Within the security architecture of the 3GPP system there are two standardised algorithms: A confidentiality algorithm f8
, and an integrity algorithm f9
. These algorithms are fully specified here. Each of these algorithms is based on the KASUMI
algorithm that is specified in a companion document . KASUMI
is a block cipher that produces a 64-bit output from a 64-bit input under the control of a 128-bit key.
The confidentiality algorithm f8
is a stream cipher that is used to encrypt/decrypt blocks of data under a confidentiality key CK
. The block of data may be between 1 and 20000 bits long. The algorithm uses KASUMI
in a form of output-feedback mode as a keystream generator.
The integrity algorithm f9
computes a 32-bit MAC (Message Authentication Code) of a given input message using an integrity key IK
. The approach adopted uses KASUMI
in a form of CBC-MAC mode.
We use the prefix 0x to indicate hexadecimal numbers.
2.2.3 Bit/Byte ordering
We use the assignment operator '=', as used in several programming languages. When we write
<variable> = <expression>
we mean that <variable> assumes the value that <expression> had before the assignment took place. For instance,
(new value of x) becomes (old value of x) + (old value of y) + 3.
All data variables in this specification are presented with the most significant bit (or byte) on the left hand side and the least significant bit (or byte) on the right hand side. Where a variable is broken down into a number of sub-strings, the left most (most significant) sub-string is numbered 0, the next most significant is numbered 1 and so on through to the least significant.
For example an n-bit MESSAGE is subdivided into 64-bit substrings MB0
so if we have a message:
MB0 = 0x0123456789ABCDEF
MB1 = 0xFEDCBA9876543210
MB2 = 0x86545381AB594FC2
MB3 = 0x8786404C50A37…
In binary this would be:
MB0 = 0000000100100011010001010110011110001001101010111100110111101111
MB1 = 1111111011011100101110101001100001110110010101000011001000010000
MB2 = 1000011001010100010100111000000110101011010110010100111111000010
MB3 = 1000011110000110010000000100110001010000101000110111…
2.2.4 List of Symbols Word‑p. 10
The assignment operator.
The bitwise exclusive-OR operation.
The concatenation of the two operands.
The output of the KASUMI algorithm applied to input value x
using the key k.
The ith bit of the variable X. (X = X || X || X || ….. ).
The ith block of the variable Y. (Y = Y0 || Y1 || Y2 || …. ).
are 64-bit registers that are used within the f8 and f9 functions to hold intermediate values.
a 5-bit input to the f8 function.
a 64-bit counter used in the f8 function.
an integer variable indicating the number of successive applications of KASUMI that need to be performed, for both the f8 and f9 functions.
a 128-bit confidentiality key.
a 32-bit time variant input to both the f8 and f9 functions.
a 1-bit input to both the f8 and f9 functions indicating the direction of transmission (uplink or downlink).
a 32-bit random input to the f9 function.
the input bit stream to the f8 function.
a 128-bit integrity key.
a 128-bit constant that is used to modify a key. This is used in both the f8 and f9 functions. (It takes a different value in each function).
is the ith bit of keystream produced by the keystream generator.
is the ith block of keystream produced by the keystream generator. Each block of keystream comprises 64 bits.
is an input to the f8 and f9 functions. It specifies the number of bits in the input bitstream.
is the 32-bit message authentication code (MAC) produced by the integrity function f9.
is the input bitstream of LENGTH bits that is to be processed by the f9 function.
the output bit streams from the f8 function.
is the input padded string processed by the f9 function.
is a 64-bit value that is used within the f8 function.