An improvement of collision probability in biased birthday attack against A5/1 stream cipher

Abstract

A5/1 is the strong version of the encryption algorithm on GSM (Global System for Mobile communications) used in many countries. It is constructed of a combination of three LFSRs (Linear Feedback Shift Registers) with irregular clocking manner. One of the most practical attacks against this algorithm is time-memory trade-off attack, which is based on birthday paradox. The goal of this attack is to find any intersection between precomputed LFSRs states set and set of states generating the output bits in the actual execution of the algorithm. In order to increase feasibility of this attack, the biased birthday attack was introduced. In this attack special states producing a specific pattern in output bits are sampled and only a fraction of the special states with higher probability of occurrence are stored. By using a 16-bit pattern of data there are 248 parallelizable preparation stages. This attack requires about 150 GB of memory and two minutes of conversation. Under these conditions, the probability of collision is about 0.61. In this paper an improvement in the collision probability is introduced without changing the available memory capacity and duration of conversation. Our approach is based on using multiple data patterns instead of using a single one. This approach leads to increment of the preprocessing and the collision probability. It is shown that there is a trade-off between the collision probability and the preprocessing complexity.