A New Guess-and-Determine Method for Cryptanalysis of the GSM Encryption

<table class="table-group" id="tab3"><tr><td><table class="table"><tr><td class="thead-hr" colspan="7"><hr/></td></tr><tr class="thead"><td class="align_left">Attack</td><td class="align_center">PW</td><td class="align_center">CC</td><td class="align_center">Known keystream</td><td class="align_center">Success probability (%)</td><td class="align_center">Memory requirement</td><td class="align_center">Time to recover key</td></tr><tr><td class="thead-hr" colspan="7"><hr/></td></tr><tr><td class="align_left">Proposed in [<a href="/journals/complexity/2023/7249127/#B12" target="_blank">12</a>]</td><td class="align_center"><span style="width: 15.7578ptpx;"><svg height="11.6412pt" id="M36" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.5914 15.7578 11.6412" width="15.7578pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.24,-5.741)"><path d="M290 377C321 398 342 415 358 430C378 450 389 473 389 502C389 578 329 635 238 635H237C184 635 137 610 109 578L64 515L88 493C112 529 154 573 208 573S303 542 303 482C303 409 233 370 141 341L149 308C165 313 190 319 215 319C272 319 341 283 341 193C342 98 292 43 222 43C163 43 122 72 96 94C88 101 79 100 70 94C61 87 47 73 46 60C44 47 48 37 62 23C76 10 118 -12 165 -12C238 -12 430 62 430 223C430 297 379 359 290 375V377Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.672,-5.741)"><path d="M253 635C142 635 71 555 71 471C71 401 113 353 178 316C144 294 106 267 91 252C70 231 46 202 46 157C46 51 132 -12 241 -12C328 -12 442 52 442 168C442 257 379 305 311 343C354 373 380 398 388 407C406 428 417 458 417 487C417 568 348 635 253 635ZM240 600C288 600 340 563 340 481C340 423 313 387 279 360C207 394 148 427 148 499C148 549 182 600 240 600ZM252 23C188 23 129 73 129 163C129 217 162 266 211 298C289 260 360 217 360 144C360 69 312 23 252 23Z"></path></g></svg></span></td><td class="align_center"><span style="width: 26.8191ptpx;"><svg height="11.6412pt" id="M37" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.5914 26.8191 11.6412" width="26.8191pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.24,-5.741)"><path d="M290 377C321 398 342 415 358 430C378 450 389 473 389 502C389 578 329 635 238 635H237C184 635 137 610 109 578L64 515L88 493C112 529 154 573 208 573S303 542 303 482C303 409 233 370 141 341L149 308C165 313 190 319 215 319C272 319 341 283 341 193C342 98 292 43 222 43C163 43 122 72 96 94C88 101 79 100 70 94C61 87 47 73 46 60C44 47 48 37 62 23C76 10 118 -12 165 -12C238 -12 430 62 430 223C430 297 379 359 290 375V377Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.672,-5.741)"><path d="M247 635C116 635 39 518 39 421C39 315 113 237 221 237C239 237 258 241 281 253L349 289C315 140 204 42 60 19L66 -15C90 -15 153 -5 207 16C344 70 447 199 447 385C447 521 373 635 247 635ZM231 598C329 598 356 478 356 390C356 371 355 347 352 325C330 309 297 297 262 297C179 297 127 369 127 456C127 515 156 598 231 598Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,15.104,-5.741)"><path d="M117 -12C153 -12 178 12 178 50C178 84 153 110 118 110C84 110 59 84 59 50C59 12 84 -12 117 -12Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,17.261,-5.741)"><path d="M247 635C116 635 39 518 39 421C39 315 113 237 221 237C239 237 258 241 281 253L349 289C315 140 204 42 60 19L66 -15C90 -15 153 -5 207 16C344 70 447 199 447 385C447 521 373 635 247 635ZM231 598C329 598 356 478 356 390C356 371 355 347 352 325C330 309 297 297 262 297C179 297 127 369 127 456C127 515 156 598 231 598Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,21.694,-5.741)"><path d="M389 0V32C297 38 291 46 291 118V635C234 613 175 595 109 583V556L161 554C203 552 207 547 207 497V118C207 46 201 38 110 32V0H389Z"></path></g></svg></span></td><td class="align_center">2<sup>20.8</sup> bits</td><td class="align_center">63</td><td class="align_center">64 GB</td><td class="align_center">Impractical attack</td></tr><tr><td class="align_left">Biased birthday attack 1 [<a href="/journals/complexity/2023/7249127/#B14" target="_blank">14</a>]</td><td class="align_center"><span style="width: 15.7578ptpx;"><svg height="11.6412pt" id="M38" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.5914 15.7578 11.6412" width="15.7578pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.24,-5.741)"><path d="M462 177V227H365V632H320C217 496 116 350 21 208V177H284V109C284 43 280 38 190 31V0H451V31C369 38 365 43 365 108V177H462ZM284 227H88C155 336 218 430 282 519H284V227Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.672,-5.741)"><path d="M253 635C142 