A security algorithm is a mathematical procedure used to encrypt data. Information is encoded and requires the use of a software key to transform the data back into its original form. Encryption is an essential part of a technology. It ensures the effective and secure authentication of users.
Our Security Algorithms Group of Experts (SAGE) provides our standards-makers with cryptographic algorithms and protocols specific to:
- fraud prevention
- unauthorized access to public and private telecommunications networks
- user data privacy
Much of the group’s work in recent years has been in support of mobile telecommunications security.
ETSI is the custodian (distributing authority) of algorithms developed by ETSI or by other organizations. As custodian, ETSI handles licensing of the algorithms and distribution of the relevant specifications and other confidential information.
The administrative cost for a single algorithm is €2 000 (VAT excluded / administrative fees included).
For all countries outside the European Union (EU), the ETSI Secretariat needs to obtain an export licence from the French Authorities before being authorized to distribute the algorithm. In the event of a refusal, ETSI will retain all administrative fees.
Customers wishing to purchase algorithms must sign a Confidentiality Usage Undertaking form (CRUU) and demonstrate they fulfil the specified approval conditions.
How to order and pay for an algorithm
This is a two-step process. The order is separate from the payment. Payment and CRUU duly completed and signed are necessary to obtain the algorithm(s).
TEA1 / TEA3 / TEA4 / TEA6 / TEA7 / TAA1 and TAA2 are algorithms distributed by ETSI.
ETSI is NOT the Custodian for the TEA2 and TEA5 algorithms. Please contact TCCA at SFPG@TCCA.info for further details.
Information related to TETRATM algorithms can be found in the following specifications:
- TEA1: ETSI TS 101 053-1.
- TEA2: ETSI TS 101 053-2.
- TEA3: ETSI TS 101 053-3.
- TEA4: ETSI TS 101 053-4.
- TEA5: ETSI TS 101 053-5.
- TEA6: ETSI TS 101 053-6.
- TEA7: ETSI TS 101 053-7.
- TAA1: ETSI TS 101 052-1.
- TAA2: ETSI TS 101 052-2.
GSM and GPRS
A5/4 & GEA4, A5/3 & GEA3, GEA5 & GIA5 and GEA2 as well as GIA4 are algorithms distributed by ETSI.
The A5/4 and A5/3 encryption algorithms for GSMTM and EDGE, the GEA5, GEA4, GEA3 and GEA2 encryption algorithms for the General Packet Radio Service (GPRS), and the GIA5 and GIA4 integrity algorithms for GPRSTM may be used only for the development and operation of GSMTM, EDGE and GPRSTM mobile communications and services.
Information related to GSMTM and GPRSTM algorithms can be found in the following specifications:
- GEA5 and GIA5 specifications (3GPP TS 55.251)
- GIA4 specifications (3GPP TS 55.241)
- A5/4 and GEA4 specifications (3GPP TS 55.226)
- A5/3 and GEA3 algorithms
UMTS and LTE
UEA1 & UIA1 / UEA2 & UIA2 / EEA3 & EIA3 are UMTSTM and LTETM algorithms distributed by ETSI.
ETSI is NOT the Custodian of EEA2 & EIA2 algorithms. Please consult the Advanced Encryption Standard (AES) NIST FIPS 197 for further details.
- The UEA1 & UIA1 algorithm specifications may be used only for the development and operation of 3GPP mobile communications and services.
- The UEA2 & UIA2 algorithm specifications may be used only for the development and operation of equipment conforming to the UEA2 and UIA2 algorithm or standards based on it.
The 128-EEA1 & 128-EIA1 algorithms (not distributed by ETSI) are identical to the UMTSTM algorithms UEA2 & UIA2 (distributed by ETSI) with a defined mapping of LTE parameters onto UMTSTM parameters. Development and operation of LTE equipment including 128-EEA1 or 128-EIA1 is considered to be an instance of "development and operation of equipment conforming to the UEA2 & UIA2 algorithm or standards based on it". 128-EEA1 and 128-EIA1 for LTE are considered to be an instance of using "UEA2 & UIA2 algorithm services".
Information about the 128-EEA1 & 128-EIA1 specifications is also available in the Design and evaluation report (3GPP TR 35.924).
- The EEA3 & EIA3 algorithm specifications may be used only for the development and operation of equipment conforming to the EEA3 and EIA3 algorithms or standards based on it. DACAS China holds essential patents on the ZUC algorithm, the stream cipher that forms the heart of 128-EEA3 and 128-EIA3.
Customers must obtain a separate IPR Licence Agreement from DACAS China. In case of difficulties to register online for the free IPR licence for EEA3-EIA3 algorithms, the temporary procedure to obtain the free IPR licence is for the Beneficiary (customer) to provide to DACAS a copy of their countersigned ETSI CRUU (Confidential Usage Undertaking form). Contact point is: Mr Xiang Lu - firstname.lastname@example.org
Information related to UMTSTM and LTETM algorithms can be found in the following specifications:
UEA1 & UIA1:
- UEA1 and UIA1 algorithm specifications (3GPP TS 35.201)
- KASUMI algorithm specification (3GPP TS 35.202)
- Implementors’ test data (3GPP TS 35.203)
- Design conformance test data (3GPP TS 35.204)
UEA2 & UIA2:
- UEA2 & UIA2 specifications (3GPP TS 35.215)
- SNOW 3G specification (3GPP TS 35.216)
- Implementors’ test data (3GPP TS 35.217)
- Design conformance test data (3GPP TS 35.218)
- Design and evaluation report (3GPP TR 35.919)
EEA3 & EIA3:
- EEA3 & EIA3 specifications (3GPP TS 35.221)
- ZUC specification (3GPP TS 35.222)
- Implementors’ test data (3GPP TS 35.223)
- Design and evaluation report (3GPP TR 35.924)
MILENAGE is an algorithm set for the UMTS, LTE and 5G authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*.
- Download the Milenage specification (3GPP TS 35.206).
This specification has been prepared by the 3GPP Task Force, and contains an example set of algorithms for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*.
A more recently developed second algorithm set for UMTS, LTE and 5G authentication and key generation, based on the public KECCAK hash function family (which will also serve as the SHA-3 hash function standard).
- Download the algorithm specification (3GPP TS 35.231).
This specification contains a second example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*.
OLD GENERATION ALGORITHMS
The following algorithms have been removed from the ETSI website; for enquiries about these algorithms please the algorithms and codes service.
- The DSAA (DECTTM Standard Authentication algorithm)
- The DSC (DECTTM standard cipher)
- TESA-7 (TE9 authentication algorithm)
- USA-4 (UPT authentication algorithm)
- HIPERLAN (High PERformance Local Area Network)
- GSM-CTS (Cordial)
- A5-GMR1 (Encryption Algorithm)