"Cube" cryptanalysis?

[James Muir]

Greg Rose wrote:
> Basically, any calculation with inputs and outputs can be represented as 
>  an (insanely complicated and probably intractable) set of binary 
> multivariate polynomials. So long as the degree of the polynomials is 
> not too large, the method allows most of the nonlinear terms to be 
> cancelled out, even though the attacker can't possibly handle them. Then 
> you solve a tractable system of linear equations to recover key (or 
> state) bits.

I would like to know how Dinur and Shamir's work differs from Courtois' 
previous work on Algebraic cryptanalysis of block ciphers.  It is a 
refinement of Courtois' technique?  Greg, do you, or someone else have 
some insight on this?

-James

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com