Cryptanalysis of CTC2

Orr Dunkelman, Nathan Keller

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


CTC is a toy cipher designed in order to assess the strength of algebraic attacks. While the structure of CTC is deliberately weak with respect to algebraic attacks, it was claimed by the designers that CTC is secure with respect to statistical attacks, such as differential and linear cryptanalysis. After a linear attack on CTC was presented, the cipheŕs linear transformation was tweaked to offer more diffusion, and specifically to prevent the existence of 1-bit to 1-bit approximations (and differentials) through the linear transformation. The new cipher was named CTC2, and was analyzed by the designers using algebraic techniques. In this paper we analyze the security of CTC2 with respect to differential and differential-linear attacks. The data complexities of our best attacks on 6-round, 7-round, and 8-round variants of CTC2 are 64, 215, and 237 chosen plaintexts, respectively, and the time complexities are dominated by the time required to encrypt the data. Our findings show that the diffusion of CTC2 is relatively low, and hence variants of the cipher with a small number of rounds are relatively weak, which may explain (to some extent) the success of the algebraic attacks on these variants.

Original languageEnglish
Title of host publicationTopics in Cryptology - CT-RSA 2009 - The Cryptographers' Track at the RSA Conference 2009, Proceedings
Number of pages14
StatePublished - 2009
Externally publishedYes
EventCryptographers' Track at the RSA Conference, CT-RSA 2009 - San Francisco, CA, United States
Duration: 20 Apr 200924 Apr 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceCryptographers' Track at the RSA Conference, CT-RSA 2009
Country/TerritoryUnited States
CitySan Francisco, CA

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Cryptanalysis of CTC2'. Together they form a unique fingerprint.

Cite this