"Cube" cryptanalysis?
James Muir
jamuir at cs.smu.ca
Wed Aug 20 12:12:56 EDT 2008
Greg Rose wrote:
> Basically, any calculation with inputs and outputs can be represented as
> an (insanely complicated and probably intractable) set of binary
> multivariate polynomials. So long as the degree of the polynomials is
> not too large, the method allows most of the nonlinear terms to be
> cancelled out, even though the attacker can't possibly handle them. Then
> you solve a tractable system of linear equations to recover key (or
> state) bits.
I would like to know how Dinur and Shamir's work differs from Courtois'
previous work on Algebraic cryptanalysis of block ciphers. It is a
refinement of Courtois' technique? Greg, do you, or someone else have
some insight on this?
-James
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list