A real-time inversion attack on the GMR-2 cipher used in the satellite phones

作     者：Jiao HU Ruilin LI Chaojing TANG 

作者机构：College of Electronic Science National University of Defense Technology 

出 版 物：《Science China(Information Sciences)》 (中国科学:信息科学(英文版))

年 卷 期：2018年第61卷第3期

页      面：157-174页

核心收录：

学科分类：11[军事学] 1105[军事学-军队指挥学] 0839[工学-网络空间安全] 08[工学] 110505[军事学-密码学] 110503[军事学-军事通信学] 

基　　金：supported by National Nature Science Foundation of China(Grant Nos.61402515 61672530) 

主　　题：satellite phone stream cipher GMR-2 cryptanalysis inversion attack 

摘      要：The GMR-2 cipher is a type of stream cipher currently being used in some inmarsat satellite phones. It has been proven that such a cipher can be cracked using only one single-frame（15 bytes） known keystream but with moderate executing time. In this paper, we present a new thorough security analysis of the GMR-2 cipher. We first study the inverse properties of the cipher s components to reveal a bad one-way character of the cipher. By then introducing a new concept called valid key chain according to the cipher s key schedule, we propose an unprecedented real-time inversion attack using a single-frame keystream. This attack comprises three phases:（1） table generation;（2） dynamic table look-up, filtration and combination;and（3） verification. Our analysis shows that, using the proposed attack, the size of the exhaustive search space for the 64-bit encryption key can be reduced to approximately 213when a single-frame keystream is available. Compared with previous known attacks, this inversion attack is much more efficient. Finally, the proposed attack is carried out on a 3.3-GHz PC, and the experimental results thus obtained demonstrate that the 64-bit encryption-key could be recovered in approximately 0.02 s on average.