Project

General

Profile

A5-GMR-1 » History » Version 4

Anonymous, 02/19/2016 10:50 PM

1 1
= A5-GMR-1 Cipher =
2
3
== Description ==
4
5 3
The cipher is heavily inspired from A5/2 and is based on 4 LFSR that are irregularely clocked and whose output is combined through a non linear function. See the schema below :
6 1
7 3
[[Image(a5-gmr-1.png, 50%)]]
8 1
9 3
 * M is the majority function
10
 * Clocking is entirely controlled by R4. The 3 clock bits are compared to their majority and if they match, the corresponding register is clocked.
11
  * Bit 15 for R1
12
  * Bit 6 for R2
13
  * Bit 1 for R3
14
15
The initialization of the cipher from the Key and Frame number. Basically the frame number bits are xored with the key, then the cipher is forcefully clocked for 64 cycles, each time xoring one bit of the (Key xor FN) with each of the feedback path of the LFSR.
16
17
Then comes the mixing stage where the cipher is run normally for 250 cycles, just discarding the output.
18
19
And finally keystream is ready to be produced. First for the downlink and then for the uplink. Actual length depends on channel type but for FACCH3 for example you'd produce 96 bits for the downlink direction (Sat -> Phone) and then 96 bits for the uplink direction (Phone -> Sat). Note that the role of uplink and downlink can be reversed when dealing with "Terminal-to-Terminal" calls.
20
21 4
Credits goes to Benedikt Driessen, Ralf Hund, Carsten Willems, Christof Paar, and Thorsten Holz for their reversing work, extracting this from the [[Thuraya_SO2510]] firmware.
22
23 3
== Implementation ==
24 1
25 4
You can find the actual implementation here : http://cgit.osmocom.org/cgit/osmo-gmr/tree/src/l1/a5.c
26 3
27 1
28
== Cryptanalysis ==
29
30
=== RUB Attack on TCH3 ===
31
32
=== FACCH3 known plaintext ===
Add picture from clipboard (Maximum size: 48.8 MB)