## CryptoDB

### Paper: Linear Cryptanalysis of CTC

Authors: Orr Dunkelman Nathan Keller URL: http://eprint.iacr.org/2006/250 Search ePrint Search Google CTC is a toy cipher designed by Courtois in order to prove the strength of algebraic attacks. In this paper we study the differential and the linear behavior of the 85 S-boxes version, which is attacked using algebraic techniques faster than exhaustive key search. We show that an $n$-round variant of the cipher can be attacked by a linear attack using only $2^{2n+2}$ known plaintexts, with a negligible time complexity. We conclude that CTC is insecure, even for quite a large number of rounds. We note that our observations can be probably used to devise other attacks that exploit the relatively slow diffusion of CTC.
##### BibTeX
@misc{eprint-2006-21743,
title={Linear Cryptanalysis of CTC},
booktitle={IACR Eprint archive},
keywords={secret-key cryptography / cryptanalysis, CTC, linear cryptanalysis},
url={http://eprint.iacr.org/2006/250},
note={ orrd@cs.technion.ac.il 13351 received 22 Jul 2006},
author={Orr Dunkelman and Nathan Keller},
year=2006
}