Did I miss something, or is this the first time that GSM acknowledges in
an official statement (though indirectly) the correctness of the A5/1
implementation provided by Green/Goldberg/Wagner?
Well then, congratulations! Nonetheless, I would be interested to know
where and when this statement was given.
ERIK ZENNER
> Joint statement by Chairman GSM Association Security Group and
> Chairman ETSI SMG10 Security Group
>
> Many questions were raised by the paper of Alex Biryukov and Adi
> Shamir [1] on the GSM A5/1 over the air encryption algorithm, we would
> like to make the following comments:
>
> The paper describes an interesting application of the time^^memory
> trade^^off principle to the A5/1 algorithm. This results in the
> described attack on A5/1 requiring known plaintext relating to the
> first few minutes of a GSM call.
>
> We, and others, have previously examined similar attacks against A5/1,
> but they were considered not practicable. This is because the nature
> of the design of the GSM voice encoding and the GSM frame structure
> leads to very little known plaintext for A5/1.
>
> Although of theoretical interest, the attack described by Biryukov and
> Shamir requires a similar quantity of known plaintext and must
> therefore be considered to be mainly of academic interest. There is
> still no evidence of any commercial violation of the A5/1 algorithm,
> which has now been in use for more than ten years.
>
> However, we are not complacent about GSM security and remain totally
> committed to constantly enhancing the protection offered to our
> customers and to ensuring that GSM is afforded even better security.
>
> Michael Walker Chairman ETSI SMG 10
> Charles Brockton Chairman GSMA SG