CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited

The cipher CTC (Courtois Toy Cipher) described in [4] has been designed to demonstrate that it is possible to break on a PC a block cipher with good diffusion and very small number of known (or chosen) plaintexts. It has however never been designed to withstand all known attacks on block ciphers and Dunkelman and Keller have shown [13] that a few bits of the key can be recovered by Linear Cryptanalysis (LC) – which cannot however compromise the security of a large key. This weakness can easily be avoided: in this paper we give a specification of CTC2, a tweaked version of CTC. The new cipher is MUCH more secure than CTC against LC and the key scheduling of CTC has been extended to use any key size, independently from the block size. Otherwise, there is little difference between CTC and CTC2. We will show that up to 10 rounds of CTC2 can be broken by simple algebraic attacks.

[1]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[2]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[3]  Nicolas Courtois,et al.  The Security of Hidden Field Equations (HFE) , 2001, CT-RSA.

[4]  Gregory V. Bard,et al.  Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers , 2007, IACR Cryptol. ePrint Arch..

[5]  Fabio Massacci Towards the Formal Verification of Ciphers: Logical Cryptanalysis of DES , 1999 .

[6]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[7]  Nicolas Courtois,et al.  How Fast can be Algebraic Attacks on Block Ciphers ? , 2006, IACR Cryptol. ePrint Arch..

[8]  Jacques Patarin,et al.  QUAD: A Practical Stream Cipher with Provable Security , 2006, EUROCRYPT.

[9]  Jacques Patarin,et al.  Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88 , 1995, CRYPTO.

[10]  Fabio Massacci,et al.  Using Walk-SAT and Rel-Sat for Cryptographic Key Search , 1999, IJCAI.

[11]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[12]  Ingrid Schaumüller-Bichl,et al.  Cryptonalysis of the Data Encryption Standard by the Method of Formal Coding , 1982, EUROCRYPT.

[13]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[14]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .