research-article

SAT based analysis of LTE stream cipher ZUC

Authors:

Frédéric Lafitte,

Olivier Markowitch, and

Dirk Van HeuleAuthors Info & Claims

SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

November 2013

Pages 110 - 116

https://doi.org/10.1145/2523514.2523533

Published: 26 November 2013 Publication History

Abstract

Mobile security is of paramount importance. The security of LTE (long term evolution of radio networks), which is currently widely deployed as a long-term standard for mobile networks, relies upon three cryptographic primitives, among which the stream cipher ZUC. In this paper, we point out that the linear feedback shift register (LFSR) used in ZUC has about 2²⁵ encodings of the zero state (i.e. all LFSR variables are 0) due to the fact that operations are performed modulo 2³¹ -- 1 on 32-bit operands. We use SAT solvers to show that these states are reachable when 64 bits of ZUC's initial state can be chosen (i.e. R₁, R₂). That is, for each key there are many initial vectors that lead to a weak state after ZUC's initialization. We also use SAT-solvers to disprove the existence of such weak inputs when the initial values of R₁, R₂ are set to zero as required by the official specifications. Finally, we discuss how the redundancy introduced in ZUC's output function might help mounting SAT-solver based guess-and-determine attacks given a few keystream digits.

References

[1]

ALMashrafi, M., Bartlett, H., Simpson, L., Dawson, E., and Wong, K.-H. Analysis of indirect message injection for mac generation using stream ciphers. In Information Security and Privacy, W. Susilo, Y. Mu, and J. Seberry, Eds., vol. 7372 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2012, pp. 138--151.

Digital Library

[2]

ALMashrafi, M. J. A different algebraic analysis of the zuc stream cipher. In Proceedings of the 4th international conference on Security of information and networks (New York, NY, USA, 2011), SIN '11, ACM, pp. 191--198.

Digital Library

[3]

Barkan, E., Biham, E., and Keller, N. Instant ciphertext-only cryptanalysis of gsm encrypted communication. Journal of Cryptology 21, 3 (2008), 392--429.

Digital Library

[4]

Biryukov, A., and Shamir, A. Cryptanalytic time/memory/data tradeoffs for stream ciphers. In Advances in Cryptology--ASIACRYPT (2000), T. Okamoto, Ed., vol. 1976 of Lecture Notes in Computer Science, Springer, pp. 1--13.

Digital Library

[5]

C. Cid, S. Murphy, F. P., and Dodd, M. Zuc. algorithm evaluation report, May 2010.

[6]

Ekdahl, P., and Johansson, T. SNOW - A new stream cipher. In First Open Nessie Workshop, KULeuven (2000).

[7]

Ekdahl, P., and Johansson, T. A new version of the stream cipher snow. In Selected Areas in Cryptography, K. Nyberg and H. Heys, Eds., vol. 2595 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2003, pp. 47--61.

[8]

ETSI/SAGE. Specification of the 3gpp confidentiality and integrity algorithms 128-eea3 & 128-eia3. document 2: Zuc specification. specification version: 2.0, September.

[9]

ETSI/SAGE. Specification of the 3gpp confidentiality and integrity algorithms 128-eea3 & 128-eia3. document 4: Design and evaluation report. specification version: 1.1, August.

[10]

Fuhr, T., Gilbert, H., Reinhard, J.-R., and Videau, M. Analysis of the initial and modified versions of the candidate 3gpp integrity algorithm 128-eia3. In Selected Areas in Cryptography (2012), A. Miri and S. Vaudenay, Eds., vol. 7118 of Lecture Notes in Computer Science, Springer, pp. 230--242.

Digital Library

[11]

Ji, L. Improved differential paths of zuc. In 1st International Workshop on ZUC Algorithm (2010).

[12]

Jovanovic, D., and Janicic, P. Logical analysis of hash functions. In Frontiers of Combining Systems, 5th International Workshop, FroCoS 2005, Vienna, Austria, September 19--21, 2005, Proceedings (2005), B. Gramlich, Ed., vol. 3717 of Lecture Notes in Computer Science, Springer, pp. 200--215.

Digital Library

[13]

Lu, Y., Meier, W., and Vaudenay, S. The conditional correlation attack: A practical attack on bluetooth encryption. In Advances in Cryptology--CRYPTO 2005, V. Shoup, Ed., vol. 3621 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2005, pp. 97--117.

Digital Library

[14]

Maitra, S. Evolution of stream ciphers towards zuc. In 1st International Workshop on ZUC Algorithm (2010).

[15]

Massacci, F., and Marraro, L. Logical cryptanalysis as a sat problem. Journal of Automated Reasoning 24, 1--2 (2000), 165--203.

Digital Library

[16]

Mironov, I., and Zhang, L. Applications of SAT solvers to cryptanalysis of hash functions. In Theory and Applications of Satisfiability Testing - SAT 2006, 9th International Conference, Seattle, WA, USA, August 12--15, 2006, Proceedings (2006), A. Biere and C. P. Gomes, Eds., vol. 4121 of Lecture Notes in Computer Science, Springer, pp. 102--115.

Digital Library

[17]

Robshaw, M. The estream project. In New Stream Cipher Designs - The eSTREAM Finalists, M. J. B. Robshaw and O. Billet, Eds., vol. 4986 of Lecture Notes in Computer Science. Springer, 2008, pp. 1--6.

Digital Library

[18]

Sekar, G. The stream cipher core of the 3gpp encryption standard 128-eea3: Timing attacks and countermeasures. In Information Security and Cryptology, C.-K. Wu, M. Yung, and D. Lin, Eds., vol. 7537 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2012, pp. 269--288.

