[cryptography] Crypto Fiddling?

Rose, Greg ggr at qualcomm.com
Fri Mar 30 21:38:17 EDT 2012

On 2012 Mar 31, at 11:14 , Jeffrey Walton wrote:
> I'm aware of two standards where folks fiddled with a scheme and
> destroyed its security properties:
> * A5/3 based on Kasumi used in GSM networks
> * EAX' (EAX Prime) based on EAX mode
> Are there any other spectacular failures that come to mind?

I agree that EAX' is broken (badly) in the way it is meant to be used.

I agree that the modification done to MISTY to create Kasumi (basically, throwing away the key schedule) opened it up to related-key attacks.

But I can't agree that A5/3 is broken in practice, because the key derivation and chaining mode can't be manipulated to expose it to these attacks. In fact, knowing that an attacker couldn't go there was part of the justification for weakening the key schedule to make it faster.


More information about the cryptography mailing list