A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2013; you can also visit the original URL.
The file type is
Lecture Notes in Computer Science
Over the last 20 years, the privacy of most GSM phone conversations was protected by the A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They are being replaced now by the new A5/3 and A5/4 algorithms, which are based on the block cipher KASUMI. In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple relatedkey distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 2 −14 . Bydoi:10.1007/978-3-642-14623-7_21 fatcat:hfbci6i2uvdq5hcxbhuklsipca