On related-key attacks and KASUMI: the case of A5/3

Phuong Ha Nguyen*, Matthew J. B. Robshaw, Huaxiong Wang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

4 Citations (Scopus)


Due to its widespread deployment in mobile telephony, the block cipher KASUMI is a prominent target for cryptanalysts. While the cipher offers excellent resistance to differential and linear cryptanalysis, in the related-key model there have been several impressive cryptanalytic results. In this paper we revisit these related-key attacks and highlight a small, but important, detail in the specification of KASUMI for the algorithm A5/3; namely that a 64- and not a 128-bit session key is used. We show that existing related-key attacks on KASUMI in the literature are (negatively) impacted by this feature and we provide evidence that repairing these attacks will be difficult.

Original languageEnglish
Title of host publicationProgress in Cryptology - INDOCRYPT 2011
Subtitle of host publication12th International Conference on Cryptology in India, Chennai, India, December 11-14, 2011. Proceedings
EditorsDaniel J. Bernstein, Sanjit Chatterjee
Place of PublicationHeidelberg
PublisherSpringer, Springer Nature
Number of pages14
ISBN (Electronic)9783642255786
ISBN (Print)9783642255779
Publication statusPublished - 2011
Externally publishedYes
Event12th International Conference on Cryptology in India, INDOCRYPT 2011 - Chennai, India
Duration: 11 Dec 201114 Dec 2011

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other12th International Conference on Cryptology in India, INDOCRYPT 2011


  • Block-cipher
  • A5/3
  • related-key attack
  • 64-bit key version of KASUMI


Dive into the research topics of 'On related-key attacks and KASUMI: the case of A5/3'. Together they form a unique fingerprint.

Cite this