From: Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
To: Tatu Ylonen <ylo@cs.hut.fi>
Message Hash: cfc314e50da5b504a8c0faa181d4ab092611d4d0f19052dd989bc5b26c8b6b86
Message ID: <E0tRRco-0003nh-00@bescot.cl.cam.ac.uk>
Reply To: <199512171141.NAA02997@trance.olari.clinet.fi>
UTC Datetime: 1995-12-17 22:33:43 UTC
Raw Date: Sun, 17 Dec 95 14:33:43 PST
From: Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
Date: Sun, 17 Dec 95 14:33:43 PST
To: Tatu Ylonen <ylo@cs.hut.fi>
Subject: Re: Motorola Secure Phone
In-Reply-To: <199512171141.NAA02997@trance.olari.clinet.fi>
Message-ID: <E0tRRco-0003nh-00@bescot.cl.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain
> I got the following from mjos@math.jyu.fi a couple of months ago.
> Unfortunately I was unable to attend or listen on mbone. Does anyone
> know more about this?
Yes -- we have analogue A/V on a VHS cassette, digital MBone recording on M/O,
and an abstract ... see below.
>> University of Cambridge Computer Laboratory
>> SEMINAR SERIES
>> 10th October Bill Chambers, King's College, London
>> PROBLEMS OF STREAM CIPHER GENERATORS WITH MUTUAL CLOCK CONTROL
>> GSM:n salausalgoritmi on juuri tuota tyyppi. Chambers yritti pit tuota
>> nimenomaista esitelm jo yli vuosi sitten, mutta silloin viralliset tahot
>> puuttuivat asiaan ja esitys peruttiin. Hn on lytnyt algoritmista aukkoja,
>> joiden avulla purkuaika saadaan erittin lyhyeksi.
>> ps. ne meist, jotka psevt mboneen ksiksi, voivat seurata tapahtumia
>> liven :)
> [Free translation: The GSM encryption algorithm is of exactly that
> type. Chambers tried to have this particular presentation over an
> year ago, but at that time the official side interfered and the
> presentation was cancelled. He has found holes in the algorithm that
> can be used to make decryption (without key) very quick.
> PS. Those of us who can get access to mbone, can follow it live.]
<TITLE>Security Group Seminar, 10th October 1995</TITLE>
<H1>Security Group Seminar, 10th October 1995</H1>
<HR>
<DL>
<DT>Speaker:
<DD>Bill Chambers, King's College, University of London<P>
<DT>Date:
<DD>Tuesday 10th October<P>
<DT>Place:
<DD>Room TP4, Computer Laboratory<P>
<DT>Title:
<DD>PROBLEMS OF STREAM CIPHER GENERATORS WITH MUTUAL CLOCK CONTROL<P>
</DL>
The speaker has been looking at the cycle structure of an algorithm
posted just over a year ago on the Internet and alleged to be the
secret A5 algorithm used for confidentiality in the GSM mobile
telephone system. This algorithm employs three mutually
clock-controlled shift registers, and can fairly quickly enter a
loop with what is essentially the shortest possible period, a
number very small compared with the total number of states, or even
its square root. Moreover this behaviour is robust, not being
influenced by factors such as choice of primitive feedback
polynomial or even clocking logic (with a proviso to be
discussed). A fairly straightforward explanation for this
behaviour has been found. Some ways of getting around the problem
of excessively short periods are considered, as well as the
behaviour of systems with different numbers of mutually clocked
registers. In particular a mention is made of the wartime T52e
cipher, perhaps the inspiration for "alleged A5".<P>
Return to December 1995
Return to “Tatu Ylonen <ylo@cs.hut.fi>”