"Cube" cryptanalysis?

James Muir jamuir at cs.smu.ca
Wed Aug 20 12:12:56 EDT 2008

Greg Rose wrote:
> Basically, any calculation with inputs and outputs can be represented as 
>  an (insanely complicated and probably intractable) set of binary 
> multivariate polynomials. So long as the degree of the polynomials is 
> not too large, the method allows most of the nonlinear terms to be 
> cancelled out, even though the attacker can't possibly handle them. Then 
> you solve a tractable system of linear equations to recover key (or 
> state) bits.

I would like to know how Dinur and Shamir's work differs from Courtois' 
previous work on Algebraic cryptanalysis of block ciphers.  It is a 
refinement of Courtois' technique?  Greg, do you, or someone else have 
some insight on this?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list