SAT based analysis of LTE stream cipher ZUC

Frédéric Lafitte, Olivier Markowitch, Dirk Van Heule

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Mobile security is of paramount importance. The security of LTE (long term evolution of radio networks), which is currently widely deployed as a long-term standard for mobile networks, relies upon three cryptographic primitives, among which the stream cipher ZUC. In this paper, we point out that the linear feedback shift register (LFSR) used in ZUC has about 225 encodings of the zero state (i.e. all LFSR variables are 0) due to the fact that operations are performed modulo 231 - 1 on 32-bit operands. We use SAT solvers to show that these states are reachable when 64 bits of ZUC's initial state can be chosen (i.e. R1, R2). That is, for each key there are many initial vectors that lead to a weak state after ZUC's initialization. We also use SAT-solvers to disprove the existence of such weak inputs when the initial values of R1, R2 are set to zero as required by the official specifications. Finally, we discuss how the redundancy introduced in ZUC's output function might help mounting SAT-solver based guess-and-determine attacks given a few keystream digits.

Original languageEnglish
Title of host publicationSIN 2013 - Proceedings of the 6th International Conference on Security of Information and Networks
Pages110-116
Number of pages7
DOIs
Publication statusPublished - 2013
Event6th International Conference on Security of Information and Networks, SIN 2013 - Aksaray, Turkey
Duration: 26 Nov 201328 Nov 2013

Publication series

NameSIN 2013 - Proceedings of the 6th International Conference on Security of Information and Networks

Conference

Conference6th International Conference on Security of Information and Networks, SIN 2013
Country/TerritoryTurkey
CityAksaray
Period26/11/1328/11/13

Keywords

  • 128-EEA3
  • 128-EIA3
  • LTE
  • SAT solver
  • Stream cipher
  • ZUC

Fingerprint

Dive into the research topics of 'SAT based analysis of LTE stream cipher ZUC'. Together they form a unique fingerprint.

Cite this