A5/1 was a stream cipher commonly used to encrypt handset to Base Tranceiver Station (BTS) transmission in GSM networks. This cipher is known to pass statistical tests yet it lack of security due to short LFSR usage.
A5/1 consists of 3 LFSR (Linear Feedback Shift Register) called R1, R2 and R3. R1 has 19 bits long, R2 has 22 bits long and R3 has 23 bits long. Each of that LFSR has specific polynomial that represents its tapping terminals. There is also exist another rules called majority rule. This rule stated that an LFSR will be clocked if its middle bit is equal to majority bit, where the majority bit is defined as the sum of all middle bits of all LFSR.
I found that there are two versions of A5/1 implementation exists. Both of them stated different approach of defining R2 and R3. In the other hand, both specification stated the same R1 characteristic. The first one is the one found in Bruce Schneier’s Applied Cryptography book and the other is just the one coded by Marc Briceno, Ian Goldberg, and David Wagner.
Benchmark: (generating 112 bits/14 bytes output)
Key : 12 23 45 67 89 ab cd ef
Frame : 00 01 34
Stream out : 53 4e aa 58 2f e8 15 1a b6 e1 85 5a 72 8c
Version 1.0 Screenshot (deprecated)
Version 2.0 Screenshot (Compatible with Pedagogical A5/1 Implementation)
Here are two versions of them. Please note that first version code is incompatible to Pedagogical C code implementation of A5/1 stream cipher while the second one is fully compatible. Please consider to use the second version if you wish to implement A5/1. Please let me know when you found errors inside my codes. I’ll appreciate you much .