C.1 Specifications for Algorithm A5

3GPP43.020Release 17Security related network functionsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

C.1.1 Purpose

Algorithm A5 realizes the protection of both user data and signalling information elements at the physical layer on the dedicated channels (TCH or DCCH).

Synchronization of both the enciphering and deciphering (especially at hand-over) must be guarantied.

C.1.2 Implementation indications

Algorithm A5 is implemented into both the MS and the BSS. On the BSS side description below assumes that one algorithm A5 is implemented for each physical channel (TCH or DCCH).

The ciphering takes place before modulation and after interleaving (see 3GPP TS 45.001); the deciphering takes place after demodulation symmetrically. Both enciphering and deciphering need Algorithm A5 and start at different times (see clause 4).

As an indication, recall that, due to the TDMA techniques used in the system, the useful data (also called the plain text in the sequel) are organized into blocks of NPBB (Number of Payload Bits per Burst, see C.1.5) bits. In the GMSK case NPBB is equal to 114. Then, each block is incorporated into a normal burst (see 3GPP TS 45.002) and transmitted during a time slot. According to 3GPP TS 45.003, in the GMSK case,, the useful information bits into a block are numbered e0 to e56 and e59 to e115 (the flag bits e57 and e58 are ignored). Successive slots for a given physical channel are separated at least by a frame duration, approximately 4.615 ms (see 3GPP TS 45.001).

In the case of 8-PSK modulation (for instance, ECSD), the useful data are organized into longer blocks than 114 bits. According to 3GPP TS 45.003 the useful information in a block is included in 116 symbols which are numbered E(0) to E(115). Each symbol contains 3 bits, hence a block contains 348 useful information bits (NPBB = 348 in the 8-PSK case). See C.1.5 for changes in the details.

For ciphering, Algorithm A5 produces, each 4.615 ms, a sequence of NPBB encipher/decipher bits (here called BLOCK) which is combined by a bit-wise modulo 2 addition with the NPBB-bit plain text block. The first encipher/decipher bit produced by A5 is added to e0, the second to e1 and so on. As an indication, the resulting NPBB-bit block is then applied to the burst builder (see 3GPP TS 45.001). For those A5 algorithms that do not produce bit after bit output, the msb of the BLOCK, as specified in the relevant A5 algorithm specification, has to be regarded as the first produced, subsequently the next but one most significant bit has to be considered as the next produced bit until all BLOCK bits have been added as described above.

NOTE: As an example for A5/3: BLOCK1[0] is to be added with e0, BLOCK1[1] is to be added to e1, …, BLOCK1[9] is to be added with e9 etc.

For each slot, deciphering is performed on the MS side with the first block (BLOCK1) of NPBB bits produced by A5, and enciphering is performed with the second block (BLOCK2). As a consequence, on the network side BLOCK1 is used for enciphering and BLOCK2 for deciphering. Therefore Algorithm A5 must produce two blocks of NPBB bits (i.e. BLOCK1 and BLOCK2) each 4.615 ms.

Synchronization is guarantied by driving Algorithm A5 by an explicit time variable, COUNT, derived from the TDMA frame number. Therefore each NPBB-bit block produced by A5 depends only on the TDMA frame numbering and the ciphering key Kc (or Kc₁₂₈ for A5 algorithms requiring a128-bit key).

COUNT is expressed in 22 bits as the concatenation of the binary representation of T1, T3 and T2. It is an input parameter of Algorithm A5. The coding of COUNT is shown in figure C.1.

Figure C.1: The coding of COUNT

Binary representation of COUNT. Bit 22 is the most significant bit (msb) and bit 1 the least significant bit (lsb) of COUNT. T1, T3 and T2 are represented in binary. (For definition of T1, T3 and T2, see 3GPP TS 45.002).

Figure C.2 summarizes the implementation indications listed above for the GMSK case where NPBB is equal to 114, with only one enciphering/deciphering procedure represented (the second one for deciphering/enciphering is symmetrical).

Figure C.2: Deciphering on the MS side

C.1.3 External specifications of Algorithm A5

C.1.3.1 A5 algorithms with 64-bit keys

The two input parameters (COUNT and Kc) and the output parameters (BLOCK1 and BLOCK2) of Algorithm A5 shall use the following formats:

– length of Kc: 64 bits;

– length of COUNT: 22 bits;

– length of BLOCK1: NPBB bits;

– length of BLOCK2: NPBB bits.

Algorithm A5 shall produce BLOCK1 and BLOCK2 in less than a TDMA frame duration, i.e. 4.615 ms.

NOTE: If the actual length of the ciphering key is less than 64 bits, then it is assumed that the actual ciphering key corresponds to the most significant bits of Kc, and that the remaining and less significant bits are set to zero. It must be clear that for signalling and testing purposes the ciphering key Kc is considered to be 64 unstructured bits.

C.1.3.2 A5 algorithms with 128-bit keys

The two input parameters (COUNT and Kc₁₂₈) and the output parameters (BLOCK1 and BLOCK2) of Algorithm A5 shall use the following formats:

– length of Kc₁₂₈: 128 bits;

– length of COUNT: 22 bits;

– length of BLOCK1: NPBB bits;

– length of BLOCK2: NPBB bits.

Algorithm A5 shall produce BLOCK1 and BLOCK2 in less than a TDMA frame duration, i.e. 4.615 ms.

C.1.4 Internal specification of Algorithm A5

The internal specification of Algorithm A5 is managed under the responsibility of GSMA; it will be made available to in response to an appropriate request.

C.1.5 Definition of NPBB for different modulations

NPBB (Number of Payload Bits per Burst) varies with the modulation used:

• GMSK: NPBB = 114 (applicable to TCH, SDCCH, SACCH, FACCH)

• 8-PSK: NPBB = 348 (applicable to O-TCH, O-FACCH, E-TCH, E-FACCH).