Security Algorithms

A variety of security algorithms are used to provide authentication, cipher key generation, integrity and radio link privacy to users on mobile networks. Details of the various algorithms and how they can be obtained are provided below.

3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3

July 2012: FINAL VERSIONS of the Algorithms 128-EEA3 & 128-EIA3 are now available for download following approval and publication by 3GPP. The algorithms themselves are identical to the draft versions published in January 2011, although some text in the documents has changed slightly. The documents have been included in the LTE standards following recommendations from 3GPP’s Security Group.

Individuals or companies intending to implement and/or use the 128-EEA3 & 128-EIA3 Algorithms will be required to sign a Restricted Usage Undertaking with an appointed custodian, such as the GSM Association. Commercial implementors of the algorithms will need to demonstrate that they satisfy approval criteria specified in the Restricted Usage Undertaking and formal permission to use the algorithms will need to be obtained by way of signing the Restricted Usage Undertaking and paying the EUR4,000 administrative charges that applies to non-members of the GSMA.

The 128-EEA3 & 128-EIA3 algorithms are based on the ZUC algorithm, for which the DCS Centre holds essential patents. Beneficiaries of the 128-EEA3 & 128-EIA3 algorithms must also be licensed by DACAS. DACAS grants royalty-free licenses under those patents under separate written license agreements and subject to other terms and conditions which are believed fair and commercially reasonable. DACAS reserves the right to refuse or withdraw the license to/from the parties that refuse to license, or claim unfair, unreasonable or discriminatory royalty rates for their essential IPR. Implementors can apply for the ZUC patent license here.

The specifications are as follows:

Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3 Revised versions published July 2012 Document 1: Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3: 128-EEA3 & 128-EIA3 Specification pdf
doc
Document 2: Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3: ZUC Specification pdf
doc
Document 3: Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3: Implementor’s Test Data pdf
doc
Document 4: Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3: Design and Evaluation Report pdf
doc

Please note, that by obtaining or distributing this algorithm applicants may also be bound by laws in their own country about cryptographic algorithms. It is their responsibility to conform to all these restrictions.

Every Beneficiary must send to the GSM Association two signed paper copies of the Restricted Usage Undertaking – one copy will be countersigned and returned. Non-GSM Association members must also enclose the Administrative Charge of € 4,000.

3GPP Confidentiality and Integrity Algorithms UEA2 and UIA2

The GSMA , having cooperated in the development of the 3GPP Confidentiality and Integrity Algorithms UEA2 and UIA2 (“The UEA2 & UIA2 Algorithm”), has been granted distribution rights to the Algorithms that have been developed through the collaborative efforts of the 3GPP Organisational Partners.

The UEA2 and UIA2 Algorithm specifications are available below and may be used only for the development and operation of equipment conforming to the UEA2 & UIA2 Algorithm or standards based on it. Every Beneficiary intending to implement and/or use the UEA2 & UIA2 Algorithm must sign a Restricted Usage Undertaking with a Custodian and demonstrate that they satisfy the approval criteria specified in the Restricted Usage Undertaking. A fee of EUR4,000 is chargeable to non-members of the GSMA  wishing to implement and/or use the UEA2 and UIA2 Algorithm.

Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2 Document 1: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2: UEA2 & UIA2 Specifications pdf (227kb)
doc (623kb)
Document 2: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2: SNOW 3G Specification pdf (347kb)
doc (1MB)
Document 3: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2: Implementor’s Test Data pdf (328kb)
doc (1.36MB)
Document 4: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2: Design Conformance Test Data pdf (159kb)
doc (104kb)
Document 5: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2: Design and Evaluation report pdf (347kb)
doc(1MB)

Every Beneficiary must send to the GSM Association two signed paper copies of the Restricted Usage Undertaking – one copy will be countersigned and returned. Non-GSM Association members must also enclose the Administrative Charge of € 4,000.

3GPP A5/3 and GEA3 algorithms

The GSM Association is a Custodian of the A5/3 encryption algorithms for GSM and EDGE, and the GEA3 encryption algorithm for GPRS, that have been developed through the collaborative efforts of the 3GPP Organisational Partners.

The A5/3 and GEA3 encryption algorithm specifications are available below. They may be used only for the development and operation of GSM, EDGE and GPRS mobile communications and services. Every Beneficiary intending to implement and/or use the algorithms must sign a Restricted Usage Undertaking with a Custodian and demonstrate that they fulfill the approval criteria specified in the Restricted Usage Undertaking. A fee of EUR2,000 is chargeable to non-members of the GSM Association wishing to implement and/or use the A5/3 and GEA3 algorithm specifications.

The relevant specifications are as follows:

Specification of the A5/3 Encryption Algorithms for GSM and EDGE, and the GEA3 Encryption Algorithm for GPRS; Document 1: A5/3 and GEA3 Specifications pdf (317kb)
doc (186kb)
Document 2: Implementors’ Test Data pdf (694kb)
doc (140kb)
Document 3: Design Conformance Test Data. pdf (404kb)
doc(111kb)
Document 4: Design and Evaluation report pdf (537kb)
doc (299kb)

Every Beneficiary must send to the GSMA two signed paper copies of the Restricted Usage Undertaking – one copy will be countersigned and returned. Non-GSMA members must also enclose the Administrative Charge of EUR2,000.

GPP A5/4 and GEA4 algorithms

The GSM Association is a Custodian of the A5/4 encryption algorithms for GSM and EDGE, and the GEA4 encryption algorithm for GPRS, that have been developed through the collaborative efforts of the 3GPP Organisational Partners.

The A5/4 and GEA4 encryption algorithm specifications are available below. They may be used only for the development and operation of GSM, EDGE and GPRS mobile communications and services. Every Beneficiary intending to implement and/or use the algorithms must sign a Restricted Usage Undertaking with a Custodian and demonstrate that they fulfill the approval criteria specified in the Restricted Usage Undertaking. A fee of EUR4,000 is chargeable to non-members of the GSM Association wishing to implement and/or use the A5/4 and GEA4 algorithm specifications.

The relevant specifications are as follows:

Specification of the A5/4 Encryption Algorithms for GSM and EDGE, and the GEA4 Encryption Algorithm for GPRS; Document 1: A5/3 and GEA3 Specifications pdf (317kb)
doc (186kb)
Document 2: Implementors’ Test Data pdf (694kb)
doc (140kb)
Document 3: Design Conformance Test Data. pdf (404kb)
doc (111kb)
Document 4: Design and Evaluation report pdf (537kb)
doc (299kb)
Document 5: A5/4 and GEA4 Specifications pdf (268kb)
doc (181kb)

Every Beneficiary must send to the GSMA two signed paper copies of the Restricted Usage Undertaking – one copy will be countersigned and returned. Non-GSMA members must also enclose the Administrative Charge of EUR4,000.

GSM Milenage

The 3GPP specification TS 55.205 contains an example set of algorithms which may be used as the GSM authentication and key generation functions A3 and A8. The algorithms specified in this document are examples that may be used by an operator who does not wish to design his own.

The specification document 3GPP TS 55.205 “Specification of the GSM-MILENAGE Algorithms: An example algorithm set for the GSM Authentication and Key Generation functions A3 and A8” is available here. Download, implementation and use of the example algorithm set is subject to the terms indicated in the document only and is available at no cost.

Authorisation for use of GSM Algorithms by Network Operators

GSM uses three different security algorithms called A3, A5, and A8. In practice, A3 and A8 are generally implemented together (known as A3/A8).

An A3/A8 algorithm is implemented in Subscriber Identity Module (SIM) cards and in GSM network Authentication Centres. It is used to authenticate the customer and generate a key for encrypting voice and data traffic, as defined in 3GPP TS 43.020 (03.20 before Rel-4). Development of A3 and A8 algorithms is considered a matter for individual GSM network operators, although example implementations are available.

An A5 encryption algorithm scrambles the user’s voice and data traffic between the handset and the base station to provide privacy. An A5 algorithm is implemented in both the handset and the base station subsystem (BSS).

Network operator members of the GSMA are provided with written authorisation to use the following algorithms when they join the Association:

  • Example A3/A8 algorithm COMP128-2
  • Example A3/A8 algorithm COMP128-3
  • Encryption algorithm A5/1

GSM Algorithm Specifications Available on Application

Copies of the following example A3/A8 algorithm specifications are available to qualified industry parties (GSM network operators and manufacturers of eligible GSM equipment) on application to the GSMA:

  • COMP128
  • COMP128-2
  • COMP128-3

Copies of the specifications of the following A5 algorithm specifications are available to qualified industry parties (GSM network operators and manufacturers of eligible GSM equipment) on application to the GSMA:

  • A5/1
  • A5/2

Application packs for the above algorithms can be requested from [email protected]. A per-copy fee of EUR2,000 is chargeable to non-members of the GSMA wishing to receive these algorithm specifications.