I got the following from mjos@math.jyu.fi a couple of months ago. Unfortunately I was unable to attend or listen on mbone. Does anyone know more about this?
Yes -- we have analogue A/V on a VHS cassette, digital MBone recording on M/O, and an abstract ... see below.
University of Cambridge Computer Laboratory SEMINAR SERIES 10th October Bill Chambers, King's College, London PROBLEMS OF STREAM CIPHER GENERATORS WITH MUTUAL CLOCK CONTROL GSM:n salausalgoritmi on juuri tuota tyyppiä. Chambers yritti pitää tuota nimenomaista esitelmää jo yli vuosi sitten, mutta silloin viralliset tahot puuttuivat asiaan ja esitys peruttiin. Hän on löytänyt algoritmista aukkoja, joiden avulla purkuaika saadaan erittäin lyhyeksi. ps. ne meistä, jotka pääsevät mboneen käsiksi, voivat seurata tapahtumia livenä :)
[Free translation: The GSM encryption algorithm is of exactly that type. Chambers tried to have this particular presentation over an year ago, but at that time the official side interfered and the presentation was cancelled. He has found holes in the algorithm that can be used to make decryption (without key) very quick. PS. Those of us who can get access to mbone, can follow it live.]
<TITLE>Security Group Seminar, 10th October 1995</TITLE> <H1>Security Group Seminar, 10th October 1995</H1> <HR> <DL> <DT>Speaker: <DD>Bill Chambers, King's College, University of London<P> <DT>Date: <DD>Tuesday 10th October<P> <DT>Place: <DD>Room TP4, Computer Laboratory<P> <DT>Title: <DD>PROBLEMS OF STREAM CIPHER GENERATORS WITH MUTUAL CLOCK CONTROL<P> </DL> The speaker has been looking at the cycle structure of an algorithm posted just over a year ago on the Internet and alleged to be the secret A5 algorithm used for confidentiality in the GSM mobile telephone system. This algorithm employs three mutually clock-controlled shift registers, and can fairly quickly enter a loop with what is essentially the shortest possible period, a number very small compared with the total number of states, or even its square root. Moreover this behaviour is robust, not being influenced by factors such as choice of primitive feedback polynomial or even clocking logic (with a proviso to be discussed). A fairly straightforward explanation for this behaviour has been found. Some ways of getting around the problem of excessively short periods are considered, as well as the behaviour of systems with different numbers of mutually clocked registers. In particular a mention is made of the wartime T52e cipher, perhaps the inspiration for "alleged A5".<P>