A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones

The GMR-2 cipher is a type of stream cipher currently being used in some Inmarsat satellite phones. It has been proven that such a cipher can be cracked using only one single-frame (15 bytes) known keystream but with a moderate executing times. In this paper, we present a new thorough security analysis of the GMR-2 cipher. We first study the inverse properties of the cipher\u27s components to reveal a bad one-way character of the cipher. By then introducing a new concept called ``valid key chain according to the cipher\u27s key schedule, we propose an unprecedented real-time inversion attack using a single-frame keystream. This attack comprises three phases: (1) table generation; (2) dynamic table look-up, filtration and combination; and (3) verification. Our analysis shows that, using the proposed attack, the size of the exhaustive search space for the 64-bit encryption key can be reduced to approximately $2^{13}$ when a single-frame keystream is available. Compared with previous known attacks, this inversion attack is much more efficient. Finally, the proposed attack is carried out on a 3.3-GHz PC, and the experimental results thus obtained demonstrate that the 64-bit encryption-key could be recovered in approximately 0.02 s on average

the initialization stage analysis of zuc v1.5

The ZUC algorithm is a new stream cipher, which is the core of the standardised 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3. In this paper, we analyze the initialization stage of ZUC v1.5. First of all, we study the differential properties of operations in ZUC v1.5, including the bit-reorganization, exclusive-or and addition modulo 2 n , bit shift and the update of LFSR. And then we give a differential trail covering 24 rounds of the initialization stage of ZUC v1.5 with probability 2 ? 23.48 , which extends the differential given in the design and evaluation report of ZUC v1.5 to four more rounds. Nevertheless, the study shows that the stream cipher ZUC v1.5 can still resist against chosen-IV attacks.National Natural Science Foundation of China (NSFC); Shandong University (SDU)The ZUC algorithm is a new stream cipher, which is the core of the standardised 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3. In this paper, we analyze the initialization stage of ZUC v1.5. First of all, we study the differential properties of operations in ZUC v1.5, including the bit-reorganization, exclusive-or and addition modulo 2 n , bit shift and the update of LFSR. And then we give a differential trail covering 24 rounds of the initialization stage of ZUC v1.5 with probability 2 ? 23.48 , which extends the differential given in the design and evaluation report of ZUC v1.5 to four more rounds. Nevertheless, the study shows that the stream cipher ZUC v1.5 can still resist against chosen-IV attacks