International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited

Authors:
Nicolas T. Courtois
Download:
URL: http://eprint.iacr.org/2007/152
Search ePrint
Search Google
Abstract: The cipher CTC (Courtois Toy Cipher) has been designed to demonstrate that it is possible to break on a PC a block cipher with good diffusion and very small number of known (or chosen) plaintexts. It has however never been designed to withstand all known attacks on block ciphers and Dunkelman and Keller have shown that a few bits of the key can be recovered by Linear Cryptanalysis (LC) - which cannot however compromise the security of a large key. This weakness can easily be avoided: in this paper we give a specification of CTC2, a tweaked version of CTC. The new cipher is MUCH more secure than CTC against LC and the key scheduling of CTC has been extended to use any key size, independently from the block size. Otherwise, there is little difference between CTC and CTC2. We will show that up to 10 rounds of CTC2 can be broken by simple algebraic attacks.
BibTeX
@misc{eprint-2007-13434,
  title={CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / block ciphers, toy ciphers, algebraic attacks, SAT solvers, ElimLin, Gröbner bases, experimental cryptanalysis of block ciphers},
  url={http://eprint.iacr.org/2007/152},
  note={ courtois@minrank.org 13641 received 25 Apr 2007, last revised 8 May 2007},
  author={Nicolas T. Courtois},
  year=2007
}