Paper 2009/497

Cube Attack on Courtois Toy Cipher

Piotr Mroczkowski and Janusz Szmidt

Abstract

Abstract. The cube attack has been introduced by Itai Dinur and Adi Shamir [8] as a known plaintext attack on symmetric primitives. The attack has been applied to reduced variants of the stream ciphers Trivium [3, 8] and Grain-128 [2], reduced to three rounds variant of the block cipher Serpent [9] and reduced version of the hash function MD6 [3]. In the special case the attack has appeared in the M. Vielhaber ePrint articles [13, 14], where it has been named AIDA (Algebraic Initial Value Differential Attack ) and applied to the modified versions of Trivium. In this paper, we present the experimental results of application the cube attack to four rounds of the Courtois Toy Cipher (CTC) with the full recovery of 120-bit key. After that we extend the attack to five rounds by applying the meet-in-the-middle principle. Key words: Cube attack, symmetric primitives, Boolean polynomials, CTC, the meet-in-the-middle method

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Cube attacksymmetric primimitivesBoolean polynomialsCTCthe meet-in-the-middle-attack.
Contact author(s)
j szmidt @ neostrada pl
History
2009-10-14: received
Short URL
https://ia.cr/2009/497
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/497,
      author = {Piotr Mroczkowski and Janusz Szmidt},
      title = {Cube Attack on Courtois Toy Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/497},
      year = {2009},
      url = {https://eprint.iacr.org/2009/497}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.