Cryptology ePrint Archive: Report 2021/829

To Shift or Not to Shift: Understanding GEA-1

Christof Beierle and Patrick Felke and Gregor Leander

Abstract: In their Eurocrypt 2021 paper, Beierle et al. showed that the proprietary stream ciphers GEA-1 and GEA-2, widely used for GPRS encryption in the late 1990s and during the 2000s, are cryptographically weak and presented attacks on both algorithms with practical time complexity. Although GEA-1 and GEA-2 are classical stream ciphers, the attack on GEA-1 is interesting from a cryptanalytic point of view. As outlined in the aforementioned paper, there is a strong indication that the security of GEA-1 was deliberately weakened to 40 bits in order to fulfill European export restrictions. In this paper we analyze the design further and answer the open question on how to construct a GEA-1-like cipher with such a reduced security. Indeed, the actual GEA-1 instance could be obtained from this construction. Our observations and analysis yields new theoretical insights in designing secure stream ciphers.

Category / Keywords: secret-key cryptography / cryptanalysis, GPRS, GEA-1, stream cipher, LFSR, 40-bit security

Date: received 17 Jun 2021

Contact author: christof beierle at rub de, patrick felke@hs-emden-leer de, gregor leander@rub de

Available format(s): PDF | BibTeX Citation

Version: 20210621:075139 (All versions of this report)

Short URL: ia.cr/2021/829


[ Cryptology ePrint archive ]