635 71 555 71 471C71 401 113 353 178 316C144 294 106 267 91 252C70 231 46 202 46 157C46 51 132 -12 241 -12C328 -12 442 52 442 168C442 257 379 305 311 343C354 373 380 398 388 407C406 428 417 458 417 487C417 568 348 635 253 635ZM240 600C288 600 340 563 340 481C340 423 313 387 279 360C207 394 148 427 148 499C148 549 182 600 240 600ZM252 23C188 23 129 73 129 163C129 217 162 266 211 298C289 260 360 217 360 144C360 69 312 23 252 23Z"></path></g></svg></span></td><td class="align_center">1 second</td><td class="align_center"><svg height="11.6412pt" id="M39" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.5914 22.3708 11.6412" width="22.3708pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.24,-5.741)"><path d="M414 144C384 79 371 75 317 75H135L276 221C367 316 408 376 408 465C408 570 327 635 237 635C179 635 131 609 100 575L42 494L67 471C94 510 138 565 205 565C277 565 321 517 321 435C321 348 258 270 195 195C146 137 88 81 33 26V0H411C423 44 433 88 446 135L414 144Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.672,-5.741)"><path d="M245 635C92 635 37 457 37 312C37 149 91 -12 244 -12C395 -12 449 166 449 312C449 469 395 635 245 635ZM243 598C332 598 358 454 358 312C358 173 334 26 245 26C158 26 128 174 128 313S152 598 243 598Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,15.103,-5.741)"><path d="M117 -12C153 -12 178 12 178 50C178 84 153 110 118 110C84 110 59 84 59 50C59 12 84 -12 117 -12Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,17.26,-5.741)"><path d="M158 548H390L417 615L410 623H122L83 318C105 326 143 337 185 337C296 337 350 275 350 188C350 116 308 42 225 42C164 42 122 74 100 93C90 101 82 99 72 92C60 82 51 68 50 59C48 46 52 38 66 24C82 9 125 -12 172 -12C225 -11 292 15 346 59C408 108 437 166 437 226C437 309 371 397 242 397C214 397 170 382 133 369L158 548Z"></path></g></svg> bits</td><td class="align_center">60</td><td class="align_center">146 GB</td><td class="align_center">Impractical attack</td></tr><tr><td class="align_left">Biased birthday attack 2 [<a href="/journals/complexity/2023/7249127/#B14" target="_blank">14</a>]</td><td class="align_center"><span style="width: 15.7578ptpx;"><svg height="11.6412pt" id="M40" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.5914 15.7578 11.6412" width="15.7578pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.24,-5.741)"><path d="M462 177V227H365V632H320C217 496 116 350 21 208V177H284V109C284 43 280 38 190 31V0H451V31C369 38 365 43 365 108V177H462ZM284 227H88C155 336 218 430 282 519H284V227Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.672,-5.741)"><path d="M414 144C384 79 371 75 317 75H135L276 221C367 316 408 376 408 465C408 570 327 635 237 635C179 635 131 609 100 575L42 494L67 471C94 510 138 565 205 565C277 565 321 517 321 435C321 348 258 270 195 195C146 137 88 81 33 26V0H411C423 44 433 88 446 135L414 144Z"></path></g></svg></span></td><td class="align_center">1 second</td><td class="align_center"><svg height="11.6412pt" id="M41" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.5914 22.3708 11.6412" width="22.3708pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.24,-5.741)"><path d="M414 144C384 79 371 75 317 75H135L276 221C367 316 408 376 408 465C408 570 327 635 237 635C179 635 131 609 100 575L42 494L67 471C94 510 138 565 205 565C277 565 321 517 321 435C321 348 258 270 195 195C146 137 88 81 33 26V0H411C423 44 433 88 446 135L414 144Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.672,-5.741)"><path d="M245 635C92 635 37 457 37 312C37 149 91 -12 244 -12C395 -12 449 166 449 312C449 469 395 635 245 635ZM243 598C332 598 358 454 358 312C358 173 334 26 245 26C158 26 128 174 128 313S152 598 243 598Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,15.103,-5.741)"><path d="M117 -12C153 -12 178 12 178 50C178 84 153 110 118 110C84 110 59 84 59 50C59 12 84 -12 117 -12Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,17.26,-5.741)"><path d="M158 548H390L417 615L410 623H122L83 318C105 326 143 337 185 337C296 337 350 275 350 188C350 116 308 42 225 42C164 42 122 74 100 93C90 101 82 99 72 92C60 82 51 68 50 59C48 46 52 38 66 24C82 9 125 -12 172 -12C225 -11 292 15 346 59C408 108 437 166 437 226C437 309 371 397 242 397C214 397 170 382 133 369L158 548Z"></path></g></svg> bits</td><td class="align_center">60</td><td class="align_center">292 GB</td><td class="align_center">Impractical attack</td></tr><tr><td class="align_left">Subgraph attack [<a href="/journals/complexity/2023/7249127/#B14" target="_blank">14</a>]</td><td class="align_center"><span style="width: 15.7578ptpx;"><svg