3 Introductory information (normative)
3GPP55.205Release 17Specification of the GSM-MILENAGE algorithms: An example algorithm set for the GSM Authentication and Key Generation Functions A3 and A8TS
3.1 Introduction
Within the security architecture of the GSM system there are security functions A3 and A8. The operation of these functions falls completely within the domain of an individual operator, and the functions are therefore to be specified by each operator rather than being fully standardised. The algorithms specified in this document are examples that may be used by an operator who does not wish to design his own.
The inputs and outputs of the two functions are defined in section 3.2.
3.2 Algorithm Inputs and Outputs
The inputs to the algorithms are given in table 1, the outputs in tables 2 and 3 below.
Table 1: Inputs to A3 and A8
|
Parameter |
Size (bits) |
Comment |
|
Ki |
128 |
Subscriber key Ki[0]…Ki[127] |
|
RAND |
128 |
Random challenge RAND[0]…RAND[127] |
Table 2: A3 output
|
Parameter |
Size (bits) |
Comment |
|
SRES |
32 |
Signed response SRES[0]…SRES[31] |
Table 3: A8 output
|
Parameter |
Size (bits) |
Comment |
|
KC |
64 |
Cipher key KC[0]…KC[63] |
3.3 Notation
3.3.1 Bit/Byte ordering
All data variables in this specification are presented with the most significant bit (or byte) on the left hand side and the least significant bit (or byte) on the right hand side. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant. When a variable, with bit length L, is shown in hexadecimal format, bit 0 is the most significant bit of the leftmost hexadecimal digit, and bit L-1 is the least significant bit of the rightmost hexadecimal digit.
3.3.2 List of Symbols
= The assignment operator.
|| The concatenation of the two operands.
The bitwise exclusive-OR operation.
X[i] The ith bit of the variable X. (X = X[0] || X[1] || X[2] || ….. ).