LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the A3, A5, and A8 algorithms in GSM, and what is COMP128?

A3 authenticates the mobile to the network, A8 generates the session key, and A5 encrypts voice/data over the air. COMP128 is the concrete implementation of A3 and A8 (run in the SIM and the AUC); A5 is a separate family of stream ciphers.

The three algorithms:

Algorithm Role
A3 Authentication of the mobile station to the network / AUC
A8 Session key generation — computes the key for A5, in both the AUC and the SIM
A5 Encryption — a set of symmetric stream ciphers protecting voice and data on the radio link (between base station and handset)

COMP128: the implementation of the A3 and A8 algorithms specified for GSM. It is a one-way function that takes RAND and Ki and produces SRES and Kc (see the triplet card).

Key facts:

  • The secret subscriber key Ki (128 bit) lives only in two places: the SIM and the AUC — it never travels over the air
  • A5 is symmetric and is the main focus of security analysis
  • Operators could in theory choose their own algorithms; GSMA provides reference implementations, and different versions are used in different countries

Tip: Remember the split — A3/A8 = who are you & make a key (run via COMP128), A5 = encrypt the call. Mixing these up is the most common GSM-security mistake.

Go deeper:

  • video GSM: SRSLY? — Karsten Nohl & Chris Paget (26C3, 2009) — the canonical talk that made GSM intercept practical, walking through A5/1 and why "not even strong encryption" protects 3 billion handsets.
  • doc COMP128 (Wikipedia) — the concrete A3/A8 implementation: how it maps RAND + Ki to SRES + Kc, and why its key has only 54 bits of entropy.
  • doc A5/1 (Wikipedia) — the LFSR-based stream cipher behind A5, how Kc + the 22-bit frame number produce the 114-bit keystream.

From Quiz: MOBINFSEC / GSM & LTE Security Infrastructure | Updated: Jul 14, 2026