International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Linear Cryptanalysis of CTC

Authors:
Orr Dunkelman
Nathan Keller
Download:
URL: http://eprint.iacr.org/2006/250
Search ePrint
Search Google
Abstract: CTC is a toy cipher designed by Courtois in order to prove the strength of algebraic attacks. In this paper we study the differential and the linear behavior of the 85 S-boxes version, which is attacked using algebraic techniques faster than exhaustive key search. We show that an $n$-round variant of the cipher can be attacked by a linear attack using only $2^{2n+2}$ known plaintexts, with a negligible time complexity. We conclude that CTC is insecure, even for quite a large number of rounds. We note that our observations can be probably used to devise other attacks that exploit the relatively slow diffusion of CTC.
BibTeX
@misc{eprint-2006-21743,
  title={Linear Cryptanalysis of CTC},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / cryptanalysis, CTC, linear cryptanalysis},
  url={http://eprint.iacr.org/2006/250},
  note={ orrd@cs.technion.ac.il 13351 received 22 Jul 2006},
  author={Orr Dunkelman and Nathan Keller},
  year=2006
}