Paper 2021/829

To Shift or Not to Shift: Understanding GEA-1

Christof Beierle, Patrick Felke, and Gregor Leander

Abstract

In their Eurocrypt 2021 paper, Beierle et al. showed that the proprietary stream ciphers GEA-1 and GEA-2, widely used for GPRS encryption in the late 1990s and during the 2000s, are cryptographically weak and presented attacks on both algorithms with practical time complexity. Although GEA-1 and GEA-2 are classical stream ciphers, the attack on GEA-1 is interesting from a cryptanalytic point of view. As outlined in the aforementioned paper, there is a strong indication that the security of GEA-1 was deliberately weakened to 40 bits in order to fulfill European export restrictions. In this paper we analyze the design further and answer the open question on how to construct a GEA-1-like cipher with such a reduced security. Indeed, the actual GEA-1 instance could be obtained from this construction. Our observations and analysis yields new theoretical insights in designing secure stream ciphers.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. Minor revision.
Keywords
cryptanalysisGPRSGEA-1stream cipherLFSR40-bit security
Contact author(s)
christof beierle @ rub de
patrick felke @ hs-emden-leer de
gregor leander @ rub de
History
2021-06-21: received
Short URL
https://ia.cr/2021/829
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/829,
      author = {Christof Beierle and Patrick Felke and Gregor Leander},
      title = {To Shift or Not to Shift: Understanding GEA-1},
      howpublished = {Cryptology ePrint Archive, Paper 2021/829},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/829}},
      url = {https://eprint.iacr.org/2021/829}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.