Digital Library

[19]

Soos, M. Cryptominisat 2.5.0. SAT Race competitive event booklet (2010).

[20]

Sun, B., Tang, X., and Li, C. Preliminary cryptanalysis results of zuc. In First International Workshop on ZUC Algorithm (December 2010).

[21]

Wu, H., Huang, T., Nguyen, P., Wang, H., and Ling, S. Differential attacks against stream cipher zuc. In Advances in Cryptology--ASIACRYPT 2012, X. Wang and K. Sako, Eds., vol. 7658 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2012, pp. 262--277.

Digital Library

[22]

Wu, H., Nguyen, P., Wang, H., and Ling, S. Cryptanalysis of the stream cipher zuc in the 3gpp confidentiality & integrity algorithms 128-eea3 & 128-eia3. Rump Session of Asiacrypt 2010 (2010).

[23]

Wu, T., and Gong, G. The weakness of integrity protection for lte. In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks (New York, NY, USA, 2013), WiSec '13, ACM, pp. 79--88.

Digital Library

[24]

L. R. Knudson, B. P., and Rijmen, V. Evaluation of zuc, May 2010.

[25]

Lin, D., Shu-kai, L., Zhong-ya, Z., and Jie, G. Guess and determine attack on zuc based on solving nonlinear equations. In First International Workshop on ZUC Algorithm (December 2010).

Cited By

Dridi FEl Assad SEl Hadj Youssef WMachhout M(2023)Design, Hardware Implementation on FPGA and Performance Analysis of Three Chaos-Based Stream CiphersFractal and Fractional10.3390/fractalfract70201977:2(197)Online publication date: 17-Feb-2023
https://doi.org/10.3390/fractalfract7020197
Rahim USiddiqui MJaved MNafi N(2022)Architectural Implementation of AES based 5G Security Protocol on FPGA2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)10.1109/ITNAC55475.2022.9998367(1-6)Online publication date: 30-Nov-2022
https://doi.org/10.1109/ITNAC55475.2022.9998367
Dubrova ETeslenko M(2018)An efficient SAT-based algorithm for finding short cycles in cryptographic algorithms2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HST.2018.8383892(65-72)Online publication date: Apr-2018
https://doi.org/10.1109/HST.2018.8383892
Show More Cited By

Index Terms

SAT based analysis of LTE stream cipher ZUC
1. Computing methodologies
  1. Symbolic and algebraic manipulation
    1. Computer algebra systems

Recommendations

A different algebraic analysis of the ZUC stream cipher
SIN '11: Proceedings of the 4th international conference on Security of information and networks

Existing algebraic analyses of the ZUC cipher indicate that the cipher should be secure against algebraic attacks. In this paper, we present an alternative algebraic analysis method for the ZUC stream cipher, where a combiner is used to represent the ...
Read More
SAT based analysis of LTE stream cipher ZUC

Mobile security is of paramount importance. The security of LTE (long term evolution of radio networks), which is currently widely deployed as a long-term standard for mobile networks, relies upon three cryptographic primitives, among which the stream ...
Read More
Faster 128-EEA3 and 128-EIA3 Software
ISC 2013: Proceedings of the 16th International Conference on Information Security - Volume 7807

The 3GPP Task Force recently supplemented mobile LTE network security with an additional set of confidentiality and integrity algorithms, namely 128-EEA3 and 128-EIA3 built on top of ZUC, a new keystream generator. We contribute two techniques to ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

November 2013

483 pages

ISBN:9781450324984

DOI:10.1145/2523514

General Chairs:
Atilla Elçi
Aksaray University, Turkey
,
Manoj Singh Gaur
Malaviya National Institute of Technology, India
,
Mehmet A. Orgun
Macquarie University, Australia
,
Oleg B. Makarevich
Southern Federal University, Russia

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Macquarie U., Austarlia
MNIT: Malaviya National Institute of Technology
Aksaray Univ.: Aksaray University
SFedU: Southern Federal University

In-Cooperation

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIN '13

Sponsor:

MNIT
Aksaray Univ.
SFedU

SIN '13: The 6th International Conference on Security of Information and Networks

November 26 - 28, 2013

Aksaray, Turkey

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
112
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Dridi FEl Assad SEl Hadj Youssef WMachhout M(2023)Design, Hardware Implementation on FPGA and Performance Analysis of Three Chaos-Based Stream CiphersFractal and Fractional10.3390/fractalfract70201977:2(197)Online publication date: 17-Feb-2023
https://doi.org/10.3390/fractalfract7020197
Rahim USiddiqui MJaved MNafi N(2022)Architectural Implementation of AES based 5G Security Protocol on FPGA2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)10.1109/ITNAC55475.2022.9998367(1-6)Online publication date: 30-Nov-2022
https://doi.org/10.1109/ITNAC55475.2022.9998367
Dubrova ETeslenko M(2018)An efficient SAT-based algorithm for finding short cycles in cryptographic algorithms2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HST.2018.8383892(65-72)Online publication date: Apr-2018
https://doi.org/10.1109/HST.2018.8383892
Lafitte FMarkowitch OVan Heule D(2018)SAT based analysis of LTE stream cipher ZUCJournal of Information Security and Applications10.1016/j.jisa.2014.09.00422:C(54-65)Online publication date: 13-Dec-2018
https://dl.acm.org/doi/10.1016/j.jisa.2014.09.004

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents