15 November 2010. Provide links to cellular encryption standards:
Law Enforcement Access to Wireless LAN
20 March 1997
Bruce Schneier rebuttal of
Press release by
NSA response to cellphone code
News of cellphone code
The cracking cryptographers'
1 February 1997
Here's more on the controlled documents for cellular encryption
from TIA/EIA described below on 26 January:
Sharon Vargish of TIA (1-703-907-7702) sent the documents after
I signed and returned the NDA:
Common Cryptographic Algorithms, Revision B
June 21, 1995, 72 pp. (With ITAR notice on every page)
Interface Specification for Common Cryptographic Algorithms,
Revision B, August 6, 1996, 15 pp. (No ITAR notice, but
"sensitive information should be protected from general
Appendix A to PN-3474 (IS-36)
October 16, 1995, 10 pp. (ITAR notice on every page.)
Appendix-A to TIA/EIA 627
December 23, 1996, 7 pp. (No ITAR, but "sensitive"notice)
"Common Cryptographic Algorithms" (CCA) supercedes the 1992
CAVE document, but is considerbly longer -- 72 pp. for the
latest compared to 25 pp. for the 1992 version.
Here're the CCA's TOC and Introduction:
Table of Contents
2.1. Authentication Key (A-Key) Procedures
2.1.1. A-Key Checksum calculation
2.1.2. A-Key Verification
2.2. SSD Generation and Update
2.2.1. SSD Generation Procedure
2.2.2. SSD Update Procedure
2.3. Authentication Signature Calculation Procedure
2.4. Encryption Key and VPM Generation Procedure
2.4.1. CMEA key Generation
2.4.2. Voice Privacy Mask Generation
2.5. CMEA Encryption/Decryption Procedure
2.6. Wireless Residential Extension Procedures
2.6.1. WIKEY Generation
2.6.2. WIKEY Update Procedure
2.6.3. Wireline Interface Authentication Signature
2.6.4. Wireless Residential Extension Authentication
Signature Calculation Procedure
2.7. Cellular Data Encryption
2.7.1. Data Encryption Key Generation Procedure
2.7.2. Data Encryption Mask Generation Procedure
3. TEST VECTORS
3.1. CAVE Test Vectors
3.1.1. Vector 1
3.1.2. Vector 2
3.1.3. Test Program
3.2. Wireless Residential Extension Test Vectors
3.2.1. Input data
3.2.2. Test program
3.2.3. Test Program Output
3.3. Data Encryption Test Vector
3.3.1. Input data
3.3.2. Test Program
3.3.3. Test Program Output
This document describes detailed cryptographic procedures for
cellular system applications. These procedures are used to
perform the security services of mobile station authentication,
subscriber message encryption, and encryption key and subscriber
voice privacy key generation within cellular equipment.
This document is organized as follows:
§2 describes the Cellular Authentication, Voice Privacy and
Encryption (CAVE) algorithm used for authentication for mobile
subscriber equipment and for generation of cryptovariables to
be used in other procedures.
§2.1 describes the procedure to verify the manual entry of the
subscriber authentication key (A-key).
§2.2 describes the generation of intermediate subscriber
cryptovariablcs, Shared Secret Data (SSD), from the unique and
private subscriber A-key.
§2.3 describes the procedure to calculate an authentication
signature used by cellular base station equipment for verifying
the authenticity of a mobile station.
§2.4 describes the procedures used for generating cryptographic
keys. These keys include the Voice Privacy Mask (VPM) and the
Cellular Message Encryption Algorithm (CMEA) key. The VPM is used
to provide forward link and reverse link voice confidentiality
over the air interface. Thc CMEA key is used with the CMEA
algorithm for protection of digital data exchanged between the
mobile station and the base station.
§2.5 describes the Cellular Message Encryption Algorithm (CMEA)
used for enciphering and deciphering subscriber data exchanged
between the mobile station and the base station.
§2.6 describes the procedures for key and authentication signature
generation for wireless residential extension applications.
