|
|
|
|
ETSI TETRA TAA TEA TEA4 → ← TEA2
TETRA Encryption Algorithm 3
TEA3, short for TETRA Encryption Algorithm 3, 1 is a
stream cipher associated with
Terrestrial Trunked Radio (TETRA), a
European standard for public and emergency services, standardized
by the European Telecommunications Standards Institute (ETSI).
Part of the TEA suite of encryption algorithms, it is intended for
public safety services outside Europe. It is similar, but not
identical, to TEA2. It is likely that it is stronger than TEA1
but not as strong as TEA2, although the latter is by no means obvious.
It is widely adopted in non-EU countries like India, China and Mexico [4].
|
It is currently unknown when and where the TEA3 algorithms was
developed, but given the fact that its structure is similar to the
TEA1 and TEA2 algorithms, it seems likely that it originates
at Philips Crypto BV in Eindhoven (Netherlands).
It might however have been modified elsewhere.
TEA3 uses the full 80-bit key length and was evaluated by
ETSI-SAGE — an international group of experts from commercial
and governmental parties.
As the algorithm is secret, it has never been submitted for peer-review
or in-depth security analysis.
In July 2023, Dutch cyber security firm
Midnight Blue revealed that it had
managed to extract, isolate and analyse the algorithm from a working
TETRA radio as part of its TETRA:BURST
research project.
In the event, no immediately visible weaknesses were found in the TEA3
algorithm, although two peculiarities were observed that call for
further cryptanalysis [4].
In addition to this, other vulnerabilities in the TETRA protocol suite
were identified [2][4].
|
|
-
Not to be confused with Tiny Encryption Algorithm.
➤ Wikipedia
|
The diagram below shows the structure of the TEA3 key stream generator
which consists of two parts: a 64-bit state register (R) and an 80-bit
key register (K).
The state register (R) is initialised with the Initialisation Vector (IV),
whilst the key register (K) is initialised with the original key.
The key register is basically a Linear Feedback Shift Register (LFSR)
with an S-box lookup table (S).
It is only fed with data from itself and produces a
key-dependent output, independent from the IV.
|
Structure of the TEA3 stream cipher
|
The state register (R) is also a Linear Feedback Shift Register (LFSR)
that produces the output key stream byte at the top left (R0).
It consists of two parts (R0-R2
and R3-R7) with an XOR inbetween.
F1 is a non-linear function that takes two input bytes
(R5, R6) and produces one output byte that is
mixed with the feedback loop.
F2 is also a non-linear function that takes two input bytes
(R1, R2) and produces one output byte that is
mixed in the middle of the state register (R2-R3).
(B) is a simple bit permutation of which the output is mixed with the
feedback loop.
The following peculiarities were observed in [4]:
|
- S-box defect
In the TEA3 S-box (S), two input bytes (0x14 and 0x9E ) map to the
same output
value (0xC2 ), while one output value (0xD2 ) does not occur.
This means that it is not a permutation.
Although this could be explained as an unintended mistake — the output
values differ only by one bit — this is highly unlikely in the context
of a professional and evaluated (export) algorithm.
The exact implications of this 'defect' are not yet clear and call for
further analysis.
- K0 direct feedback
Key register K0 is directly mixed with the input of the
key register, rather than being fed through the S-box. The implication
of this bypass is unclear, but it should be noted that it is
not present in the other TEAs.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Wednesday 09 August 2023. Last changed: Wednesday, 10 January 2024 - 13:28 CET.
|
|
|
|
|