From: John Young <jya@pipeline.com>
Date: Sat, 1 Feb 1997 13:16:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: More on Cellular Encryption Docs
Message-ID: <1.5.4.32.19970201211055.006e3984@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's more on the controlled documents for cellular encryption
from TIA/EIA we described in a 26 January post to cpunks:

Sharon Vargish of TIA (1-703-907-7702) sent the documents after 
I signed and returned the NDA:

   TR45.0.A
   Common Cryptographic Algorithms, Revision B
   June 21, 1995, 72 pp. (With ITAR notice on every page)

   TR45.0.A
   Interface Specification for Common Cryptographic Algorithms,
   Revision B, August 6, 1996, 15 pp. (No ITAR notice, but 
   "sensitive information should be protected from general 
   distribution.")

   TR45
   Appendix A to PN-3474 (IS-36)
   October 16, 1995, 10 pp. (ITAR notice on every page.)

   TR45
   Appendix-A to TIA/EIA 627
   December 23, 1996, 7 pp. (No ITAR, but "sensitive"notice)

"Common Cryptographic Algorithms" (CCA) supercedes the 1992 
CAVE document, but is considerbly longer -- 72 pp. for the latest
compared to 25 pp. for the 1992 version.

Here're the CCA's TOC and Introduction:

Table of Contents

1. Introduction 
   1.1. Notations 
   1.2. Definitions 

2. Procedures 

   2.1. Authentication Key (A-Key) Procedures
        2.1.1. A-Key Checksum calculation            
        2.1.2. A-Key Verification

   2.2. SSD Generation and Update
        2.2.1. SSD Generation Procedure            
        2.2.2. SSD Update Procedure

   2.3. Authentication Signature Calculation Procedure

   2.4. Encryption Key and VPM Generation Procedure
        2.4.1. CMEA key Generation            
        2.4.2. Voice Privacy Mask Generation

   2.5. CMEA Encryption/Decryption Procedure

   2.6. Wireless Residential Extension Procedures
        2.6.1. WIKEY Generation            
        2.6.2. WIKEY Update Procedure            
        2.6.3. Wireline Interface Authentication Signature 
               Calculation Procedure            
        2.6.4. Wireless Residential Extension Authentication 
               Signature Calculation Procedure

   2.7. Cellular Data Encryption 
        2.7.1. Data Encryption Key Generation Procedure            
        2.7.2. Data Encryption Mask Generation Procedure

3. TEST VECTORS

   3.1. CAVE Test Vectors
        3.1.1. Vector 1           
        3.1.2. Vector 2            
        3.1.3. Test Program

   3.2. Wireless Residential Extension Test Vectors
        3.2.1. Input data            
        3.2.2. Test program            
        3.2.3. Test Program Output

   3.3. Data Encryption Test Vector
        3.3.1. Input data            
        3.3.2. Test Program            
        3.3.3. Test Program Output
  
1. Introduction

This document describes detailed cryptographic procedures for 
cellular system applications. These procedures are used to 
perform the security services of mobile station authentication, 
subscriber message encryption, and encryption key and subscriber 
voice privacy key generation within cellular equipment.

This document is organized as follows:

§2 describes the Cellular Authentication, Voice Privacy and 
Encryption (CAVE) algorithm used for authentication for mobile 
subscriber equipment and for generation of cryptovariables to 
be used in other procedures.

§2.1 describes the procedure to verify the manual entry of the 
subscriber authentication key (A-key).

§2.2 describes the generation of intermediate subscriber 
cryptovariablcs, Shared Secret Data (SSD), from the unique and 
private subscriber A-key.

§2.3 describes the procedure to calculate an authentication 
signature used by cellular base station equipment for verifying 
the authenticity of a mobile station.

§2.4 describes the procedures used for generating cryptographic 
keys. These keys include the Voice Privacy Mask (VPM) and the 
Cellular Message Encryption Algorithm (CMEA) key. Thc VPM is used 
to provide forward link and reverse link voice confidentiality 
over the air interface. Thc CMEA key is used with the CMEA 
algorithm for protection of digital data exchanged between the 
mobile station and the base station.

§2.5 describes the Cellular Message Encryption Algorithm (CMEA) 
used for enciphering and deciphering subscriber data exchanged 
between the mobile station and the base station.

§2.6 describes the procedures for key and authentication 
signature generation for wireless residential extension 
applications.

§2.7 describes the ORYX algorithm and procedures for key and mask 
generation for encryption and decryption in cellular data services.

§3 provides test data (vectors) that may be employed to verify 
the correct operation of the cryptographic algorithms described 
in this document. ...

[End CCA Introduction]

The related CCA Interface Specification "describes the interfaces
to cryptographic procedures for cellular system applications"
described in the CCA. Its purpose "is to describe the cryptographic
functions without revealing the technical details that are subject
to" ITAR.

The two Appendices A to IS-136 and 627 "contain requirements for 
message encryption and voice privacy for cellular systems" 
supplemental to those described in the main documents, the CCA and 
the CCA Interface Specs.

-----

This note will be put with other CAVE info at:

   http://jya.com/cave.htm

Thanks to TIA/EIA for prompt and courteous reply to our requests. Maybe
they welcome help persuading USG/NSA to allow stronger crypto and
boost the market for cellular systems.