The Cube Attack on Courtois Toy Cipher.

The cube attack has been introduced by Dinur and Shamir [8] as a known plaintext attack on symmetric primitives. The attack has been applied to reduced variants of stream ciphers Trivium [3,8] and Grain-128 [2], a reduced to three rounds variant of the block cipher Serpent [9] and a reduced version of the keyed hash function MD6 [3]. In another form the attack appeared in the Vielhaber ePrint articles [13,14], where it was named AIDA (Algebraic Initial Value Differential Attack) and applied to reduced variants of Trivium. We applied the cube attack to the reduced variant of Courtois Toy Cipher (CTC) consisting of four rounds and 120-bit key. After that we extended the attack to five rounds of CTC by applying the 4 + 1 cryptanalytic principle. The article also presents experimental results of recovering the key.