TS 55.241
Specification of the
GIA4 Encryption Algorithms for GPRS –
GIA4 Specification
V17.0.0 (PDF)
2022/03 13 p.
V16.0.0
2020/06 13 p.
V15.0.1
2018/06 12 p.
V14.0.1
2018/06 12 p.
V13.0.1
2018/06 12 p.
- Rapporteur:
- Mr. Evans, Tim P.
VODAFONE Group Plc
Content for TS 55.241 Word version: 17.0.0
0 Introduction
1 Scope
2 References
3 Definitions, symbols and abbreviations
4 Introductory information
5 Integrity algorithm GIA4
A Components and architecture of the GIA4 algorithm
B Simulation program listing
$ Change History
0 Introduction Word‑p. 4
This specification has been prepared by the 3GPP Task Force, and gives a detailed specification of the 3GPP integrity algorithm GIA4.
This document is the first of three, which between them form the entire specification of the 3GPP Integrity Algorithm GIA4:
- 3GPP TS 55.241: "Specification of the GIA4 encryption algorithms for GPRS; GIA4 specification".
- 3GPP TS 55.242: "Specification of the GIA4 encryption algorithms for GPRS; Implementers' test data".
- 3GPP TS 55.243: "Specification of the GIA4 encryption algorithms for GPRS; Design conformance test data".
1 Scope Word‑p. 5
The present document defines the technical details of the 3GPP integrity algorithm GIA4.
2 References Word‑p. 5
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
3 Definitions, symbols and abbreviations Word‑p. 5
3.1 Definitions Word‑p. 5
For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
(none)
3.2 Symbols Word‑p. 5
For the purposes of the present document, the following symbols apply:
=
The assignment operator.
⊕
The bitwise exclusive-OR operation.
||
The concatenation of the two operands.
KASUMI[x]k
The output of the KASUMI algorithm [2] applied to input value x
using the key k.
X[i]
The ith bit of the variable X. (X = X[0] || X[1] || X[2] || …).
Yi
The ith block of the variable Y. (Y = Y0 || Y1 || Y2 || …).
3.3 Abbreviations Word‑p. 6
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
CBC-MAC
Cipher Block Chaining Message Authentication Code
MAC
Message Authentication Code
4 Introductory information Word‑p. 6
4.1 Introduction Word‑p. 6
The integrity algorithm GIA4 computes a 32-bit MAC (Message Authentication Code) of a given input message using integrity key KI128. The approach adopted uses KASUMI TS 35.202 in a form of CBC-MAC mode.
4.2 Notation Word‑p. 6
4.2.1 Radix Word‑p. 6
The prefix "0x" indicates hexadecimal numbers.
4.2.2 Conventions Word‑p. 6
The assignment operator "=", as used in several programming languages.
<variable> = <expression>
means that <variable> assumes the value that <expression> had before the assignment took place. For instance,
x = x + y + 3
means
(new value of x) becomes (old value of x) + (old value of y) + 3.
4.2.3 Bit/byte ordering Word‑p. 6
All data variables in this specification are presented with the most significant bit (or byte) on the left hand side and the least significant bit (or byte) on the right hand side. Where a variable is broken down into a number of sub-strings, the left most (most significant) sub-string is numbered 0, the next most significant is numbered 1 and so on through to the least significant.
For example an n-bit MESSAGE is subdivided into 64-bit substrings MB0, MB1… MBi so if the message is:
0x0123456789ABCDEFFEDCBA987654321086545381AB594FC28786404C50A37…
then:
MB0 = 0x0123456789ABCDEF
MB1 = 0xFEDCBA9876543210
MB2 = 0x86545381AB594FC2
MB3 = 0x8786404C50A37…
In binary this would be:
000000010010001101000101011001111000100110101011110011011110111111111110…
with
MB0 = 0000000100100011010001010110011110001001101010111100110111101111
MB1 = 1111111011011100101110101001100001110110010101000011001000010000
MB2 = 1000011001010100010100111000000110101011010110010100111111000010
MB3 = 1000011110000110010000000100110001010000101000110111…
4.3 List of variables Word‑p. 7
A, B
are 64-bit registers that are used within the function to hold intermediate values.
BLOCKS
an integer variable indicating the number of successive applications of KASUMI that need to be performed.
CONSTANT-F
a 32-bit parameter which is constant for any given FRAMETYPE input.
DIRECTION
a 1-bit input indicating the direction of transmission (uplink or downlink).
FRAMETYPE
an 8-bit input to the function indicating the type of frame to be protected.
INPUT-I
a 32-bit time variant input to the function.
KI128
the 128-bit integrity key.
KM
a 128-bit constant that is used to modify a key.
M
an input to the function which specifies the number of octets of message to be MAC'd (1-65536).
MAC
the 32-bit message authentication code (MAC) produced by the function.
MESSAGE
the input octet stream of length M octets that is to be processed by the function.
PS
is the input padded string processed by the function.
5 Integrity algorithm GIA4 Word‑p. 7
5.1 Introduction Word‑p. 7
The integrity algorithm GIA4 computes a Message Authentication Code (MAC) on an input message under an integrity key IK128. The input message may be between 1 and 65536 octets long.
For ease of implementation the algorithm is based on the same block cipher (KASUMI) as is used by the confidentiality algorithm GEA4.
5.2 Inputs and outputs Word‑p. 7
The inputs to the algorithm are given in Table 5.2.1, the output in Table 5.2.2:
| Parameter | Size (bits) | Comment |
|---|---|---|
| INPUT-I | 32 | Frame dependent input INPUT-I[0]…INPUT-I[31] |
| M | The length of MESSAGE in octets (1-65536) | |
| MESSAGE | 8M | Input octet stream MESSAGE{0}….MESSAGE{M-1} |
| DIRECTION | 1 | Direction of transmission DIRECTION[0] |
| FRAMETYPE | 8 | Input value signifying the type of frame to be protected |
| KI128 | 128 | Integrity key KI128[0]…KI128[127] |
| Parameter | Size (bits) | Comment |
|---|---|---|
| MAC | 32 | Message authentication code MAC[0]…MAC[31] |
5.3 Components and architecture Word‑p. 8
This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.
5.4 Initialisation Word‑p. 8
This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.
5.5 Calculation Word‑p. 8
This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.
A Components and architecture of the GIA4 algorithm Word‑p. 9
This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.
B Simulation program listing Word‑p. 10
This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.
$ Change History Word‑p. 11
