Field Guide · algorithm

Also known as: TEA1, TEA2, TEA3, TEA4, TETRA Encryption Algorithm

The TEA ciphers (TETRA Encryption Algorithm 1 through 7) are the proprietary stream ciphers that provide over-the-air encryption on TETRA networks, generating a keystream that is XORed with the digitized voice and data on the air interface.1 Kept secret by ETSI for decades under strict non-disclosure, the family was designed for different export and user tiers — and in 2023 the TETRA:BURST research showed that at least one of them, TEA1, was intentionally weakened to a level that a laptop can break.2

80-bit key frame no. TEA keystreamgenerator voice/data on air TEA1: ~32-bit effective
Each TEA cipher seeds a keystream from an 80-bit key and the frame counter and XORs it with the traffic; TEA1's effective key was deliberately shrunk to about 32 bits.

How it works

TETRA air-interface encryption is a synchronous stream cipher: the TEA algorithm takes the shared Cipher Key (80 bits) together with a per-frame value derived from the network time / frame number, and produces a keystream that both radio and base station XOR with the traffic. Because the seed advances with the frame counter, each frame gets fresh keystream, and a receiver that knows the key and is aligned to network timing can regenerate the same sequence and decrypt. This is TETRA’s air-interface (Class 2/3) encryption, distinct from optional end-to-end encryption that some agencies layer on top.

The four original algorithms map to markets rather than to strength: TEA2 for European public-safety use, TEA1 for commercial and export use, and TEA3/TEA4 for other export scenarios. The internal designs were never published — security rested on secrecy, a violation of Kerckhoffs’s principle that ultimately delayed rather than prevented scrutiny. A newer set, TEA5–TEA7, was introduced by ETSI in 2022 as modern replacements.

In practice — TETRA:BURST

In 2023 the Dutch firm Midnight Blue reverse-engineered the algorithms from radio firmware and published TETRA:BURST, a set of five vulnerabilities.2 Two are structural and severe:

  • CVE-2022-24402 (the TEA1 backdoor): although TEA1 accepts an 80-bit key, a reduction step compresses it to an effective keystrength of about 32 bits — brute-forceable in minutes on a laptop. This is a deliberate weakening, consistent with TEA1’s export role, and it means TEA1-protected traffic offers essentially no confidentiality against a capable attacker.
  • CVE-2022-24401 (keystream recovery): a flaw in the air-interface synchronization lets an attacker recover keystream by exploiting the predictable, time-derived seed, enabling decryption or injection independent of key strength.

The remaining issues cover deanonymization and message manipulation. The takeaway is that TEA2/TEA3 are not shown to be mathematically broken, but the ecosystem’s reliance on secrecy hid a purpose-built weak tier and protocol-level flaws for decades.

Relevance to SDR

TETRA is squarely in the family of trunked systems a scanner may follow, and TEA is the reason its voice is usually opaque. A software-defined radio can demodulate the π/4-DQPSK TETRA carrier, recover the burst structure, and see that traffic is encrypted and which key class is negotiated, but reproducing the keystream requires the Cipher Key — which a monitoring receiver does not hold. GopherTrunk treats TETRA as detect-and-follow, not decode: it can identify an encrypted TETRA call and log its metadata, and it does not implement the TETRA:BURST attacks. Those results are important context for honesty about the medium — a signal being “encrypted” is not a uniform guarantee, since TEA1 in particular was engineered to be weak — but recovering keyed audio remains outside a passive scanner’s scope and outside GopherTrunk’s feature set.

Sources

  1. Terrestrial Trunked Radio — Wikipedia, for TETRA air-interface encryption, the TEA1–TEA4 market split, and the TEA5–TEA7 successors. 

  2. TETRA:BURST — Midnight Blue, for the reverse-engineering of the TEA ciphers and the TEA1 effective-32-bit reduction (CVE-2022-24402) and keystream-recovery (CVE-2022-24401) findings.  2

See also