1715:
170:
is only 64 bits. Both of these are unusually small for a modern cipher. The algorithm consists of only 3 passes over the data: a non-linear left-to-right diffusion operation, an unkeyed linear mixing, and another non-linear diffusion that is in fact the inverse of the first. The non-linear operations
225:
1695:
1525:
33:
299:
339:
137:
showing it had several weaknesses which give it a trivial effective strength of a 24-bit to 32-bit cipher. Some accusations were made that the
1363:
1298:
379:
194:, effective for all block sizes, using 338 chosen plaintexts. For 3-byte blocks (typically used to encrypt each dialled digit), there is a
141:
had pressured the original designers into crippling CMEA, but the NSA has denied any role in the design or selection of the algorithm. The
201:
The "improved" CMEA, CMEA-I, is not much better: chosen-plaintext attack of it requires less than 850 plaintexts in its adaptive version.
91:
338 chosen plaintexts break all block sizes, 40-80 known plaintexts break 24-bit blocks, and 4 known plaintexts break 16-bit blocks
1125:
481:
146:
142:
126:
1115:
1278:
1252:
1120:
1016:
1093:
1356:
1262:
372:
1141:
1574:
1505:
1319:
1748:
133:
the control channel, rather than the voice data. In 1997, a group of cryptographers published attacks on the
1349:
409:
1690:
1645:
1448:
1205:
365:
344:
1569:
1222:
1132:
1110:
423:
253:
1685:
1227:
1083:
1036:
511:
278:
163:
63:
1675:
1665:
1520:
1293:
1175:
1050:
419:
293:
184:
1670:
1660:
1453:
1413:
1406:
1391:
1386:
1232:
1021:
392:
191:
1743:
1458:
1401:
1324:
1200:
1195:
1147:
195:
1718:
1564:
1510:
1314:
1137:
996:
574:
1680:
1604:
1217:
1100:
1026:
709:
689:
345:
Cryptanalysis of the
Cellular Message Encryption Algorithm David Wagner Bruce Schneier 1997
73:
8:
1433:
1180:
1157:
476:
1549:
1533:
1475:
1165:
1073:
785:
714:
684:
629:
1609:
1599:
1465:
885:
584:
544:
539:
506:
466:
414:
1544:
1396:
1257:
1152:
1031:
890:
770:
739:
433:
1104:
1088:
1077:
1011:
970:
935:
865:
845:
719:
599:
594:
549:
245:
187:; re-encrypting the ciphertext with the same key is equivalent to decrypting it.
198:
using 40 to 80 known plaintexts. For 2-byte blocks, 4 known plaintexts suffice.
1619:
1539:
1495:
1438:
1423:
1242:
1190:
1001:
986:
925:
920:
805:
554:
249:
154:
1737:
1700:
1655:
1614:
1594:
1485:
1443:
1418:
1237:
1185:
1064:
1046:
835:
810:
800:
624:
614:
461:
159:
118:
84:
1650:
1490:
1480:
1470:
1428:
1372:
1170:
991:
955:
820:
699:
654:
486:
438:
388:
172:
122:
114:
110:
98:
257:
1629:
780:
775:
659:
244:
1589:
1559:
1554:
1515:
1212:
930:
870:
754:
749:
694:
564:
427:
268:
314:
1579:
945:
940:
830:
744:
639:
619:
315:"Cryptanalysis of the Improved Cellular Message Encryption Algorithm"
334:
1624:
1584:
1283:
1247:
1041:
704:
579:
559:
471:
167:
53:
950:
900:
860:
850:
795:
790:
634:
443:
130:
1500:
1288:
910:
905:
840:
825:
815:
760:
734:
729:
724:
604:
589:
274:
134:
1006:
965:
915:
895:
880:
669:
649:
569:
534:
855:
764:
679:
674:
664:
644:
516:
501:
220:
210:
312:
259:
Cryptanalysis of the
Cellular Message Encryption Algorithm
960:
875:
496:
491:
264:
214:
138:
1526:
Cryptographically secure pseudorandom number generator
277:'97, 17th Annual International Cryptology Conference.
387:
349:
306:
1735:
179:, which uses an unkeyed lookup table called the
213:, the broken encryption algorithm used in the
1357:
373:
298:: CS1 maint: multiple names: authors list (
238:
1364:
1350:
380:
366:
127:Telecommunications Industry Association
1736:
190:CMEA is severely insecure. There is a
1345:
361:
103:Cellular Message Encryption Algorithm
129:(TIA) standard, and is designed to
13:
340:Press release and the NSA response
313:Thomas Chardin; Raphaël Marinier.
14:
1760:
328:
1714:
1713:
1371:
149:ciphers are derived from CMEA.
1575:Information-theoretic security
166:, typically 2 to 6 bytes. The
1:
231:
113:which was used for securing
7:
1691:Message authentication code
1646:Cryptographic hash function
1449:Cryptographic hash function
273:. Advances in Cryptology –
217:cellular telephone standard
204:
10:
1765:
1570:Harvest now, decrypt later
125:primitives specified in a
1709:
1686:Post-quantum cryptography
1638:
1379:
1341:
1307:
1271:
1263:Time/memory/data tradeoff
1060:
979:
525:
452:
400:
357:
353:
279:Santa Barbara, California
90:
82:
72:
62:
52:
47:
39:
29:
24:
1676:Quantum key distribution
1666:Authenticated encryption
1521:Random number generation
1051:Whitening transformation
1671:Public-key cryptography
1661:Symmetric-key algorithm
1454:Key derivation function
1414:Cryptographic primitive
1407:Authentication protocol
1392:Outline of cryptography
1387:History of cryptography
1022:Confusion and diffusion
192:chosen-plaintext attack
1459:Secure Hash Algorithms
1402:Cryptographic protocol
196:known-plaintext attack
121:. CMEA is one of four
1565:End-to-end encryption
1511:Cryptojacking malware
1315:Initialization vector
155:U.S. patent 5,159,634
152:CMEA is described in
1749:Broken block ciphers
1681:Quantum cryptography
1605:Trusted timestamping
1094:3-subset MITM attack
710:Intel Cascade Cipher
690:Hasty Pudding cipher
1434:Cryptographic nonce
1133:Differential-linear
183:. The algorithm is
21:
1550:Subliminal channel
1534:Pseudorandom noise
1476:Key (cryptography)
1206:Differential-fault
424:internal mechanics
335:The attack on CMEA
281:. pp. 526–537
34:James A. Reeds III
19:
1731:
1730:
1727:
1726:
1610:Key-based routing
1600:Trapdoor function
1466:Digital signature
1337:
1336:
1333:
1332:
1320:Mode of operation
997:Lai–Massey scheme
95:
94:
1756:
1717:
1716:
1545:Insecure channel
1397:Classical cipher
1366:
1359:
1352:
1343:
1342:
1191:Power-monitoring
1032:Avalanche effect
740:Khufu and Khafre
393:security summary
382:
375:
368:
359:
358:
355:
354:
351:
350:
322:
321:
319:
310:
304:
303:
297:
289:
287:
286:
272:
242:
162:, with variable
157:
22:
18:
1764:
1763:
1759:
1758:
1757:
1755:
1754:
1753:
1734:
1733:
1732:
1723:
1705:
1634:
1375:
1370:
1329:
1303:
1272:Standardization
1267:
1196:Electromagnetic
1148:Integral/Square
1105:Piling-up lemma
1089:Biclique attack
1078:EFF DES cracker
1062:
1056:
987:Feistel network
975:
600:CIPHERUNICORN-E
595:CIPHERUNICORN-A
527:
521:
454:
448:
402:
396:
386:
331:
326:
325:
317:
311:
307:
294:cite conference
291:
290:
284:
282:
262:
256:(August 1997).
