Cryptology ePrint Archive: Report 2009/497

Cube Attack on Courtois Toy Cipher

Piotr Mroczkowski and Janusz Szmidt

Abstract: Abstract. The cube attack has been introduced by Itai Dinur and Adi Shamir [8] as a known plaintext attack on symmetric primitives. The attack has been applied to reduced variants of the stream ciphers Trivium [3, 8] and Grain-128 [2], reduced to three rounds variant of the block cipher Serpent [9] and reduced version of the hash function MD6 [3]. In the special case the attack has appeared in the M. Vielhaber ePrint articles [13, 14], where it has been named AIDA (Algebraic Initial Value Differential Attack ) and applied to the modified versions of Trivium. In this paper, we present the experimental results of application the cube attack to four rounds of the Courtois Toy Cipher (CTC) with the full recovery of 120-bit key. After that we extend the attack to five rounds by applying the meet-in-the-middle principle. Key words: Cube attack, symmetric primitives, Boolean polynomials, CTC, the meet-in-the-middle method

Category / Keywords: secret-key cryptography / Cube attack, symmetric primimitives, Boolean polynomials, CTC, the meet-in-the-middle-attack.

Date: received 11 Oct 2009, last revised 11 Oct 2009

Contact author: j szmidt at neostrada pl

Available format(s): PDF | BibTeX Citation

Version: 20091014:190716 (All versions of this report)

Short URL: ia.cr/2009/497