
Metadata
- Available format(s)
- PDF PS
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Expanded and updated version of Inscrypt 2012 paper.
- Keywords
- Stream ciphercache timing attackkey recovery
- Contact author(s)
- sgautham @ isichennai res in
- History
- 2015-10-01: last of 8 revisions
- 2012-08-05: received
- See all versions
- Short URL
- https://ia.cr/2012/425
- License
-
CC BY