[Resource Topic] 2006/250: Linear Cryptanalysis of CTC

Welcome to the resource topic for 2006/250

Linear Cryptanalysis of CTC

Authors: Orr Dunkelman, Nathan Keller


CTC is a toy cipher designed by Courtois in order to prove the strength of algebraic attacks. In this paper we study the differential and the linear behavior of the 85 S-boxes version, which is attacked using algebraic techniques faster than exhaustive key search. We show that an n-round variant of the cipher can be attacked by a linear attack using only 2^{2n+2} known plaintexts, with a negligible time complexity. We conclude that CTC is insecure, even for quite a large number of rounds. We note that our observations can be probably used to devise other attacks that exploit the relatively slow diffusion of CTC.

ePrint: https://eprint.iacr.org/2006/250

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .