Cellular Message Encryption Algorithm
Encyclopedia
In cryptography
, the Cellular Message Encryption Algorithm (CMEA) is a block cipher
which was used for securing mobile phone
s in the United States
. CMEA is one of four cryptographic primitives specified in a Telecommunications Industry Association
(TIA) standard, and is designed to encrypt the control channel, rather than the voice data. In 1997, a group of cryptographers published attacks on the cipher
showing it had several weaknesses which give it a trivial effective strength of a 24-bit to 32-bit cipher.
Some accusations were made that the NSA had pressured the original designers into crippling CMEA, but the NSA has denied any role in the design or selection of the algorithm. The ECMEA and SCEMA ciphers are derived from CMEA.
CMEA is described in . It is byte-oriented, with variable block size
, typically 2 to 6 bytes. The key size
is only 64 bits. Both of these are unusually small for a modern cipher. The algorithm consists of only 3 passes over the data: a non-linear left-to-right diffusion operation, an unkeyed linear mixing, and another non-linear diffusion that is in fact the inverse of the first. The non-linear operations use a keyed lookup table
called the T-box, which uses an unkeyed lookup table called the CaveTable. The algorithm is self-inverse; re-encrypting the ciphertext with the same key is equivalent to decrypting it.
CMEA is severely insecure. There is a chosen-plaintext attack
, effective for all block sizes, using 338 chosen plaintexts. For 3-byte blocks (typically used to encrypt each dialled digit), there is a known-plaintext attack
using 40 to 80 known plaintexts. For 2-byte blocks, 4 known plaintexts suffice.
The "improved" CMEA, CMEA-I, is not much better: chosen-plaintext attack of it requires less than 850 plaintexts in its adaptive version.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, the Cellular Message Encryption Algorithm (CMEA) is a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
which was used for securing mobile phone
Mobile phone
A mobile phone is a device which can make and receive telephone calls over a radio link whilst moving around a wide geographic area. It does so by connecting to a cellular network provided by a mobile network operator...
s in the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
. CMEA is one of four cryptographic primitives specified in a Telecommunications Industry Association
Telecommunications Industry Association
The Telecommunications Industry Association is accredited by the American National Standards Institute to develop voluntary, consensus-based industry standards for a wide variety of ICT products, and currently represents nearly 400 companies...
(TIA) standard, and is designed to encrypt the control channel, rather than the voice data. In 1997, a group of cryptographers published attacks on the cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
showing it had several weaknesses which give it a trivial effective strength of a 24-bit to 32-bit cipher.
Some accusations were made that the NSA had pressured the original designers into crippling CMEA, but the NSA has denied any role in the design or selection of the algorithm. The ECMEA and SCEMA ciphers are derived from CMEA.
CMEA is described in . It is byte-oriented, with variable block size
Block size (cryptography)
In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...
, typically 2 to 6 bytes. The key size
Key size
In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
is only 64 bits. Both of these are unusually small for a modern cipher. The algorithm consists of only 3 passes over the data: a non-linear left-to-right diffusion operation, an unkeyed linear mixing, and another non-linear diffusion that is in fact the inverse of the first. The non-linear operations use a keyed lookup table
Lookup table
In computer science, a lookup table is a data structure, usually an array or associative array, often used to replace a runtime computation with a simpler array indexing operation. The savings in terms of processing time can be significant, since retrieving a value from memory is often faster than...
called the T-box, which uses an unkeyed lookup table called the CaveTable. The algorithm is self-inverse; re-encrypting the ciphertext with the same key is equivalent to decrypting it.
CMEA is severely insecure. There is a chosen-plaintext attack
Chosen-plaintext attack
A chosen-plaintext attack is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. The goal of the attack is to gain some further information which reduces the security of the...
, effective for all block sizes, using 338 chosen plaintexts. For 3-byte blocks (typically used to encrypt each dialled digit), there is a known-plaintext attack
Known-plaintext attack
The known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext , and its encrypted version . These can be used to reveal further secret information such as secret keys and code books...
using 40 to 80 known plaintexts. For 2-byte blocks, 4 known plaintexts suffice.
The "improved" CMEA, CMEA-I, is not much better: chosen-plaintext attack of it requires less than 850 plaintexts in its adaptive version.
See also
- A5/1A5/1A5/1 is a stream cipher used to provide over-the-air communication privacy in the GSM cellular telephone standard. It was initially kept secret, but became public knowledge through leaks and reverse engineering. A number of serious weaknesses in the cipher have been identified.-History and...
, the broken encryption algorithm used in the GSM cellular telephone standard - ORYXORYXORYX is an encryption algorithm used in cellular communications in order to protect data traffic. It is a stream cipher designed to have a very strong 96-bit key strength with a way to reduce the strength to 32-bits for export...
- CAVE