Specification of the MILENAGE Algorithm Set:

An Example Algorithm Set for the 3GPP

Authentication and Key Generation

Functions f1, f1*, f2, f3, f4, f5 and f5*

Document 1: General

use "3GPP‑Page" to get the Word version

use "ETSI‑search" to get the PDF version

for a better overview, the Table of Contents (ToC) is reproduced

use "ETSI‑search" to get the PDF version

for a better overview, the Table of Contents (ToC) is reproduced

V15.0.0 (PDF)
2018/09 17 p.

V14.0.0
2017/03 17 p.

V13.0.0
2016/01 17 p.

V12.0.0
2014/09 17 p.

V11.0.0
2012/09 17 p.

V10.0.0
2011/04 17 p.

V9.0.0
2009/12 17 p.

V8.0.0
2008/12 17 p.

V7.0.0
2007/06 17 p.

V6.0.0
2005/01 17 p.

V5.0.0
2002/06 17 p.

V4.0.0
2001/05 17 p.

Rapporteur: Mr. Evans, Tim P.

This report is a description of the work undertaken by an ETSI SAGE Task Force on the design of the Milenage
Algorithm Set: an example set of 3GPP Authentication and Key Generation Functions.
The 3GPP Authentication and Key Generation Functions are not standardized. An example set of these algorithms has been produced on request from 3GPP with the intent that it shall be offered to the UMTS operators, to utilise instead of developing their own. An ETSI SAGE Task Force has carried out this work.
The requirement specification from 3GPP SA3 stated that operator personalisation of the example set must be possible and that the basic kernel must be possible to replace.
The example set is based on the block cipher Rijndael, which at the time was one of the AES candidates and the specification describes how the 7 algorithms used in 3GPP authentication and key generation are scheduled around this basic kernel. The specification and associated test data for the example algorithm set is documented in three documents:

- A formal specification of both the modes and the example kernel
- A detailed test data document, covering modes and the example kernel
- A "black box" test data document

1 Scope Word-p. 5
2 References
3 Abbreviations Word-p. 6
4 Structure of this report Word-p. 7
5 Background to the 3GPP Authentication and Key Generation algorithms
6 SAGE 3GPP AF TF work plan
7 Outline of algorithm requirements specification Word-p. 8

7.1 The authentication and key generation functions
7.2 Use of the algorithms on the AuC side
7.3 Use of the algorithms in the USIM Word-p. 9
7.4 Use of the algorithms for resynchronisation in the USIM
7.5 Use of the algorithms for resynchronisation in the HLR/AuC
7.6 Implementation aspects
7.7 Generic requirements for 3GPP cryptographic functions and algorithms Word-p. 10
7.8 Subsequent requirements on the authentication and key generation functions

8 Algorithms design Word-p. 11
8.1 Design criteria
8.2 Chosen design for the framework
8.3 Analysis of the role of OP and OPc Word-p. 12
8.4 Choice of kernel
8.5 Design methodology
8.6 Specification and test data Word-p. 13

9 Algorithm evaluation
9.1 Evaluation criteria
9.2 Mathematical Evaluation of the modes
9.3 Statistical Evaluation
9.4 Side channel attacks evaluation Word-p. 14
9.5 Complexity evaluation
9.6 Evaluation report

10 Release of algorithm specification and test data by SAGE
10.1 SAGE 3GPP AF TF approval for release
10.2 Publication of the algorithm set specification
10.3 Export of the algorithm set specification

A Change history Word-p. 15