Skip to main content
SpringerLink
Log in
Book cover

Cryptographers’ Track at the RSA Conference

CT-RSA 2009: Topics in Cryptology – CT-RSA 2009 pp 226–239Cite as

Cryptanalysis of CTC2

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5473))

Abstract

CTC is a toy cipher designed in order to assess the strength of algebraic attacks. While the structure of CTC is deliberately weak with respect to algebraic attacks, it was claimed by the designers that CTC is secure with respect to statistical attacks, such as differential and linear cryptanalysis. After a linear attack on CTC was presented, the cipher’s linear transformation was tweaked to offer more diffusion, and specifically to prevent the existence of 1-bit to 1-bit approximations (and differentials) through the linear transformation. The new cipher was named CTC2, and was analyzed by the designers using algebraic techniques.

In this paper we analyze the security of CTC2 with respect to differential and differential-linear attacks. The data complexities of our best attacks on 6-round, 7-round, and 8-round variants of CTC2 are 64, 215, and 237 chosen plaintexts, respectively, and the time complexities are dominated by the time required to encrypt the data.

Our findings show that the diffusion of CTC2 is relatively low, and hence variants of the cipher with a small number of rounds are relatively weak, which may explain (to some extent) the success of the algebraic attacks on these variants.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Biham, E.: On matsui’s linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 341–355. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  2. Biham, E., Dunkelman, O., Keller, N.: Enhancing differential-linear cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 254–266. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  3. Biham, E., Dunkelman, O., Keller, N.: Differential-linear cryptanalysis of serpent. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 9–21. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Biryukov, A., De Cannière, C., Quisquater, M.: On multiple linear approximations. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 1–22. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Buchmann, J., Pyshkin, A., Weinmann, R.-P.: Block ciphers sensitive to gröbner basis attacks. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 313–331. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Collard, B., Standaert, F.-X., Quisquater, J.-J.: Improved and multiple linear cryptanalysis of reduced round serpent. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 51–65. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Nicolas, T.: Courtois, How Fast can be Algebraic Attacks on Block Ciphers?, IACR ePrint report 2006/168 (2006)

    Google Scholar 

  9. Courtois, N.T.: Algebraic Attacks On Block Ciphers. In: Dagstuhl seminar on Symmetric Cryptography (January 2007)

    Google Scholar 

  10. Courtois, N.T.: CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited, IACR ePrint report 2007/152 (2007)

    Google Scholar 

  11. Courtois, N.T., Bard, G.V., Wagner, D.: Algebraic and slide attacks on keeLoq. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 97–115. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Courtois, N.T., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Dunkelman, O., Keller, N.: Linear Cryptanalysis of CTC, IACR ePrint report 2006/250 (2006)

    Google Scholar 

  15. Dunkelman, O., Sekar, G., Preneel, B.: Improved meet-in-the-middle attacks on reduced-round DES. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 86–100. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Faugére, J.-C., Perret, L.: Algebraic Cryptanalysis of Curry and Flurry using Correlated Messages, IACR ePrint report 2008/402 (2008)

    Google Scholar 

  17. Langford, S.K.: Differential-Linear Cryptanalysis and Threshold Signatures, Ph.D. thesis (1995)

    Google Scholar 

  18. Selçuk, A.A.: On Probability of Success in Linear and Differential Cryptanalysis. Journal of Cryptology 21(1), 131–147 (2008)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Département d’Informatique, École normale supérieure, 45 rue d’Ulm ,Cedex 05, Paris, 75230, France

    Orr Dunkelman

  2. Einstein Institute of Mathematics, Hebrew University, Jerusalem, 91904, Israel

    Nathan Keller

Authors
  1. Orr Dunkelman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nathan Keller
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Theoretical Computer Science, TU Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany

    Marc Fischlin

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dunkelman, O., Keller, N. (2009). Cryptanalysis of CTC2. In: Fischlin, M. (eds) Topics in Cryptology – CT-RSA 2009. CT-RSA 2009. Lecture Notes in Computer Science, vol 5473. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00862-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00862-7_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00861-0

  • Online ISBN: 978-3-642-00862-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation