There was a previous discussion on this forum regarding the generation of IVs with Enhanced Privacy which fell into the usual trap of discussing how to decrypt encrypted comms and people looking for keys which is NOT what this question is about. The question is that somewhere in the standards or patents I seem to recall a specification for how to generate IVs (Initialisation Vectors) or "Message Indicators" as Motorola refers to them. I am not looking to decrypt anything but just looking to confirm how these publicly broadcast values are calculated in commercial Motorola radios from an educational perspective. IVs can be known or even predicatable and just need to be as unique as possible. Understandign where they come from should not jeapordise the associated encryption algorithm. Some systems just use a straightforward rolling counter and that is fine for many use cases but Motorola apparently use some form of Linear Forward Shift Register for this purpose.
I have seen this mechanism referenced in a couple of different places as using an LFSR with a specifically cited generator polynomial of x^32 + x^4 + x^2 + 1 and I have seen code projects that implement this. However, when looking at actual IVs that are calculated in the real-world, they do not seem to follow this pattern at all. In fact, visual examination of the sequence of bits does not appear to be consistent with the use of any form of LFSR, although I may be missing something obvious. However, the DMR encryption parameter patent does refer to using an LFSR without going into any detail about how that functions. (Although it does explicitly detail a different generator polynomial of X^ 4 + X + 1 for the CRC calculation.)
The only other factor might be a reference to concatanating the CRC and adding the FEC parity bits but I took that to be more in the context of CRC validation rather than IV generation. Also, you would still expect to see some of the input bits retained from this process and that doesn't seem to be the case.
So, without entertaining any discussions about encryption algorithms or decryption technologies, can anyone shed any light on how this IV cycling/LFSR actually works please?
For reference, here are some IVs I have observed in a single continuous transmission from a single radio as an example:
HEX:-
CB269A79
1D995981
8E52FE0E
D69C3148
4233F2D1
16E49C15
0740B9F7
98F35AE1
F92B20DA
ECD2A265
C0E59C8E
8AF72731
EFF53A15
BINARY:-
11001011001001101001101001111001
00011101100110010101100110000001
10001110010100101111111000001110
11010110100111000011000101001000
01000010001100111111001011010001
00010110111001001001110000010101
00000111010000001011100111110111
10011000111100110101101011100001
11111001001010110010000011011010
11101100110100101010001001100101
11000000111001011001110010001110
10001010111101110010011100110001
11101111111101010011101000010101
I have checked more than one installation and noted the same inconsistencies so I don't think I am capturing these incorrectly...
Many thanks
I have seen this mechanism referenced in a couple of different places as using an LFSR with a specifically cited generator polynomial of x^32 + x^4 + x^2 + 1 and I have seen code projects that implement this. However, when looking at actual IVs that are calculated in the real-world, they do not seem to follow this pattern at all. In fact, visual examination of the sequence of bits does not appear to be consistent with the use of any form of LFSR, although I may be missing something obvious. However, the DMR encryption parameter patent does refer to using an LFSR without going into any detail about how that functions. (Although it does explicitly detail a different generator polynomial of X^ 4 + X + 1 for the CRC calculation.)
The only other factor might be a reference to concatanating the CRC and adding the FEC parity bits but I took that to be more in the context of CRC validation rather than IV generation. Also, you would still expect to see some of the input bits retained from this process and that doesn't seem to be the case.
So, without entertaining any discussions about encryption algorithms or decryption technologies, can anyone shed any light on how this IV cycling/LFSR actually works please?
For reference, here are some IVs I have observed in a single continuous transmission from a single radio as an example:
HEX:-
CB269A79
1D995981
8E52FE0E
D69C3148
4233F2D1
16E49C15
0740B9F7
98F35AE1
F92B20DA
ECD2A265
C0E59C8E
8AF72731
EFF53A15
BINARY:-
11001011001001101001101001111001
00011101100110010101100110000001
10001110010100101111111000001110
11010110100111000011000101001000
01000010001100111111001011010001
00010110111001001001110000010101
00000111010000001011100111110111
10011000111100110101101011100001
11111001001010110010000011011010
11101100110100101010001001100101
11000000111001011001110010001110
10001010111101110010011100110001
11101111111101010011101000010101
I have checked more than one installation and noted the same inconsistencies so I don't think I am capturing these incorrectly...
Many thanks
