By Topic

A time memory trade off attack against A5/1 algorithm

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Erguler, I. ; Bogazici Univ., Istanbul, Turkey ; Karahisar, A. ; Anarim, E.

Two types of attacks against the GSM security algorithm, A5/1, are discussed. The A5/1 system consists of three LFSRs (linear feedback shift registers) which have lengths of 19, 22 and 23 bits respectively. So, the total length of the three registers is 64 bits. The purpose of these attacks is to obtain the initial state of the LFSRs just after the encryption key (Kc) and frame number are loaded, in the light of known plaintext. Both attacks depend on the time-memory attack principle. In other words, the solution space of A5/1, as 264, becomes realizable with M ≈ 234.955 as memory and T ≈ 228.365 as time complexity by distributing the solution space between time and memory optimally.

Published in:

Signal Processing and Communications Applications Conference, 2004. Proceedings of the IEEE 12th

Date of Conference:

28-30 April 2004