Paper 2023/1851
Quantum Security of the UMTS-AKA Protocol and its Primitives, Milenage and TUAK
Abstract
The existence of a quantum computer is one of the most significant threats cryptography has ever faced. However, it seems that real world protocols received little attention so far with respect to their future security. Indeed merely relying upon post-quantum primitives may not suffice in order for a security protocol to be resistant in a full quantum world. In this paper, we consider the fundamental UMTS key agreement used in 3G but also in 4G (LTE), and in the (recently deployed) 5G technology. We analyze the protocol in a quantum setting, with quantum communications (allowing superposition queries by the involved parties), and where quantum computation is granted to the adversary. We prove that, assuming the underlying symmetric-key primitive is quantum-secure, the UMTS key agreement is also quantum-secure. We also give a quantum security analysis of the underlying primitives, namely Milenage and TUAK. To the best of our knowledge this paper provides the first rigorous proof of the UMTS key agreement in a strong quantum setting. Our result shows that in the quantum world to come, the UMTS technology remains a valid scheme in order to secure the communications of billions of users.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- Quantum cryptographyAKA protocol3G/4G/5GSecurity proofs
- Contact author(s)
-
paul frixons @ inria fr
sebastien canard @ telecom-paris fr
loic ferreira @ orange com - History
- 2023-12-04: approved
- 2023-12-01: received
- See all versions
- Short URL
- https://ia.cr/2023/1851
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1851,
author = {Paul Frixons and Sébastien Canard and Loïc Ferreira},
title = {Quantum Security of the {UMTS}-{AKA} Protocol and its Primitives, Milenage and {TUAK}},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/1851},
year = {2023},
url = {https://eprint.iacr.org/2023/1851}
}
