E.11 (informative annex): Guidelines for generation of random numbers

3GPP43.020Release 17Security related network functionsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Both the CTS-MS and the CTS-FP must on occasions generate « random » numbers as inputs to security algorithms. Specifically:

– the 128-bit input CH1 to the algorithms B1 and B3 is generated by the CTS-FP;

– the 128-bit input CH2 to the algorithms B4 is generated by the CTS-MS;

– the 64-bit input R_IFP to the algorithm B2 is generated by the CTS-FP;

– the 64-bit input R_IMS to the algorithm B2 is generated by the CTS-MS;

This section indicates the requirements on the « randomness » of these values. There are essentially two requirements: non-repetition (for CH1 to CH2, which are the generated many times) and unpredictability.

Non-repetition of CH1 and CH2: The probability that a new value CH1 (or CH2) is the same as any one particular previously generated value of CH1 (or CH2) should not be significantly greater than 2^-128 . It is assumed that the number of values of CH1 (or CH2) generated by any CTS-FP will be much less than 2^-128.

Unpredictability of CH1 and CH2: It is not necessary for every new CH1 (or CH2) to be « completely random », i.e. to be exactly likely to assume any possible value, independent of all previously generated values. However, the generation must not be easily predictable. Given all previously generated values of the CH1 (or CH2), the probability that a newly generated CH1 (or CH2) will assume any specific value should not be greater than 2^-32.

Unpredictability of R_IFP and R_IMS: The probability that R_IFP (or R_IMS) will assume any specific value should be not greater than 2^-32.

Annex F (normative):
Ciphering of Voice Group Call Service (VGCS) and Voice Broadcast Service (VBS)

This Annex defines the security related service and functions for VGCS and VBS in order to provide confidentiality protection to the group calls.

All data variables in this Annex are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant.