Courtois Publications

List of all publications by Dr. Nicolas T. Courtois:

  1. Nicolas T. Courtois and Rebekah Mercer:
    Stealth Address and Key Management Techniques in Blockchain Systems;
    in proceedings of ICISSP 2017, 19-21 Feb 2017, Porto, Portugal.
    Here are some of our slides on this topic. Extended long paper in preparation.
  2. Nicolas T. Courtois:
    Features or Bugs: The Seven Sins of Current Bitcoin,
    In Banking Beyond Banks and Money,
    pp. 97-120, 1 September 2016, Springer.
    Available here.

    ISBN: 978-3-319-42446-0 (Print) 978-3-319-42448-4 (Online)
  3.  Invited “insight talk” at MyCrypt 2016.
    Survey presentation title is Algebraic Cryptanalysis: From Plug-and-Pray Experimental Approach to Constructive Optimization.
    The Pre-proceedings paper title is Two Philosophies For Solving Non-Linear Equations in Algebraic Cryptanalysis, here. Post-proceedings in preparation.
  4. Nicolas T. Courtois:
    High Saturation Complete Graph Approach for EC Point Decomposition and ECDL Problem, preprint, 18 Jul 2016, cf. here.
    Work in progress, here is a brief review.

    • Related but not identical: slides presented at MyCrypt 2016 (invited “insight talk”) can be found here.
  5.    Nicolas T. Courtois, Iason Papapanagiotakis-Bousy, Pouyan Sepehrdad and Guangyan Song:
    Predicting Outcomes of ElimLin Attack on Lightweight Block Cipher Simon,
    In Secrypt 2016 proceedings, pp. 465-470. Avail. here.
    ISBN 978-989-758-196-0, DOI: 10.5220/0005999504650470

  6. Nicolas Courtois:
    An Improved Differential Attack on Full GOST,
    in “The New Codebreakers — a Festschrift for David Kahn”, LNCS 9100, Springer, 2016, pp.282-303.
    This paper contains the best single-key attack on GOST ever found (2^179)!
    This Springer version is a short 20-page version of a substantially longer paper. Initially this was an older preprint draft (15 March 2012) which was later was updated to become an extended version of this paper which contains a lot of additional material which explains the philosophy of such attacks, how such attacks can be discovered, what are the key structural properties of GOST at work, what happens for alternative S-boxes, etc. This extended full version has 54 pages as of 17 December 2015.

  7. Petr Susil, Pouyan Sepehrdad, Serge Vaudenay, Nicolas Courtois:
    On selection of samples in algebraic attacks and a new technique to find hidden low degree equations, Int. J. Inf. Sec. 15(1): 51-65 (2016).
    Here is the paper and here is an earlier version.

  8. Nicolas Courtois, Guangyan Song, Ryan Castellucci:
    Speed Optimizations in Bitcoin Key Recovery Attacks,
    In CECC 2016, post-proceedings of Tatracrypt 2016 conference to appear,
    earlier preprint available here (8 February 2016),  Some basic slides can be found here.

  9. Nicolas Courtois:
    On Splitting a Point with Summation Polynomials in Binary Elliptic Curves, 6 January 2016,
    preprint available here. Some comments can be found here.

  10. Nicolas Courtois:
    On Multiple Symmetric Fixed Points in GOST,
    In Cryptologia, Volume 39, Issue 4, 2015, pp. 322-334.
    Full version can be found here.
    A longer extended monograph work is available, which puts this attack in a context of all known attacks on GOST, see Table 4, Section 29, page 124 in here.

  11. Survey talk on cryptanalysis of GOST given at Edinburgh,
    part of workshop on Security of symmetric ciphers in network protocols, May 25, 2015 – May 29, 2015, ICMS, Edinburgh, UK.
    Here are slides presented.

  12. Nicolas Courtois, Theodosis Mourouzis: Advanced Truncated Differential Attacks Against GOST Block Cipher and Its Variants,
    in Computation, Cryptography, and Network Security, Springer, pp. 351-380, 2015. Cf here.

  13. Nicolas Courtois, Theodosis Mourouzis, Michal Misztal, Jean-Jacques Quisquater, Guangyan Song
    Can GOST Be Made Secure Against Differential Cryptanalysis?,
    In Cryptologia, vol. 39, Iss. 2, 2015, pp. 145-156.  Available here.
  14. Theodosis Mourouzis and Guangyan Song and Nicolas Courtois and Michalis Christofii:
    Advanced Differential Cryptanalysis of Reduced-Round SIMON64/128 Using Large-Round Statistical Distinguishers.
    Preprint: here.
  15. Theodosis Mourouzis, Nicolas Courtois:
    Hypothesis testing and advanced distinguishers in differential cryptanalysis of block ciphers,
    In Tatra Mountains Mathematical Publications,
    Vol. 64, Iss. 1 (Sep 2015), pp. 217-231. Avail. here.
  16. Nicolas T. Courtois:  Good prospects for securing the Wild West,
    pages 38-39, in INFO, the Magazine for Anglo-French Business, November-December 2014.
  17. Theodosis Mourouzis, Nicolas Courtois, Nikos Komninos:
    Advanced truncated differential cryptanalysis of GOST block cipher.
    Paper presented at the 2nd International Conference on Cryptography,
    Network Security and Applications in the Armed Forces,
    1 – 2 April 2014, Hellenic Military Academy, Athens, Greece.
  18. Nicolas Courtois, Theodosis Mourouzis, Anna Grocholewska-Czurylo and Jean-Jacques Quisquater:
    On Optimal Size in Truncated Differential Attacks,
    In CECC 2014, Budapest, Hungary, 21 – 23 May 2014.
    Post-proceedings in Studia Scientiarum Mathematicarum Hungarica, Vol. 52 Iss. 2, cf. here.
    Here are the slides presented  and here is a MUCH longer all-about-Russian-GOST presentation.
    Here are the closely related (but not identical) results presented at CECC 2014.

  19. Nicolas T. Courtois, Pinar Emirdag and Filippo Valsorda:
    Privilege Escalation and Combination Attacks on HD Wallet Systems in Bitcoin,
    in proceedings of Texas Bitcoin Conference 2015, Austin, Texas, 27-29 March 2015.
    See also this earlier paper on the same topic and these slides on BIP032.
  20. Nicolas T. Courtois, Pinar Emirdag and Filippo Valsorda:
    Private Key Recovery Combination Attacks: On Extreme Fragility of Popular Bitcoin Key Management, Wallet and Cold Storage Solutions in Presence of Poor RNG Events,
    16 October 2014, preprint available here.
  21. Nicolas T. Courtois, Pinar Emirdag and Zhouyixing Wang:
    On Detection of Bitcoin Mining Redirection Attacks, In ICISSP 2015, 1st International Conference on Information Systems Security and Privacy, 9-11 Feb 2015, Angers, France.   Here is the paper and here are slides presented.
  22. Nicolas T. Courtois, Pinar Emirdag and Daniel A. Nagy:
    Could Bitcoin Transactions Be 100x Faster?,
    In SECRYPT 2014, 28-30 August 2014, Vienna, Austria. Here is the proceedings version.
    An extended version in preparation. Here is our poster about improving bitcoin speed presented at SECRYPT 2014.
  23. Nicolas Courtois, Theodosis Mourouzis, Guangyan Song, Pouyan Sepehrdad and Petr Susil:
    Combined Algebraic and Truncated Differential Cryptanalysis on Reduced-round Simon,
    in proceedings of SECRYPT 2014, 28-30 August 2014, Vienna, Austria.
    Available here.
  24. Financial Times video interviews:
    excerpts from an interview with Dr Courtois on the problem of slow transactions in bitcoin.
  25.  Nicolas Courtois:
    On The Longest Chain Rule and Programmed Self-Destruction of Crypto Currencies, 2 May 2014.
    Available here. Here is a long, extended set of slides
  26. Nicolas Courtois: Set of Slides about bitcoin and payment
  27. Nicolas Courtois, Lear Bahack:
    On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency,
    28 January 2014.
    Available here. Some slides (not too many) are contained inside this long extended set of slides
  28. Nicolas Courtois, Marek Grajek, Rahul Naik:
    Optimizing SHA256 in Bitcoin Mining,
  29. in proc. of CSS 2014, Springer CCIS vol. 448, pp 131-144.  Available here.
    And here are our detailed slides on bitcoin mining.
  30. Nicolas Courtois, Marek Grajek, Rahul Naik: 
    The Unreasonable Fundamental Incertitudes Behind Bitcoin Mining,
    31 October 2013. Available here.
    Here are the old slides. They are also contained inside this extended set of slides, May 2014. And here are our later detailed slides on bitcoin mining.

  31. Nicolas Courtois: Low-Complexity Key Recovery Attacks on GOST Block Cipher
    In Cryptologia, Volume 37, Issue 1, pp. 1-10, 2013.
    Available here or here
    Here is a very long all-about-Russian-GOST presentation

  32. Nicolas Courtois, Daniel Hulme, Kumail Hussain, Jerzy Gawinecki, Marek Grajek:
    On Bad Randomness and Cloning of Contactless Payment and Building Smart Cards,
    In IWCC 2013, International Workshop on Cyber Crime, co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S+P 2013) San Francisco, USA, 24 May 2013.
    The paper is available at here and here are the slides.
  33. Nicolas T. Courtois: Cryptanalysis of GOST  In the Multiple Key Scenario.
    In post-proceedings of CECC 2013, 
    Tatra Mountains Mathematical Publications. Vol. 57, no. 4 (2013), p. 45-63. Available here. And here is a very long all-about-Russian-GOST presentation
  34. Nicolas T. Courtois, Theodosis Mourouzis:
    Advanced Differential Cryptanalysis and GOST Cipher.
    A 30 minute oral presentation at the 3rd IMA Conference on Mathematics in Defence to be held
    At Tom Elliott Conference Centre, QinetiQ, Malvern, UK on Thursday 24 October 2013.
    6-pages paper in CD-ROM and web proceedings, cf. here.
  35. Nicolas T. Courtois, Theodosis Mourouzis:
    Enhanced Truncated Differential Cryptanalysis of GOST.
    In SECRYPT 2013, 10th International Conference on Security and Cryptography Reykjavik, Iceland, July 29-31, 2013 . Here is the last version I have.
    Some of the results presented are contained inside this very long all-about-Russian-GOST presentation
    And here is the PhD thesis by Theodosis Mourouzis.
  36. Nicolas T. Courtois, Theodosis Mourouzis:
    Propagation of Truncated Differentials in GOST.
    In SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and
    Technologies, August 25 – 31, 2013 – Barcelona, Spain .
    See also this very long all-about-Russian-GOST presentation
  37. Nicolas T. Courtois, Daniel Hulme, Theodosis Mourouzis:
    Multiplicative Complexity and Solving Generalized Brent Equations With SAT Solvers.
    The Third International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking,
    July 22-27, 2012 – Nice, France.
    Published in: conference, ISBN: 978-1-61208-222-6,
    Pages: 22 to 27, Copyright: Copyright (c) IARIA, 2012,
    Date: 22 July 2012, full paper vailable here.
    We have received the Best Paper Award.
    Here are extended slides by Courtois et al. about Multiplicative Complexity:.
    And here is an excellent FSE 2016 follow-up paper which uses the same methodology.
    And here is the PhD thesis by Theodosis Mourouzis.
    And here is our bitslice implementation of PRESENT: present_bitslice.hpresent_bitslice.cpp.
    And here are some S-box optimisations for Algebraic Cryptanalysis for GOST and other ciphers.

  38. Nicolas Courtois, Jerzy A. Gawinecki, Guangyan Song: 
    Contradiction Immunity and Guess-Then-Determine Attacks On GOST
    In Tatra Mountains Mathematic Publications,
    Vol. 53 no. 3 (2012), pp. 65-79.
    Post-proceedings of CECC 2012 (Tatracrypt 2012) conference.
    Here is a very long all-about-Russian-GOST presentation

  39. Nicolas Courtois: Faster Attacks on Full GOST.
    A short presentation presented at FSE 2012 rump session, available here.
  40. Nicolas T. Courtois, Theodosis Mourouzis and Pho V. Le
    Extension of de Weger’s Attack on RSA with Large Public Keys, .
    In SECRYPT 2012, 24-27 July, Rome, Italy. here.

  41. Nicolas Courtois: Algebraic Complexity Reduction and Cryptanalysis of GOST.
    The “master paper” on GOST, a monumental monograph work on the GOST cipher with in-depth analysis of all possible attacks on (except simple/truncated  differential attacks which are covered in a several other papers by the same author) with a detailed analysis of basic facts methods and techniques, 214 pages, available here

  42. Nicolas Courtois: Security Evaluation of GOST 28147-89 In View Of International Standardisation
    In Cryptologia, Volume 36, Issue 1, pp. 2-13, 2012.
    Available here
    Here is our very long all-about-Russian-GOST presentation.An older version of this report was also presented to the experts of International Standards Organisation (ISO) involved in the standardisation of GOST through two member countries, and this version is available at:

  43. Nicolas T. Courtois, Pouyan Sepherdad, Petr Susil and Serge Vaudenay:
    ElimLin Algorithm Revisited. In FSE 2012, LNCS 7549, pp. 306-325, Springer 2012. Can also be found here or here.

  44. Nicolas T. Courtois, Daniel Hulme, Theodosis Mourouzis:
    Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis.
    In SHARCS 2012,
    workshop without formal proceedings, 70 participants,
    Washington DC, 17-18 March 2012.
    On page 179 of the workshop record.
  45. Nicolas T. Courtois, Daniel Hulme and Theodosis Mourouzis:
    Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis, .
    In electronic proceedings of
    2nd IMA Conference Mathematics in Defence 2011,
    20 October 2011,
    Defence Academy of the United Kingdom, Swindon, UK.
    The initial short 6-page version is found
    at here.
    A longer version is available at eprint:
  46. Nicolas T. Courtois, Gregory V. Bard and Daniel Hulme:
    A New General-Purpose Method to Multiply 3×3 Matrices Using Only 23 Multiplications, .
    At arxiv.1108.2830.
  47. Ravi Jhawar, Philip Inglesant, Martina Angela Sasse, and Nicolas Courtois:
    Make Mine a Quadruple:
    Strengthening the Security of Graphical One-Time PIN Authentication
    In NSS 2011,
    5th International Conference on Network and System Security,
    Milan, Italy, September 6-8, 2011.
    Nicolas Courtois:

    Cryptanalysis of Two GOST Variants With 128-bit Keys .
    Will appear in Cryptologia in 2014.
    Here is a very long all-about-Russian-GOST presentation
    Nicolas Courtois, Michal Misztal: 
    Differential Cryptanalysis of GOST.
    Preprint, work in progress, at

    A better attack was developed later, see eprint/2012/138 listed above.
    Nicolas Courtois, Michal Misztal: 

    First Differential Attack On Full 32-Round GOST.
    Accepted at ICICS’11, Thirteenth International Conference on Information and Communications Security,
    November 23-26, 2011, Beijing, China. Springer LNCS 7043.

  51. Nicolas Courtois, Michal Misztal: 
    Differentials and Cryptanalysis of PP-1 and GOST
    . in 11th
    Central European Conference on Cryptology, Full paper appear in Periodica Mathematica Hungarica Vol. 65 (2 ),
    2012, pp. 11–26, DOI: 10.1007/s10998-012-2983-8. 
    Nicolas Courtois, Theodosis Mourouzis:
    Black-Box Collision Attacks on the Compression Function of the GOST Hash
    In 6th International Conference on Security and Cryptography SECRYPT 2011, 18-21 July, Seville,
  53. Nicolas T. Courtois and Gregory V. Bard:
    Random Permutation Statistics and An Improved Slide-Determine Attack on KeeLoq
    To appear in special volume Quisquater Festschrift Springer LNCS 6805, 2011.
  54. Gregory Bard, Nicolas Courtois, Jorge Nakahara Jr, Pouyan Sepehrdad and
    Bingsheng Zhang: 
    Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers. 
    In Indocrypt 2010, LNCS 6498, pp 176-196, Springer.
    See paper and another version and here are the slides.
    Gregory V. Bard, Shaun V. Ault and Nicolas T. Courtois:
    Statistics of Random Permutations
    and the Cryptanalysis Of Periodic Block Ciphers
    In Cryptologia, Vol. 36, Issue 03, pp. 240-262, July 2012.
  56. Nicolas T. Courtois, Keith Jackson and David Ware: 
    Fault-Algebraic Attacks on Inner Rounds of DES. 
    eSmart 2010, European Smart Card Security Conference, 22-24 September 2010,
    Sophia Antipolis, French Riviera, with web proceedings (slides
    presented available here
  57. Nicolas T. Courtois, Sean O’Neil and Jean-Jacques Quisquater: 
    Practical Algebraic Attacks on the Hitag2 Stream Cipher
    , In 12th
    Information Security Conference, ISC 2009, Pisa, Italy 7-9 September 2009,
    Springer LNCS 5735, pp. 167-176.
  58. Nicolas T. Courtois: 
    Self-similarity Attacks on Block Ciphers and Application to KeeLoq
    , was once
    presented at a the International Workshop on Coding and Cryptography
    in Norway in May 2009, is present in printed pre-proceedings but was
    withdrawn from printed final proceedings.
    In special volume Quisquater Festschrift,
    LNCS vol. 6805, Springer, 2011, David Naccache editor.

  59. Nicolas T. Courtois, Sean O’Neil and Jean-Jacques
    Practical Algebraic Attacks on the Hitag2 Stream Cipher in RFID Transponders.  In
    eSmart 2009, European Smart Card Security Conference, 22-25 September 2009,
    Sophia Antipolis, French Riviera, with proceedings being published as a CD-ROM
    (slides presented).

  60. Card-only attacks on MiFare Crypto-1 cipher.Nicolas T. Courtois:
    The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes Anywhere, Anytime, new attack requires only 300 queries to the card, appears in SECRYPT 2009 –
    International Conference on Security and Cryptography: 7-10 July 2009, Milan,
    Italy. Also known as “Courtois dark side” attack on MiFare Classic. Here are
    the slides).A version of this paper is available here.This paper concerns more than 1 billion of smart cards and compromises
    very heavily the security of thousands of buildings and several
    train/bus/parking payment systems in Europe and elsewhere (allowing for
    example unauthorized access to buildings, travel for free, free parking etc.).Other researchers also found other and  different card-only attacks on MiFare Classic but they are more than 10
    times more difficult to handle in terms of online time (more queries to the card, for example when standing or sitting next to the victim).
    The best practical attack currently known on MiFare Classic is actually a combination
    of our attack with 300 queries to find the first key (estimated time: 10
    seconds with Proxmark3), and the Nested Authentication attack from the Oakland paper
    to recover all the other keys (which is extremely fast).
  61.  Nicolas T. Courtois and Karsten Nohl and Sean O’Neil:
    Algebraic attacks on MiFare Crypto-1 cipher
    This work was a bit of disappointment: we could recover the key in 12 seconds
    but this automated cryptanalysis, we did not realize how weak this cipher
    actually was, and later Dutch researchers have shown a simpler and better attack that does the job in less than
    0.1 seconds (in contrast our attack is more generally applicable and can also break Hitag2, see ).
  62. Nicolas Courtois: Improved Brute Force Attacks on KeeLoq,
    In 6th ESCAR conference – Embedded Security in Cars 2008.
    Hotel Hafen Hamburg (Germany), 18-19 November 2008.
  63. Nicolas Courtois and Blandine Debraize:
    Algebraic Description and Simultaneous Linear Approximations of Addition in Snow 2.0.
    In ICICS 2008, 10th International Conference on Information and Communications Security, 20 – 22 October, 2008, Birmingham, UK. Appears in LNCS, Springer.
    (slides presented available here ).
    Also was presented at SASC 2008 workshop, Lausanne, Switzerland, 13-14 February
  64. Côme Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri
    Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine
    Minier, Thomas Pornin and Hervé Sibert: Sosemanuk
    , a Fast Software-Oriented Stream Cipher
    , In New Stream
    Cipher Designs, The eSTREAM Finalists, LNCS 4986, pp.
    98-118, Springer, 2008.
  65. Côme Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois,
    Blandine Debraize, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan,
    Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert:
    Decim v2
    , In New Stream Cipher Designs, The eSTREAM
    Finalists, LNCS 4986, pp. 140-151, Springer, 2008.
  66. Nicolas Courtois, Gregory V. Bard and Andrey Bogdanov:
    Periodic Ciphers with Small Blocks and Cryptanalysis of KeeLoq,
    In Tatra Mountains Mathematic Publications, 41 (2008), pp. 167-188, post-proceedings of
    Tatracrypt 2007 conference.
  67. Sean O’Neil, Nicolas Courtois: Reverse-engineered Philips/NXP Hitag2 Cipher,
    presented at the rump session of FSE 2008, Lausanne, 12 February 2008.
    Source code + nice picture can be found here.

  68. Nicolas Courtois, Gregory V. Bard and David Wagner:
    Algebraic and Slide Attacks on KeeLoq
    . This paper
    describes 1) the first successful algebraic attack in history on a full round
    real-life block cipher 2) the fastest attack ever found on KeeLoq. The
    complexity of the latter is about 2^28  KeeLoq encryptions on average, and can be even
    for a fraction of keys (see our next paper in preparation, not in FSE proceedings).
    The paper w
    as presented at Fast Software Encryption 2008, Lausanne, Switzerland, February
    10-13, 2008, and appears in LNCS Springer, 2008. It is the most highly cited paper in this Springer volume.
    Here are the slides.
    See also a VERY OLD version of the paper, NOT up-to-date at all: eprint/2007/062/.
  69. Experimental algebraic cryptanalysis of block ciphers – web page.
  70.  Tools for algebraic cryptanalysis of ciphers – web page.
  71.  Hard problems in computer science, algebra and cryptanalysis – web page.
  72. Nicolas Courtois: 
    New Frontier in Symmetric Cryptanalysis
    slides from an invited talk by N. Courtois at Indocrypt 2008,
    14-17 December 2008.
    Full version of the slides are available here.
    Another version was presented at ECRYPT workshop Tools for Cryptanalysis in Krakow, 24-25 Sept 2007.
  73. Nicolas Courtois and Blandine Debraize:
    Specific S-box Criteria in Algebraic Attacks on Block Ciphers with Several Known Plaintexts
    , in post-proceedings of WEWoRC 2007, Western European Workshop on Research in Cryptology, July 4-6, 2007, Ruhr-University Bochum, Germany. In LNCS 4945, Springer, 2008, cf. here.
  74. Nicolas Courtois, Gregory V. Bard:
    Algebraic Cryptanalysis of the Data Encryption Standard,
    In 11-th IMA Conference, Cirencester, UK, 18-20 December 2007, Springer LNCS
    Was also presented at
    ECRYPT workshop Tools for Cryptanalysis in Krakow, 24-25 September
    See also
  75. Presentation
    New Frontiers in Symmetric Cryptanalysis
    , from the talk
    given by N. Courtois at rump session of Eurocrypt 2007,
    available he
    Longer and different version was presented at
    ECRYPT workshop Tools for Cryptanalysis
    and is
    available he
  76. Nicolas Courtois, Gregory V. Bard,
    Chris Jefferson: Efficient Methods for
    Conversion and Solution of Sparse Systems of Low-Degree Multivariate
    Polynomials over GF(2) via SAT-Solvers
    , eprint/2007/024/ .
    Also presented at
    ECRYPT workshop Tools for Cryptanalysis in Krakow, 24-25 September
    . A
    working Windows distribution with source code can be found here (it
    requires careful manual installation). 
  77. Nicolas T. Courtois: How Fast can be Algebraic Attacks on Block Ciphers?,
    in online proceedings of
    Dagstuhl Seminar 07021 “Symmetric Cryptography”
    07-12 January 2007,
    available here. ISSN 1862 – 4405, 2007.
    Also available from
  78. Nicolas Courtois, Blandine Debraize and Eric Garrido:
    On Exact Algebraic [Non-]Immunity of S-boxes Based on Power Functions,
    In ACISP 2006, 11th Australasian Conference on Information Security and
    Privacy. 3 – 5 July 2006. Melbourne. Australia.
    Cf. also eprint/2005/203/, and  pdf here.
  79. Nicolas Courtois: Cryptanalysis of Sfinks, eprint/2005/243/.
    In ICISC 2005, LNCS 3935, Springer.
  80. Nicolas Courtois, Louis Goubin: An Algebraic Masking Method to Protect AES Against Power Attacks,In ICISC 2005, LNCS 3935, Springer. CF. also eprint/2005/204/.
  81. Nicolas Courtois:
    The Best Differential Characteristics and Subtleties of the Biham-Shamir Attacks on DES,
  82. C. Berbain, O. Billet, A. Canteaut,
    N. Courtois
    , H. Gilbert, L. Goubin, A. Gouget, L. Granboulan, C.
    Lauradoux, M. Minier, T. Pornin, and H. Sibert:
    SOSEMANUK, a fast software-oriented stream cipher
    submission to ECRYPT call for stream ciphers and presented at SKEW 2005
    workshop in Aarhus, Denmark on 26 May 2005.
  83. C. Berbain, O. Billet, A. Canteaut,
    N. Courtois
    , H. Gilbert, L. Goubin, A. Gouget, L. Granboulan, C.
    Lauradoux, M. Minier, T. Pornin, and H. Sibert:
    DECIM, a new stream cipher for hardware applications
    submission to ECRYPT call for stream ciphers and presented at SKEW 2005
    workshop in Aarhus, Denmark on 27 May 2005.
  84. Aline Gouget, Hervé Sibert, Côme Berbain, Nicolas Courtois, Blandine
    Debraize, Chris Mitchell: Analysis of the
    Bit-Search Generator and sequence compression techniques
    FSE 2005, LNCS 3557, pp. 196-214, Springer, 2006.

  85. Nicolas Courtois:
    Algebraic Attacks on Combiners with Memory and Several Outputs,
    In ICISC 2004, LNCS, Springer.
    The extended and recently updated version of this paper is available at

  86. Nicolas Courtois
    , Feistel Schemes and
    Bi-Linear Cryptanalysis
    , In Crypto 2004, LNCS 3152, pp.
    23-40, Springer. The extended version is available at
  87. Nicolas Courtois,
    The Inverse S-box and Two Paradoxes of Whitening,
    Presented at the Rump Session of Crypto 2004. Here is
    the long, very much extended version of the slides
  88. Jiun-Ming Chen, Nicolas Courtois and Bo-Yin Yang:
    On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic
    In ICICS’04, LNCS 3269, pp. 401-413, Springer, 2004.
  89. Nicolas Courtois,
    Short Signatures, Provable Security, Generic Attacks and Computational Security of Multivariate Polynomial Schemes such as HFE, Quartz and Sflash,
    draft, eprint 2004/143.
  90. Nicolas Courtois,
    The Inverse S-box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers, in
    AES 4 Conference
    , Bonn May 10-12 2004, LNCS 3373, pp. 170-188, Springer.
    Available for Springer subscribers.
    Full version is available here.
  91. Nicolas Courtois,
    General Principles of Algebraic Attacks and New Design Criteria for Components of Symmetric Ciphers.
    Invited talk, AES 4 Conference,
    Bonn, 10-12 May 2004, LNCS 3373, pp. 67-83, Springer.
    Available for Springer subscribers.
    Full version is available here.
  92. Nicolas Courtois, Louis Goubin and Jacques Patarin:
    SFLASHv3, a  fast asymmetric signature scheme
    available on
    This paper specifies the new
    version of Sflash. The previous version is no longer recommended.
    Sflash-v3 should remain the fastest signature scheme known and can only be
    rivalled by NTRU.
  93. Nicolas Courtois:
    Algebraic Attacks over GF(2^k), Application to HFE Challenge 2 and Sflash-v2.
    PKC 2004, LNCS, Springer.
    Warning: all numeric complexity estimates of this paper are out of date.
  94. Nicolas Courtois,
    Guilhem Castagnos and Louis Goubin:
    What do
    DES S-boxes Say to Each Other ?

    Available on
    This paper exhibits some structure in the DES S-boxes.
    It also introduces a new type of algebraic attack on block ciphers.

  95. Nicolas Courtois:
    Fast Algebraic Attacks on Stream Ciphers with Linear Feedback.

    Crypto 2003, August 17-21 2003, LNCS 2729, pp. 177-194, Springer.

  96. Nicolas Courtois, Willi Meier:
    Algebraic Attacks on Stream Ciphers with Linear
    Eurocrypt 2003, LNCS 2656, pp. 345-359,
    IMPORTANT: Here is  
    the long extended version of the paper
    and here are
    EXTENDED SLIDES from 2005 with a lot of added material
  97. Nicolas Courtois,
    Robert T. Johnson, Pascal Junod, Thomas Pornin and Michael Scott:
    Did Filiol Break AES ?
    Available at
    . See also
    this page
  98. Nicolas CourtoisJacques Patarin:
    About the XL Algorithm over GF(2)
    in Cryptographers’Track RSA 2003,
    April 13-17, San Francisco, LNCS 2612, pages 141-157, Springer.
  99. Nicolas Courtois:
    Higher Order Correlation Attacks, XL algorithm,
    and Cryptanalysis of Toyocrypt.

    In ICISC 2002,  November 28-29, 2002, Seoul, Korea,
    LNCS 2587, pp. 182-199, Springer.
  100. See also my(older)  web page page about algebraic attacks on stream ciphers.
  101. Nicolas Courtois, Josef Pieprzyk:
    Cryptanalysis of Block Ciphers with Overdefined Systems of Equations; (or
    the XSL attack on block ciphers), in Asiacrypt 2002, LNCS 2501, pp.267-287,
    A DIFFERENT VERSION of this paper with two different versions of the XSL attack are available on
  102. Here is my AES / Rijndael page with the latest news about algebraic attacks on AES.
    This page is frequently updated.
  103. An article entitled Comment Tout Dire Sans Rien Révéler, published special issue of the
    French magazine Pour La Science (French edition of Scientific American),
    available everywhere in France in July-October 2002.
  104. Nicolas Courtois, Magnus Daum and Patrick Felke:
    On the Security of HFE, HFEv- and Quartz,
    In PKC 2003, LNCS 2567, Springer, pp. 337-350.
    An extended
    version can be found on eprint.
  105. Mehdi-Laurent Akkar, Nicolas Courtois,  Louis Goubin, Romain Duteuil,
    A Fast and Secure Implementation of Slash,
    In PKC 2003, LNCS 2567, Springer, pp. 267-278.
    See also the Sflash web page.
  106. Nicolas Courtois:
    Generic Attacks and the Security of Quartz,
    PKC 2003, LLNCS 2567, Springer, pp. 351-364. A preliminary
    version has been presented at the second Nessie workshop, September 13th 2001,
    Royal Holloway, University of London.
    Download the extended version of the paper
    download my PKC presentation.
  107. Nicolas CourtoisLouis Goubin, Willi Meier, Jean-Daniel Tacier:
    Solving Underdefined Systems of Multivariate Quadratic Equations;
    PKC 2002, