CryptoDB
Linear Cryptanalysis of CTC
Authors: | |
---|---|
Download: | |
Abstract: | CTC is a toy cipher designed by Courtois in order to prove the strength of algebraic attacks. In this paper we study the differential and the linear behavior of the 85 S-boxes version, which is attacked using algebraic techniques faster than exhaustive key search. We show that an $n$-round variant of the cipher can be attacked by a linear attack using only $2^{2n+2}$ known plaintexts, with a negligible time complexity. We conclude that CTC is insecure, even for quite a large number of rounds. We note that our observations can be probably used to devise other attacks that exploit the relatively slow diffusion of CTC. |
BibTeX
@misc{eprint-2006-21743, title={Linear Cryptanalysis of CTC}, booktitle={IACR Eprint archive}, keywords={secret-key cryptography / cryptanalysis, CTC, linear cryptanalysis}, url={http://eprint.iacr.org/2006/250}, note={ orrd@cs.technion.ac.il 13351 received 22 Jul 2006}, author={Orr Dunkelman and Nathan Keller}, year=2006 }