Math is hard and cryptography is even harder. So in light of the news that another of the ciphers used to secure traffic on 3G GSM networks has been cracked, we turned to mathematician and cryptographer Bruce Schneier to explain the attack and its ramifications.
So here are Schneier’s answer to a few questions about the Kasumi crack.
How difficult is the attack that the researchers developed?
This is a nice piece of work. They found a practical, related-key attack. It’s not clear whether it can break actual traffic or whether it’s
useful operationally. Related-key attacks are a form of cryptanalysis
that showed up about 10 years ago, but they’re rare in the real world
because you need the related keys. They’re kind of academic, but it’s a real attack. But in order to make it work, you need some plaintext and you need several related keys, which are hard to get in the real world. You need key one and the complement of key one. It’s rare that you have that in the real world.
Is this related to the attack from last month on the A5/1 GSM cipher?
No, they’re completely separate. The ciphers have similar names but the ciphers themselves aren’t even related. It’s confusing, but they’re unrelated. This is a related-key attack and the attack on A5/1 was something completely different.
We see a lot of attacks on crypto implementations but not as many on the crypto itself. Are attacks on the crypto algorithms more difficult?
They’re just different. As a cryptographer I might look at an attack on the implementation and say that doesn’t count, but as a security guy I might look at an attack on the crypto and say that one doesn’t count. If you’re the NSA, they both count. This is breaking the math, not just an implementation. That can be harder to do. But yes, we do see a lot of mistakes in crypto implementations.
So this isn’t an attack that should make everyone throw their 3G phones in the ocean?
No, but there’s never such an attack where you need to throw your stuff in the ocean. Look, we’ve had practical attacks on SSL, we’ve had all of these things. I believe it should be fixed, but it shows the process of crypto. And it shows that you don’t dink around with crypto. Instead of using the existing cipher, they decided to modify it and by modifying it, they broke it pretty badly. Why not use the existing cipher? You just don’t dink around with cryptosystems.