Cryptology ePrint Archive: Report 2007/152

CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited

Nicolas T. Courtois

Abstract: The cipher CTC (Courtois Toy Cipher) has been designed to demonstrate that it is possible to break on a PC a block cipher with good diffusion and very small number of known (or chosen) plaintexts. It has however never been designed to withstand all known attacks on block ciphers and Dunkelman and Keller have shown that a few bits of the key can be recovered by Linear Cryptanalysis (LC) - which cannot however compromise the security of a large key. This weakness can easily be avoided: in this paper we give a specification of CTC2, a tweaked version of CTC. The new cipher is MUCH more secure than CTC against LC and the key scheduling of CTC has been extended to use any key size, independently from the block size. Otherwise, there is little difference between CTC and CTC2. We will show that up to 10 rounds of CTC2 can be broken by simple algebraic attacks.

Category / Keywords: secret-key cryptography / block ciphers, toy ciphers, algebraic attacks, SAT solvers, ElimLin, Gröbner bases, experimental cryptanalysis of block ciphers

Date: received 25 Apr 2007, last revised 8 May 2007

Contact author: courtois at minrank org

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20070508:170932 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]