243:
239:
234:
207:
153:
40:First published
17:
12:
11:
5:
1762:
1752:
1751:
1746:
1729:
1728:
1725:
1724:
1722:
1721:
1710:
1707:
1706:
1704:
1703:
1698:
1696:Random numbers
1693:
1688:
1683:
1678:
1673:
1668:
1663:
1658:
1653:
1648:
1642:
1640:
1636:
1635:
1633:
1632:
1627:
1622:
1620:Garlic routing
1617:
1612:
1607:
1602:
1597:
1592:
1587:
1582:
1577:
1572:
1567:
1562:
1557:
1552:
1547:
1542:
1540:Secure channel
1537:
1531:
1530:
1529:
1518:
1513:
1508:
1503:
1498:
1496:Key stretching
1493:
1488:
1483:
1478:
1473:
1468:
1463:
1462:
1461:
1456:
1451:
1441:
1439:Cryptovirology
1436:
1431:
1426:
1424:Cryptocurrency
1421:
1416:
1411:
1410:
1409:
1399:
1394:
1389:
1383:
1381:
1377:
1376:
1369:
1368:
1361:
1354:
1346:
1339:
1338:
1335:
1334:
1331:
1330:
1328:
1327:
1322:
1317:
1311:
1309:
1305:
1304:
1302:
1301:
1296:
1291:
1286:
1281:
1275:
1273:
1269:
1268:
1266:
1265:
1260:
1255:
1250:
1245:
1240:
1235:
1230:
1225:
1220:
1215:
1210:
1209:
1208:
1203:
1198:
1193:
1188:
1178:
1173:
1168:
1163:
1155:
1150:
1145:
1138:Distinguishing
1135:
1130:
1129:
1128:
1123:
1118:
1108:
1098:
1097:
1096:
1091:
1081:
1070:
1068:
1058:
1057:
1055:
1054:
1044:
1039:
1034:
1029:
1024:
1019:
1014:
1009:
1004:
1002:Product cipher
999:
994:
989:
983:
981:
977:
976:
974:
973:
968:
963:
958:
953:
948:
943:
938:
933:
928:
923:
918:
913:
908:
903:
898:
893:
888:
883:
878:
873:
868:
863:
858:
853:
848:
843:
838:
833:
828:
823:
818:
813:
808:
803:
798:
793:
788:
783:
778:
773:
768:
757:
752:
747:
742:
737:
732:
727:
722:
717:
712:
707:
702:
697:
692:
687:
682:
677:
672:
667:
662:
657:
652:
647:
642:
637:
632:
630:Cryptomeria/C2
627:
622:
617:
612:
607:
602:
597:
592:
587:
582:
577:
572:
567:
562:
557:
552:
547:
542:
537:
531:
529:
523:
522:
520:
519:
514:
509:
504:
499:
494:
489:
484:
479:
474:
469:
464:
458:
456:
450:
449:
447:
446:
441:
436:
431:
417:
412:
406:
404:
398:
397:
385:
384:
377:
370:
362:
348:
347:
342:
337:
330:
329:External links
327:
324:
323:
305:
250:Bruce Schneier
236:
235:
233:
230:
229:
228:
223:
218:
206:
203:
93:
92:
88:
87:
80:
79:
76:
70:
69:
66:
60:
59:
56:
50:
49:
45:
44:
41:
37:
36:
31:
27:
26:
15:
9:
6:
4:
3:
2:
1761:
1750:
1747:
1745:
1744:Block ciphers
1742:
1741:
1739:
1720:
1712:
1711:
1708:
1702:
1701:Steganography
1699:
1697:
1694:
1692:
1689:
1687:
1684:
1682:
1679:
1677:
1674:
1672:
1669:
1667:
1664:
1662:
1659:
1657:
1656:Stream cipher
1654:
1652:
1649:
1647:
1644:
1643:
1641:
1637:
1631:
1628:
1626:
1623:
1621:
1618:
1616:
1615:Onion routing
1613:
1611:
1608:
1606:
1603:
1601:
1598:
1596:
1595:Shared secret
1593:
1591:
1588:
1586:
1583:
1581:
1578:
1576:
1573:
1571:
1568:
1566:
1563:
1561:
1558:
1556:
1553:
1551:
1548:
1546:
1543:
1541:
1538:
1535:
1532:
1527:
1524:
1523:
1522:
1519:
1517:
1514:
1512:
1509:
1507:
1504:
1502:
1499:
1497:
1494:
1492:
1489:
1487:
1486:Key generator
1484:
1482:
1479:
1477:
1474:
1472:
1469:
1467:
1464:
1460:
1457:
1455:
1452:
1450:
1447:
1446:
1445:
1444:Hash function
1442:
1440:
1437:
1435:
1432:
1430:
1427:
1425:
1422:
1420:
1419:Cryptanalysis
1417:
1415:
1412:
1408:
1405:
1404:
1403:
1400:
1398:
1395:
1393:
1390:
1388:
1385:
1384:
1382:
1378:
1374:
1367:
1362:
1360:
1355:
1353:
1348:
1347:
1344:
1340:
1326:
1323:
1321:
1318:
1316:
1313:
1312:
1310:
1306:
1300:
1297:
1295:
1292:
1290:
1287:
1285:
1282:
1280:
1277:
1276:
1274:
1270:
1264:
1261:
1259:
1256:
1254:
1251:
1249:
1246:
1244:
1241:
1239:
1236:
1234:
1231:
1229:
1226:
1224:
1221:
1219:
1218:Interpolation
1216:
1214:
1211:
1207:
1204:
1202:
1199:
1197:
1194:
1192:
1189:
1187:
1184:
1183:
1182:
1179:
1177:
1174:
1172:
1169:
1167:
1164:
1162:
1161:
1156:
1154:
1151:
1149:
1146:
1143:
1139:
1136:
1134:
1131:
1127:
1124:
1122:
1119:
1117:
1114:
1113:
1112:
1109:
1106:
1102:
1099:
1095:
1092:
1090:
1087:
1086:
1085:
1082:
1079:
1075:
1072:
1071:
1069:
1066:
1065:cryptanalysis
1059:
1052:
1048:
1047:Key whitening
1045:
1043:
1040:
1038:
1035:
1033:
1030:
1028:
1025:
1023:
1020:
1018:
1015:
1013:
1010:
1008:
1005:
1003:
1000:
998:
995:
993:
990:
988:
985:
984:
982:
978:
972:
969:
967:
964:
962:
959:
957:
954:
952:
949:
947:
944:
942:
939:
937:
934:
932:
929:
927:
924:
922:
919:
917:
914:
912:
909:
907:
904:
902:
899:
897:
894:
892:
889:
887:
884:
882:
879:
877:
874:
872:
869:
867:
864:
862:
859:
857:
854:
852:
849:
847:
844:
842:
839:
837:
836:New Data Seal
834:
832:
829:
827:
824:
822:
819:
817:
814:
812:
809:
807:
804:
802:
799:
797:
794:
792:
789:
787:
784:
782:
779:
777:
774:
772:
769:
766:
762:
758:
756:
753:
751:
748:
746:
743:
741:
738:
736:
733:
731:
728:
726:
723:
721:
718:
716:
713:
711:
708:
706:
703:
701:
698:
696:
693:
691:
688:
686:
683:
681:
678:
676:
673:
671:
668:
666:
663:
661:
658:
656:
653:
651:
648:
646:
643:
641:
638:
636:
633:
631:
628:
626:
623:
621:
618:
616:
613:
611:
608:
606:
603:
601:
598:
596:
593:
591:
588:
586:
583:
581:
578:
576:
575:BEAR and LION
573:
571:
568:
566:
563:
561:
558:
556:
553:
551:
548:
546:
543:
541:
538:
536:
533:
532:
530:
524:
518:
515:
513:
510:
508:
505:
503:
500:
498:
495:
493:
490:
488:
485:
483:
480:
478:
475:
473:
470:
468:
465:
463:
460:
459:
457:
451:
445:
442:
440:
437:
435:
432:
429:
425:
421:
418:
416:
413:
411:
408:
407:
405:
399:
394:
390:
389:Block ciphers
383:
378:
376:
371:
369:
364:
363:
360:
356:
352:
346:
343:
341:
338:
336:
333:
332:
316:
309:
301:
295:
280:
276:
270:
266:
261:
260:
255:
251:
247:
241:
237:
227:
224:
222:
219:
216:
212:
209:
208:
202:
199:
197:
193:
188:
186:
182:
178:
174:
169:
165:
161:
160:byte-oriented
156:
150:
148:
144:
140:
136:
132:
128:
124:
123:cryptographic
120:
119:United States
116:
115:mobile phones
112:
108:
104:
100:
89:
86:
85:cryptanalysis
81:
77:
75:
71:
67:
65:
61:
57:
55:
51:
48:Cipher detail
46:
42:
38:
35:
32:
28:
23:
1651:Block cipher
1491:Key schedule
1481:Key exchange
1471:Kleptography
1429:Cryptosystem
1373:Cryptography
1223:Partitioning
1181:Side-channel
1159:
1126:Higher-order
1111:Differential
992:Key schedule
609:
308:
283:. Retrieved
258:
246:David Wagner
240:
200:
189:
185:self-inverse
180:
176:
173:lookup table
171:use a keyed
151:
111:block cipher
106:
102:
99:cryptography
96:
83:Best public
16:Block cipher
1639:Mathematics
1630:Mix network
1308:Utilization
1294:NSA Suite B
1279:AES process
1228:Rubber-hose
1166:Related-key
1074:Brute-force
453:Less common
254:John Kelsey
175:called the
64:Block sizes
1738:Categories
1590:Ciphertext
1560:Decryption
1555:Encryption
1516:Ransomware
1258:Chi-square
1176:Rotational
1116:Impossible
1037:Block size
931:Spectr-H64
755:Ladder-DES
750:Kuznyechik
695:Hierocrypt
565:BassOmatic
528:algorithms
455:algorithms
428:Triple DES
403:algorithms
285:2007-02-07
269:PostScript
232:References
164:block size
68:16–64 bits
1580:Plaintext
1233:Black-bag
1153:Boomerang
1142:Known-key
1121:Truncated
946:Threefish
941:SXAL/MBAL
831:MultiSwap
786:MacGuffin
745:KN-Cipher
685:Grand Cru
640:CS-Cipher
620:COCONUT98
181:CaveTable
54:Key sizes
30:Designers
1719:Category
1625:Kademlia
1585:Codetext
1528:(CSPRNG)
1506:Machines
1284:CRYPTREC
1248:Weak key
1201:Acoustic
1042:Key size
886:Red Pike
705:IDEA NXT
585:Chiasmus
580:CAST-256
560:BaseKing
545:Akelarre
540:Adiantum
507:Skipjack
472:CAST-128
467:Camellia
415:Blowfish
205:See also
168:key size
158:. It is
1380:General
1325:Padding
1243:Rebound
951:Treyfer
901:SAVILLE
861:PRESENT
851:NOEKEON
796:MAGENTA
791:Madryga
771:Lucifer
635:CRYPTON
444:Twofish
434:Serpent
131:encrypt
117:in the
109:) is a
58:64 bits
25:General
1501:Keygen
1289:NESSIE
1238:Davies
1186:Timing
1101:Linear
1061:Attack
980:Design
971:Zodiac
936:Square
911:SHACAL
906:SC2000
866:Prince
846:Nimbus
841:NewDES
826:MULTI2
816:MISTY1
759:LOKI (
735:KHAZAD
730:KeeLoq
725:KASUMI
720:Kalyna
605:CLEFIA
590:CIKS-1
550:Anubis
401:Common
275:CRYPTO
135:cipher
101:, the
74:Rounds
1536:(PRN)
1171:Slide
1027:Round
1012:P-box
1007:S-box
966:XXTEA
926:Speck
921:Simon
916:SHARK
896:SAFER
881:REDOC
806:Mercy
765:89/91
715:Iraqi
680:G-DES
670:FEA-M
650:DES-X
615:Cobra
570:BATON
555:Ascon
535:3-Way
526:Other
318:(PDF)
177:T-box
147:SCEMA
143:ECMEA
1299:CNSA
1158:Mod
1084:MITM
856:NUSH
811:MESH
801:MARS
675:FROG
665:FEAL
645:DEAL
625:Crab
610:CMEA
517:XTEA
502:SEED
482:IDEA
477:GOST
462:ARIA
300:link
226:CAVE
221:ORYX
211:A5/1
145:and
107:CMEA
43:1991
20:CMEA
1253:Tau
1213:XSL
1017:SPN
961:xmx
956:UES
891:S-1
876:RC2
821:MMB
700:ICE
655:DFC
512:TEA
497:RC6
492:RC5
487:LEA
439:SM4
420:DES
410:AES
265:PDF
215:GSM
139:NSA
97:In
1740::
781:M8
776:M6
763:,
761:97
660:E2
426:,
296:}}
292:{{
252:,
248:,
1365:e
1358:t
1351:v
1160:n
1144:)
1140:(
1107:)
1103:(
1080:)
1076:(
1067:)
1063:(
1053:)
1049:(
871:Q
767:)
430:)
422:(
395:)
391:(
381:e
374:t
367:v
320:.
302:)
288:.
271:)
267:/
263:(
105:(
78:3
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.