Quiz Entry - updated: 2026.07.14
What are the A3, A5, and A8 algorithms in GSM, and what is COMP128?
A3 authenticates the mobile to the network, A8 generates the session key, and A5 encrypts voice/data over the air. COMP128 is the concrete implementation of A3 and A8 (run in the SIM and the AUC); A5 is a separate family of stream ciphers.
The three algorithms:
| Algorithm | Role |
|---|---|
| A3 | Authentication of the mobile station to the network / AUC |
| A8 | Session key generation — computes the key for A5, in both the AUC and the SIM |
| A5 | Encryption — a set of symmetric stream ciphers protecting voice and data on the radio link (between base station and handset) |
COMP128: the implementation of the A3 and A8 algorithms specified for GSM. It is a one-way function that takes RAND and Ki and produces SRES and Kc (see the triplet card).
Key facts:
- The secret subscriber key Ki (128 bit) lives only in two places: the SIM and the AUC — it never travels over the air
- A5 is symmetric and is the main focus of security analysis
- Operators could in theory choose their own algorithms; GSMA provides reference implementations, and different versions are used in different countries
Tip: Remember the split — A3/A8 = who are you & make a key (run via COMP128), A5 = encrypt the call. Mixing these up is the most common GSM-security mistake.
Go deeper:
GSM: SRSLY? — Karsten Nohl & Chris Paget (26C3, 2009) — the canonical talk that made GSM intercept practical, walking through A5/1 and why "not even strong encryption" protects 3 billion handsets.
COMP128 (Wikipedia) — the concrete A3/A8 implementation: how it maps RAND + Ki to SRES + Kc, and why its key has only 54 bits of entropy.
A5/1 (Wikipedia) — the LFSR-based stream cipher behind A5, how Kc + the 22-bit frame number produce the 114-bit keystream.