ETSI TS 104 053-1 V1.1.1 (2024-07)

TECHNICAL SPECIFICATION
TETRA Air Interface Security, Algorithms Specifications;
Part 1: TETRA Encryption Algorithms Set A

2 ETSI TS 104 053-1 V1.1.1 (2024-07)

Reference
DTS/TCCE-06211
Keywords
air interface, DMO, security, TETRA, V+D

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
https://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
and/or governmental rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2024.
All rights reserved.
ETSI
3 ETSI TS 104 053-1 V1.1.1 (2024-07)
Contents
Intellectual Property Rights . 5
Foreword. 5
Modal verbs terminology . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 6
3 Definition of terms, symbols and abbreviations . 6
3.1 Terms . 6
3.2 Symbols . 7
3.3 Abbreviations . 7
4 TEA SET A Specifications . 7
5 TEA1 ALGORITHM DESCRIPTION . 8
5.1 TEA1 Functional Components . 8
5.1.1 Summary of Components . 8
5.1.2 Notation . 8
5.1.3 Output Register . 8
5.1.4 Key Register . 8
5.1.5 Byte Permutation Function . 9
5.1.6 Expander E . 9
5.1.7 Nonlinear Function f . 9
5.1.8 8-bit Permutation BP . 9
5.1.9 Feedback of output register . 9
5.2 Key Stream Generation . 10
5.2.1 Summary . 10
5.2.2 CK loading . 10
5.2.3 IV loading . 10
5.2.4 Run-up . 11
5.2.5 Key byte generation . 11
5.3 Figures of TEA 1 Algorithm . 12
6 TEA2 ALGORITHM DESCRIPTION . 15
6.1 TEA2 Functional Components . 15
6.1.1 Summary of Components . 15
6.1.2 Notation . 15
6.1.3 Output Register . 15
6.1.4 Cipher Key Register . 16
6.1.5 Byte Permutation Function . 16
6.1.6 Expander E . 16
6.1.7 Nonlinear Function ƒ . 16
6.1.8 8-bit Permutation BP . 16
6.1.9 Feedback of output register . 17
6.2 Key Stream Generation . 17
6.2.1 Summary . 17
6.2.2 CK loading . 17
6.2.3 IV loading . 17
6.2.4 Run-up . 18
6.2.5 Key byte generation . 18
6.3 Figures of TEA2 Algorithm . 19
7 TEA3 ALGORITHM DESCRIPTION . 21
7.1 TEA3 Functional Components . 21
7.1.1 Summary of Components . 21
7.1.2 Notation . 22
ETSI
4 ETSI TS 104 053-1 V1.1.1 (2024-07)
7.1.3 Output Register . 22
7.1.4 Cipher Key Register . 22
7.1.5 Byte Permutation Function P . 23
7.1.6 Expander E . 23
7.1.7 Nonlinear Function ƒ . 23
7.1.8 8-bit Permutation BP . 23
7.2 Keystream Generation . 23
7.2.1 Summary . 23
7.2.2 CK loading . 24
7.2.3 IV loading . 24
7.2.4 Run-up . 25
7.2.5 Key byte generation . 25
7.3 Figures of TEA3 Algorithm . 25
8 TEA4 ALGORITHM DESCRIPTION . 28
8.1 TEA4 Functional Components . 28
8.1.1 Summary of Components . 28
8.1.2 Notation . 28
8.1.3 Output Register . 28
8.1.4 Cipher Key Register . 29
8.1.5 Byte Permutation Function P . 29
8.1.6 Expander E . 29
8.1.7 Nonlinear Function ƒ . 29
8.1.8 8-bit Permutation BP . 30
8.2 KEYSTREAM GENERATION . 30
8.2.1 Summary . 30
8.2.2 CK loading . 30
8.2.3 IV loading . 31
8.2.4 Run-up . 31
8.2.5 Keystream generation . 31
8.3 Figures of TEA4 Algorithm . 32
Annex A (informative): Bibliography . 35
History . 36

ETSI
5 ETSI TS 104 053-1 V1.1.1 (2024-07)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (https://ipr.etsi.org/).
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its

Members. 3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP
Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of the ®
oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee TETRA and Critical
Communications Evolution (TCCE).
The present document is part 1 of a multi-part deliverable covering the specifications of the TETRA standard
encryption, authentication and key management algorithms, as identified below:
Part 1: "TETRA Encryption Algorithms Set A";
Part 2: "TETRA Encryption Algorithms TEA Set B";
Part 3: "TETRA and Authentication and Key Management Algorithms TAA1";
Part 4: "TETRA and Authentication and Key Management Algorithms TAA2".
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.

ETSI
6 ETSI TS 104 053-1 V1.1.1 (2024-07)
1 Scope
The present document specifies the Terrestrial Trunked Radio system (TETRA) set A encryption algorithms TEA1,
TEA2, TEA3 and TEA4.
The TETRA Air interface security function provides mechanisms for confidentiality of control signalling and user
speech and data at the air interface, authentication and key management mechanisms for the air interface and for the
Inter-System Interface (ISI). TETRA Air Interface security mechanisms are described in the TETRA V+D security
specification [1] and the TETRA Direct Mode security specification [2].
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 100 392-7: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7:
Security".
[2] ETSI TS 100 396-6: "Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6:
Security".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
Not applicable.
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
Cipher Key (CK): value that is used to determine the transformation of plain text to cipher text in a cryptographic
algorithm
cipher text: data produced through the use of encipherment
ETSI
7 ETSI TS 104 053-1 V1.1.1 (2024-07)
decipherment: reversal of a corresponding reversible encipherment
encipherment: cryptographic transformation of data to produce cipher text
Initialization Vector (IV): sequence of symbols that randomize the KSG inside the encryption unit
key stream: pseudo random stream of symbols that is generated by a KSG for encipherment and decipherment
LENGTH: required length of the key stream in bits
plain text: un-encrypted source data
TEA set A: set of air interface encryption algorithms comprising TEA1, TEA2, TEA3 and TEA4
TEA set B: set of air interface encryption algorithms comprising TEA5, TEA6 and TEA7
TETRA algorithm: mathematical description of a cryptographic process used for either of the security processes
authentication or encryption
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
CK Cipher key
ISI Inter Systems Interface
IV Initialization Vector
KSG Key Stream Generator
TC Technical Committee
TCCE TETRA and Critical Communications Evolution
TEA1 TETRA Encryption Algorithm No. 1
TEA2 TETRA Encryption Algorithm No. 2
TEA3 TETRA Encryption Algorithm No. 3
TEA4 TETRA Encryption Algorithm No. 4
TETRA TErrestrial Trunked Radio
4 TEA SET A Specifications
The algorithms TEA1, 2, 3 and 4 specified in the present document generate a sequence of key bytes from a Cipher
Key CK and an Initialization Vector IV.
The key bytes are used to encrypt or to decrypt information transmitted via the TETRA system.
The Cipher Key has a length of 80 bits; the Initialization Vector is 29 bits.
The present document is organized as follows: clause 5 describes TEA1, clause 6 TEA2, clause 7 TEA3 and clause 8
TEA4.
Clauses 5.1, 6.1, 7.1 and 8.1 provide a functional specification of the functional components of the algorithms,
clauses 5.2, 6.2, 7.2 and 8.2 specify how each of these components are used to generate the key bytes and clauses 5.3,
6.3, 7.3 and 8.3 contain diagrams and tables for the respective algorithms.
ETSI
8 ETSI TS 104 053-1 V1.1.1 (2024-07)
5 TEA1 ALGORITHM DESCRIPTION
5.1 TEA1 Functional Components
5.1.1 Summary of Components
The cryptographic algorithm TEA1 consists of the following functional components as depicted in Figure 1:
• A set of eight 8-bit wide shift registers, called Output Register (clause 5.1.3).
• A set of four 8-bit wide shift registers, called Key Register (clause 5.1.4).
• A byte permutation function P (byte substitution) (clause 5.1.5).
• Two functions E to expand the 16-bit output of two 8-bit registers to 32 bits word (clause 5.1.6).
• Two nonlinear functions f1 and f2 to compute a byte from the expanded 32-bit word (clause 5.1.7).
• An 8-bit permutation function BP (wire crossing) (clause 5.1.8).
• Five 8-bit wide XOR functions to combine Section outputs (bytes). And
• Functions in the feedback of the key register and the output register.
5.1.2 Notation
The symbol ⊕ denotes the bytewise addition modulo two (exclusive or); i.e. msb of byte x is added to msb of byte
y , ., lsb of byte x to lsb of byte y.
x (i) y(i) x(i)   y(i)
0 0 0
0 1 1
1 0 1
1 1 0
x(i) is bit i of byte x
y(i) is bit i of byte y
i = 0,.,7
5.1.3 Output Register
The output register is denoted by R , R ., R , and R , and functions as an 8-bit wide shift register. The output bytes of
0 1 6 7
sections R , R and R up to R are also used as input for the other functional components of the TEA1. The output of R
1 2 4 6 7
is added to the outputs of the other functional components and returned to the first section R as depicted in Figure 1.
Each 19 steps the byte output of R is used as key byte for encryption or decryption.
Before the process as described above can take place the output register is loaded with an Initialization Vector (see
clause 5.2.3) and initialized (see clause 5.2.4).
5.1.4 Key Register
The key register, denoted by K , K , K and K , is a four section 8-bit wide shift register. The bytes of a Cipher
0 1 2 3
Key (CK) are loaded into the key register as shown in Figure 2, and before the Initialization Vector is loaded into the
Output Register. During loading the CK bytes are added modulo two to the result of the modulo two addition of the
output of sections K and K . This result is substituted by the permutation function P and passed to section K . The
0 3 0
loading process starts from the reset state 0000 of the K register.
i
ETSI
9 ETSI TS 104 053-1 V1.1.1 (2024-07)
During initialization and the generation of key bytes the same feedback process, however without the CK input (= 0), is
i
continued as follows:
with K' denoting the next byte value (i.e. after one step) of the register section K' .
i i
K' = P (K ⊕ K )
0 3 0
K' = K
1 0
K' = K
2 1
K' = K
3 2
The series of mixed and permutated bytes is also offered to the feedback circuit of the output register.
5.1.5 Byte Permutation Function
The byte permutation function P is a randomly chosen permutation in the set of all 256 possible bytes. The look up table
for this permutation is given in Figure 3. The higher nibble of the output is the left one of the output value, e.g.
P (27 ) = 6A.
5.1.6 Expander E
The expander function converts a two-byte input to a 32-bit word, i.e. eight 4-bit nibbles for the nonlinear functions f
and f . The structure of expander E and functions f and f is shown in Figure 4.
2 1 2
In this figure, bits 1-8 are the bits of R , respectively R .
2 6
Bits 9-16 are the bits of R , respectively R . Bits 1 and 9 are the most significant bits. The 4-bit nibble inputs to the S
1 5 i
boxes are the result of reading R R (for the input of f ), respectively R R (for the input of f ). The bit left is the msb of
2 1 1 6 5 2
each 4-bit nibble input.
5.1.7 Nonlinear Function f
The nonlinear functions f and f have the structure shown in Figure 4. Each of the boxes S to S receives the nibble
1 2 1 8
input concerned from the expander E and computes a bit for the output byte. S is the most significant bit in the output
byte, and S is the least significant one.
The functions f and f are given in the truth tables, Figure 5 and Figure 6, respectively. The hexadecimal value of the
1 2
input nibble for each S is the one given in the top row of these figures. The computed output bit for the corresponding
i
S ; can be read in the column below the input nibble row.
i
5.1.8 8-bit Permutation BP
The permutation BP is a so-called wire-crossing with a fixed pattern. If the eight bits of R are numbered 12345678 the
order of the bits after BP becomes 58417326. The left bit in both bytes is the most significant; the right bit is the least
significant.
5.1.9 Feedback of output register
The results of the functional components BP, f , f and CK byte permutation P are added in the feedback path of the
1 2
output register and affect. the operation (i.e. operation after loading the CK and Initialization vector) as follows:
with R' denoting the next byte value (i.e. after one step) of the output register Section R :
i i
R' = R ⊕ f (R , R ) ⊕ BP (R ) ⊕ P
o 7 2 6 5 4 out
R' = R
1 o
R' = R
2 1
R' = R
3 2
ETSI
10 ETSI TS 104 053-1 V1.1.1 (2024-07)
R' = R ⊕ f (R , R )
4 3 1 2 1
R' = R
5 4
R' = R
6 5
R' = R
7 6
5.2 Key Stream Generation
5.2.1 Summary
The algorithm consists of four main phases: the CK loading, the IV loading, the run-up and the key byte generation
proper.
During the CK loading the initial state of the key register is determined. Next, the initial state of the output register is
determined by loading of the Initialization Vector as described in clause 5.2.3. Thereafter, a run-up is carried out during
which the initial contents of the Output Register (converted and adapted IV) and the K Register are changed by the
i
effect of the BP, E, f , f and P functions (see clause 5.2.4).
1 2
After the run-up is completed, each output cycle produces a key byte from the key byte stream as specified in
clause 5.2.5. At any point during the run-up and the generation of the key byte stream, the state of the algorithm is
determined by the states of the output and the K registers.
i
5.2.2 CK loading
The CK loading depends on the 80-bit Cipher Key, the feedback method and the permutation function P. The 10 CK
bytes are loaded as depicted in clause 5.3, Figure 2. The reduced CK, i.e. the 32 bits available in the K register after the
i
loading process, will affect the further initialization of the algorithm and the generation of key bytes.
5.2.3 IV loading
The output register is first loaded with a.29-bit Initialization Vector. This IV is converted to a 32-bit word by taking the
three most significant bits as zeroes, and the remaining 29 bit as the given IV. For instance, if the running counter is the
binary value:
11010 00011010 11100010 00000110
the 32-bit word becomes:
00011010 00011010 11100010 00000110.
The least significant byte of that 32-bit word is loaded into R , the next byte into R , the next one into R , and, finally,
3 4 5
the most significant (the padded one) becomes the R initial value. The cells R , R , R and R are loaded in the same
6 0 1 2 7
order with the 32-bit word XORed with the constant mask 96724FA1. Then, we have the following initialization
assignments, with the running counter as a four-byte number F F F F :
1 2 3 4
R = F ⊕ 96
7 1
R = F
6 1
R = F
5 2
R = F
4 3
R = F
3 4
R = F ⊕ 72
2 2
R = F ⊕ 4F
1 3
R = F ⊕ Al
0 4
ETSI
11 ETSI TS 104 053-1 V1.1.1 (2024-07)
Using the IV, mentioned in the example above, the result is:
1  8
10001 100 00011010 00011010
00000110 01101000 10100111
for the R , ., R and R , ., R bytes.
7 4 3 0
The eight bits of each R; numbered from 1 to 8 are loaded into the register locations:
R (7), R (6), ., R (0) respectively.
i i i
5.2.4 Run-up
After the IV load into the output register all functional components of the TEA1 become operational and 53 initializing
steps are performed to bring the algorithm in the CK and IV dependent starting point from which the generation of key
bytes can start.
For run-up and key byte generation a step is defined as applying the formulae in clauses 5.1.4 and 5.1.9 once.
5.2.5 Key byte generation
After the run-up cycle one step is made to produce the first key byte. Successive key bytes are generated each 19 steps.
ETSI
12 ETSI TS
...