§2.7 describes the ORYX algorithm and procedures for key and mask
generation for encryption and decryption in cellular data services.
§3 provides test data (vectors) that may be employed to verify the
correct operation of the cryptographic algorithms described in
this document. ...
[End CCA Introduction]
The related CCA Interface Specification "describes the interfaces
to cryptographic procedures for cellular system applications"
described in the CCA. Its purpose "is to describe the cryptographic
functions without revealing the technical details that are subject
The two Appendices A to IS-136 and 627 "contain requirements for
message encryption and voice privacy for cellular systems"
supplemental to those described in the main documents, the CCA and
the CCA Interface Specs.
Thanks to TIA/EIA for prompt and courteous reply to our requests.
Maybe they welcome help persuading USG/NSA to allow stronger crypto
and boost the market for cellular systems.
26 January 1997.
Thanks to David Wagner and Steve Schear, we've learned about the
latest documents on cellular encryption which supercede the
1992 CAVE document, Appendix A to IS-54, which contained the CAVE
algorithm. Here are the latest, followed by ordering information.
TIA/EIA/IS-136.1-A -- TDMA Cellular/PCS - Radio Interface -
Mobile Station - Base Station Compatibility - Digital Control
Panel, October, 1996, 372 pp. $350.00.
Addendum No. 1 to IS-136.1-A, November, 1996, 40 pp. Free.
TIA/EIA/IS-136.2-A -- TDMA Cellular/PCS - Radio Interface -
Mobile Station - Base Station Compatibility - Traffic Channels
and FSK Control Channel, October, 1996, 378 pp. $310.00.
TIA/EIA-627 -- 800 MHZ Cellular System, TDMA Radio Interface,
Dual-Mode Mobile Station - Base Station Compatibility
Standard, June, 1996, 258 pp. $120.00.
These documents can be ordered from:
Global Engineering Documents
15 Inverness Way East
Englewood, Colorado 80112
However, each of the documents lists the following related
supplements which contain "sensitive information" and may be
obtained by US/CA citizens from TIA by signing a Non-Disclosure
Agreement and acceptance of export restrictions:
Appendix A to IS-136.
Appendix A to 627.
Common Cryptographic Algorithms.
Interface Specification for Common Cryptographic Algorithms.
These controlled documents can be requested by calling Ms. Sharon
Vargish at 1-703-907-7702, who will fax an NDA, and upon receipt of
the completed form, will send the controlled documents at no cost.
Here's the NDA:
AGREEMENT ON CONTROL AND NONDISCLOSURE OF
COMMON CRYPTOGRAPHIC ALGORITHMS
REVISION A TO IS-54, IS-95, AND IS-136
[Note: 627 supercedes IS-54; IS-95 is for CDMA]
"I, _________________________, an employee/consultant/affiliate
of __________________________, hereafter, "the company,"
and a United States or Canadian citizen, acknowledge and understand
that the subject documents, to which I will have access contain
information [which] is subject to export control under the
International Traffic in Arms Regulations (ITAR) (Title 22, Code
of Federal Regulations, Part 120-130). I also understand that the
subject documents represent valuable, proprietary and confidential
business information of TIA and its members. I hereby certify that
this information will be controlled and will only be further
disclosed, exported, or transferred according to the terms of the
Printed Name Witness
Title Printed Name of Witness
January 2, 1997
TR45.3 is the number
of the cellular telephone standards committee of the joint Telecommunications
Industry Association (TIA) and Electronic Industries Association (EIA).
A part of these general standards is encryption standards, one of which is
termed CAVE, Caller Authentication and Voice Encryption. The CAVE algorithm
has been confidential to the industries, and was developed under the auspices
of the NSA (see Barlow and Gilmore below).
A document, TR45.3, Appendix A to IS-54, Rev. B, February, 1992, which
describes implementation of the CAVE algorithm, was sent anonymously to JYA
and posted at this site until removed at the request of TIA (see
To obtain the latest edition of the standards by TR45.3, contact the
Posted by jya.com December 3, 1996:
Fax header: Dec 03 '96 03:57PM D'Ancona &Pflaum
D'Ancona & Pflaum
30 North LaSalle Street
Telephone (312) 580-2000.
