3 Definitions and symbols

35.2313GPPDocument 1: Algorithm specificationRelease 17Specification of the TUAK algorithm set: A second example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

3.1 Definitions

For the purposes of the present document, the terms and definitions given in TR 21.905 [14] and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905 [14].

Tuak: The name of this algorithm set is "Tuak". It should be pronounced like "too-ack".

3.2 Symbols

= The assignment operator

 The bitwise exclusive-OR operation

|| The concatenation of the two operands

X[i] The i^th bit of the variable X. (X = X[0] || X[1] || X[2] || ….. )

Π the permutation Keccak-f[1600] (See clause 5.2 and annex C)

The following represent variables used in the algorithm:

AK a 48-bit anonymity key that is the output of either of the functions f5 and f5*

AMF a 16-bit authentication management field that is an input to the functions f1 and f1*

CK a 128-bit or 256-bit confidentiality key that is the output of the function f3

IK a 128-bit or 256-bit integrity key that is the output of the function f4

IN a 1600-bit value that is used as the input to the permutation Π when computing the functions f1, f1*, f2, f3, f4, f5 and f5*

INSTANCE an 8-bit value that is used to specify different modes of operation and different parameter lengths within the algorithm set

K a 128-bit or 256-bit subscriber key that is an input to the functions f1, f1*, f2, f3, f4, f5 and f5*

MAC-A a 64-bit, 128-bit or 256-bit network authentication code that is the output of the function f1

MAC-S a 64-bit, 128-bit or 256-bit resynchronization authentication code that is the output of the function f1*

OP Operator Variant Algorithm Configuration Field (used in MILENAGE)

OUT a 1600-bit value that is taken as the output of the permutation Π when computing the functions f1, f1*, f2, f3, f4, f5 and f5*

RAND a 128-bit random challenge that is an input to the functions f1, f1*, f2, f3, f4, f5 and f5*

RES a 32-bit, 64-bit, 128-bit or 256-bit signed response that is the output of the function f2

SQN a 48-bit sequence number that is an input to either of the functions f1 and f1*. (For f1* this input is more precisely called SQN_MS.) See informative Annex C of [1] for methods of encoding sequence numbers

SQN_MS(See SQN)

TOP a 256-bit Operator Variant Algorithm Configuration Field that is a component of the functions f1, f1*, f2, f3, f4, f5 and f5*

TOP_C a 256-bit value derived from TOP and K and used within the computation of the functions