Paper 2006/250

Linear Cryptanalysis of CTC

Orr Dunkelman and Nathan Keller

Abstract

CTC is a toy cipher designed by Courtois in order to prove the strength of algebraic attacks. In this paper we study the differential and the linear behavior of the 85 S-boxes version, which is attacked using algebraic techniques faster than exhaustive key search. We show that an $n$-round variant of the cipher can be attacked by a linear attack using only $2^{2n+2}$ known plaintexts, with a negligible time complexity. We conclude that CTC is insecure, even for quite a large number of rounds. We note that our observations can be probably used to devise other attacks that exploit the relatively slow diffusion of CTC.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
cryptanalysisCTClinear cryptanalysis
Contact author(s)
orrd @ cs technion ac il
History
2006-07-24: received
Short URL
https://ia.cr/2006/250
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2006/250,
      author = {Orr Dunkelman and Nathan Keller},
      title = {Linear Cryptanalysis of CTC},
      howpublished = {Cryptology ePrint Archive, Paper 2006/250},
      year = {2006},
      note = {\url{https://eprint.iacr.org/2006/250}},
      url = {https://eprint.iacr.org/2006/250}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.