TETRA Encryption Algorithm 2
TEA2, short for TETRA Encryption Algorithm 2, 1 is a
stream cipher associated with
Terrestrial Trunked Radio (TETRA), a
European standard for public and emergency services, standardized
by the European Telecommunications Standards Institute (ETSI).
Part of the TEA suite of encryption algorithms, it is intended for
national emergency services within Europe. It is arguably the most
secure one in the TEA suite and is used on public safety
networks like C2000 (Netherlands).
The algorithm was developed in 1996/97 at
Philips Crypto BV in Eindhoven
(Netherlands) as a consultancy job for ETSI-SAGE, and was evaluated by
other ETSI-SAGE members before being submitted as a formal ETSI
standard. TEA2 uses the full 80-bit key length.
As the algorithm is secret, it has never been submitted for peer-review
or in-depth security analysis.
In July 2023, Dutch cyber security firm
Midnight Blue revealed that it had
managed to extract, isolate and analyse the algorithm from a working
TETRA radio as part of its TETRA:BURST
In the event, no weaknesses were found in the TEA2 algorithm.
As we know TEA1 can be broken in approx. one minute,
we can calculate the time needed to break TEA2:
60 × 248 [sec] ≈ 535 milion years
With current means, this is beyond feasibility.
If there is no known way to break the cipher other than by means of
a brute-force attack, this algorithm can be assumed secure.
Note however, that other vulnerabilities in the TETRA protocol suite
were identified, that could lead to loss of authenticity or confidentiality .
Not to be confused with Tiny Encryption Algorithm.
The diagram belows in which European countries the TEA2 algorithms is
used by police forces and affiliated services, based on public sources .
Note that the TEA2 algorithm is only used by public safety services. All
other custers have to use TEA1 (when encryption is needed).
EU countries with TETRA/TEA2
The diagram below shows the structure of the TEA2 key stream generator
which consists of two parts: a 64-bit state register (R) and an 80-bit
key register (K).
The state register (R) is initialised with the Initialisation Vector (IV),
whilst the key register (K) is initialised with the original key.
The key register is basically a Linear Feedback Shift Register (LFSR)
with an S-box lookup table (S).
It is only fed with data from itself and produces a
key-dependent output, independent from the IV.
Structure of the TEA2 stream cipher
The state register (R) is also a Linear Feedback Shift Register (LFSR)
that produces the output key stream byte at the top left (R0).
It consists of two parts (R0-R4
and R5-R7) with an XOR inbetween.
F1 is a non-linear function that takes two input bytes
(R6, R7) and produces one output byte that is
mixed with the feedback loop.
F2 is also a non-linear function that takes two input bytes
(R3, R4) and produces one output byte that is
mixed in the middle of the state register (R4-R5).
(B) is a simple bit permutation of which the output is mixed with the
In addition state byte (R5) is also mixed with the feedback loop.
This feature is not present in the other TEAs.
For a more detailed description of the cipher, please refer to the paper
'All cops are broadcasting: TETRA under scrutiny'
by Carlo Meijer, Wouter Bokslag and Jos Wetzels, published in August 2023
in relation to the TETRA:BURST vulnerability
➤ Read the paper
➤ More about TETRA:BURST
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Created: Wednesday 09 August 2023. Last changed: Saturday, 12 August 2023 - 14:02 CET.