height="11.6412pt" id="M42" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.5914 15.7578 11.6412" width="15.7578pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.24,-5.741)"><path d="M462 177V227H365V632H320C217 496 116 350 21 208V177H284V109C284 43 280 38 190 31V0H451V31C369 38 365 43 365 108V177H462ZM284 227H88C155 336 218 430 282 519H284V227Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.672,-5.741)"><path d="M253 635C142 635 71 555 71 471C71 401 113 353 178 316C144 294 106 267 91 252C70 231 46 202 46 157C46 51 132 -12 241 -12C328 -12 442 52 442 168C442 257 379 305 311 343C354 373 380 398 388 407C406 428 417 458 417 487C417 568 348 635 253 635ZM240 600C288 600 340 563 340 481C340 423 313 387 279 360C207 394 148 427 148 499C148 549 182 600 240 600ZM252 23C188 23 129 73 129 163C129 217 162 266 211 298C289 260 360 217 360 144C360 69 312 23 252 23Z"></path></g></svg></span></td><td class="align_center">3–6 minutes</td><td class="align_center"><svg height="11.6412pt" id="M43" style="vertical-align:-0.04979992pt" version="1.1" viewbox="-0.0498162 -11.5914 22.3708 11.6412" width="22.3708pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M412 140C382 77 369 73 315 73H129L270 222C362 320 402 379 402 466C402 571 322 635 234 635C177 635 130 609 99 576L42 495L64 475C90 514 133 568 201 568C274 568 318 519 318 435C318 349 255 267 193 193C144 135 87 78 32 23V0H405C417 45 427 89 440 131L412 140Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,6.24,-5.741)"><path d="M389 0V32C297 38 291 46 291 118V635C234 613 175 595 109 583V556L161 554C203 552 207 547 207 497V118C207 46 201 38 110 32V0H389Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.672,-5.741)"><path d="M462 177V227H365V632H320C217 496 116 350 21 208V177H284V109C284 43 280 38 190 31V0H451V31C369 38 365 43 365 108V177H462ZM284 227H88C155 336 218 430 282 519H284V227Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,15.104,-5.741)"><path d="M117 -12C153 -12 178 12 178 50C178 84 153 110 118 110C84 110 59 84 59 50C59 12 84 -12 117 -12Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,17.26,-5.741)"><path d="M453 623H65C60 580 56 530 46 472H80C103 538 110 548 175 548H389C310 380 195 168 90 0L98 -12L175 -2C273 206 366 408 462 610L453 623Z"></path></g></svg> bits</td><td class="align_center">60</td><td class="align_center">146 GB</td><td class="align_center">Impractical attack</td></tr><tr><td class="align_left">Proposed in [<a href="/journals/complexity/2023/7249127/#B15" target="_blank">15</a>]</td><td class="align_center">0</td><td class="align_center">2<sup>51.24</sup></td><td class="align_center">Only 64 bits</td><td class="align_center">18</td><td class="align_center">0</td><td class="align_center">7 hours</td></tr><tr><td class="align_left">Proposed in [<a href="/journals/complexity/2023/7249127/#B20" target="_blank">20</a>]</td><td class="align_center">0</td><td class="align_center">2<sup>54.04</sup></td><td class="align_center">Only 64 bits</td><td class="align_center">100</td><td class="align_center">0</td><td class="align_center">7 hours</td></tr><tr><td class="align_left">Proposed in [<a href="/journals/complexity/2023/7249127/#B4" target="_blank">4</a>]</td><td class="align_center">NA</td><td class="align_center">NA</td><td class="align_center">Only 64 bits</td><td class="align_center">81</td><td class="align_center">984 GB</td><td class="align_center">9 seconds</td></tr><tr><td class="align_left">Proposed in [<a href="/journals/complexity/2023/7249127/#B5" target="_blank">5</a>]</td><td class="align_center">NA</td><td class="align_center">NA</td><td class="align_center">Only 64 bits</td><td class="align_center">80.08</td><td class="align_center">3.84 TB</td><td class="align_center">33 seconds</td></tr><tr><td class="align_left">Proposed in this paper</td><td class="align_center">0</td><td class="align_center">2<sup>52</sup></td><td class="align_center">Only 64 bits</td><td class="align_center">96.6</td><td class="align_center">64 GB</td><td class="align_center">12 seconds</td></tr><tr class="table-tr"><td colspan="7"><hr class="tbody-hr"/></td></tr></table></td></tr><tr class="table-fn"><td><div>Large amount of keystream requirements makes first four attacks impractical; needing of lot of precomputation data is also a big obstacle in practicality of these four attacks.<br/></div></td></tr></table>

<div>Comparison of related attacks (PW: precomputation workload; CC: computational complexity).</div>

Complexity

tab3

Table 3

Table 3: A New Guess-and-Determine Method for Cryptanalysis of the GSM Encryption 