The confidentiality algorithm GEA5 is a stream cipher that is used to encrypt/decrypt blocks of data under a confidentiality key KC128. The block of data may be between 1 and 65536 octets long. The algorithm uses SNOW 3G [2] as a keystream generator
The integrity algorithm GIA5 computes a 32-bit MAC (Message Authentication Code) of a given input message using an integrity key KI128. The approach adopted uses SNOW 3G.
The prefix "0x" is used to indicate hexadecimal numbers.
The assignment operator "=", is used as in several programming languages. So:
<variable> = <expression>
means that <variable> assumes the value that <expression> had before the assignment took place. For instance:
means:
(new value of x) becomes (old value of x) + (old value of y) + 3.
All data variables in the present document are presented with the most significant bit (or byte) on the left hand side and the least significant bit (or byte) on the right hand side. Where a variable is broken down into a number of sub-strings, the left most (most significant) sub-string is numbered 0, the next most significant is numbered 1 and so on through to the least significant.
For example an n-bit MESSAGE is subdivided into 64-bit substrings MB0,MB1…MBi so for a message:
0x0123456789ABCDEFFEDCBA987654321086545381AB594FC28786404C50A37…
is:
MB0 = 0x0123456789ABCDEF
MB1 = 0xFEDCBA9876543210
MB2 = 0x86545381AB594FC2
MB3 = 0x8786404C50A37…
In binary this would be:
000000010010001101000101011001111000100110101011110011011110111111111110…
with
MB0 = 0000000100100011010001010110011110001001101010111100110111101111
MB1 = 1111111011011100101110101001100001110110010101000011001000010000
MB2 = 1000011001010100010100111000000110101011010110010100111111000010
MB3 = 1000011110000110010000000100110001010000101000110111…
CONSTANT-F
a 32-bit parameter which is constant for any given FRAMETYPE input.
DIRECTION
the 1-bit input to both the GEA5 and GIA5 functions indicating the direction of transmission (uplink or downlink).
FRAMETYPE
an 8-bit input to the GEA5 and GIA5 functions indicating the type of frame to be protected.
INPUT
the 32-bit time variant input to the GEA5 function.
INPUT-I
the 32-bit time variant input to the GIA5 function.
KC128
the 128-bit confidentiality key.
KI128
the 128-bit integrity key.
KS[i]
the ith bit of keystream produced by the keystream generator.
L
the number of 32-bit words of SNOW 3G keystream that are generated by GEA5 (equal to M / 4).
LENGTH
a 64 bit parameter defined within GIA5 which specifies the number of bits of message to be MAC'd (equal to 8 times M).
M
the input to the GEA5 function which specifies the number of octets of output required (1-65536); also the input to the GIA5 function which specifies the number of octets of message to be MAC' (1-65536).
MAC
the 32-bit message authentication code (MAC) produced by the integrity function GIA5.
MESSAGE
the input bitstream of LENGTH bits that is to be processed by the GIA5 function.
OUTPUT
the output octets from the GEA5 function.
S1, S2, …
a sequence of 64-bit words derived from MESSAGE and LENGTH which is used within GIA5 to construct the MAC.
z1, z2, …
the 32-bit words forming the keystream sequence of SNOW 3G. The word produced first is z1, the next word z2 and so on.