International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Linear Cryptanalysis of CTC

Orr Dunkelman
Nathan Keller
Search ePrint
Search Google
Abstract: CTC is a toy cipher designed by Courtois in order to prove the strength of algebraic attacks. In this paper we study the differential and the linear behavior of the 85 S-boxes version, which is attacked using algebraic techniques faster than exhaustive key search. We show that an $n$-round variant of the cipher can be attacked by a linear attack using only $2^{2n+2}$ known plaintexts, with a negligible time complexity. We conclude that CTC is insecure, even for quite a large number of rounds. We note that our observations can be probably used to devise other attacks that exploit the relatively slow diffusion of CTC.
  title={Linear Cryptanalysis of CTC},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / cryptanalysis, CTC, linear cryptanalysis},
  note={ 13351 received 22 Jul 2006},
  author={Orr Dunkelman and Nathan Keller},