Abstract
The cipher T-310 was developed by the Central Cipher Authority of the German Democratic Republic in the 1970s and widely used for protection of teletype communication up to security level secret. After publication of the cipher algorithm in 2006, several articles appeared aiming at the cryptographic properties of the cipher T-310. The cryptographic strength of the cipher T-310 must be assessed as a combination of both the cipher algorithm and the approved long-term keys. This article provides a rationale of the design decisions and the selection of approved long-term keys for T-310. We demonstrate that the attacks involving fundamental equations, linear characteristics, and some of their generalizations do not work if historical approved long-term keys are used. The results are also valid for the cipher SKS and block ciphers, whose groups of round functions are the alternating groups over the blocks.
Acknowledgments
The author thanks Winfried Stephan, Franz-Peter Heider, and Ralph Wernsdorf for the fruitful discussions. The author would like to thank also Jörg Drobick for publishing the list of historical LZS and other interesting information about the cipher service of GDR on his website http://scz.bplaced.net/.
Disclosure statement
No potential conflict of interest was reported by the author.
Notes
1 https://www.stasi-unterlagen-archiv.de/archiv/bestandsuebersichten/bestaende-und-teilbestaende-des-stasi-unterlagen-archivs/1129-abteilung-xi-chi/ consulted 26 July 2022.
2 http://scz.bplaced.net/ consulted 26 July 2022.
3 The sent message and the received message may not be identical because of errors occurring during transmission or storage. The cipher T-310 does not apply integrity protection.
4 For the definition of the Medvedev automaton, see section 2.4.2.
5 denotes the symmetric group over the set S.
6 For some long-term keys, the proof of being the alternating group may be provided without the intermediate step of primitivity, e.g., for LZS-26, LZS-31, and LZS-32, ref. section 3.4.
7 Using Wielandt (Citation1964, Theorem 13.9), we may show that, under the conditions of Lemma 19 G and G(n) for all m < q, are alternating groups A(Z).
Additional information
Notes on contributors
Wolfgang Killmann
Wolfgang Killmann studied mathematics. He worked as cryptologist at the ZCO of the GDR. He was significantly involved in the development and the analysis of the cipher T-310.