Fax (312) 580-0923
By Certified Mail
Return Receipt Requested
and by Fax (212) 799-4003
Mr. John Young
251 West 89th Street Suite 6E
New York, New York 10024
Dear Mr. Young:
I am writing to you as general counsel of Telecommunications Industry Association
("TIA") which, as you may know, is engaged in the formulation and publication
of standards in the communications field. At the request of our client, on
November 26, 1996, I accessed your WEB site and both viewed and printed out
a list of links to documents dealing with encryption. Among them were documents
described as a CAVE Report, CAVE Table and a CAVE
Algorithm dated November 20 and November 21, 1996.
In this fashion I was also able to view and print out the algorithm document
of TIA's Committee TR45.3, with a clear statement that the information in
the document may be subject to the export juristiction of the U. S. Department
of State under the applicable regulations.
The posting on the WEB site of these documents is, in our opinion, a violation
of the copyright of TIA and unlawful. Furthermore, the posting of the algorithm
may constitute a violation of applicable export regulations. It seems in
any event that it will be a violation under regulations to be drafted pursuant
to the President's Executive Order of November 15, 1996 which was also accessed
by me on your WEB site.
I returned to the site last Friday and yesterday, December 2 and noticed
that these documents are no longer there. I commend you removing them, but
ask for your assurances that they will not be posted again. In addition,
it is important that we know how you received this documentation which is
strictly restricted in its circulation.
I would appreciate hearing from you at your very earliest convenience.
Paul H. Vishny
Copy to: Susan Hoyler [TIA] by fax (703) 907-7727
Copy to: Eric Schimmel, c/o Wyndham Bristol Hotel - Dallas, by fax (214)
Mr. Vishny and I spoke about his fax. I said that the
CAVE-related documents would not be reposted on
my Web site, and that TR45.3 had come by anonymous mail, as have others we've
published. Mr. Vishny said TIA intended to take no action on this matter
but its members must abide NDA.
Don't know what the Feds will do with (TIA's) Susan Hoyler's notification
to them about TR45.3 at this site. Along with several telcomm biggies, some
Ft. Meade servers siphoned TR45.3 and most other files on the site -- several
times. Well, well!
Added December 30, 1996
For provocative commentary on the CAVE algorithm
and its sponsoring TR45.3 committee, see
John Perry Barlow's 1992 article
and John Gilmore's recent message:
Subject: TR45 and lawyers and governments, oh my!
Date: Mon, 09 Dec 1996 01:18:53 -0800
From: John Gilmore <firstname.lastname@example.org>
I just noticed the thread on TR45.3 in cypherpunks.
If the government comes calling, tell them to stuff
it. That document is not subject to ITAR. Textual descriptions of
encryption algorithms, including pseudo-code and diagrams and all the rest,
are not embargoed. At least, that's what the State Department tells Judge
Patel. They included numerous copies of papers from the literature to demonstrate
how common and robust the open publication of such information is in the
If they threaten you, tell them you'll blow the lid off the whole story of
how NSA lied to the standards committee about the export control laws, in
order to get them to deploy an insecure algorithm without revealing to the
public how insecure it is.
I've talked with a number of people who were AT those committee meetings
and saw and heard it all.
You might also ask the head of the TIA how they can remain an accredited
standards organization if they don't allow public participation in their
standards process, and if they make their so-called standards available to
the public. They locked foreigners out of the authentication subcommittee
(relying on the NSA lie) and now will not make copies of the standard available
to the public.
And are now using their copyright to prevent people from finding out how
insecure their "encryption" really is.
See 15 November 2010 note.
For access to the TR45.3 1992 version (not the 1996 latest) of the
Or, send E-mail to John Young <email@example.com> with the subject:
If you prefer PGP-encrypted mail:
Fingerprint: 04 AE 89 77 4D 22 D3 76 41 FC E5 F3 55 92 B1 78
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----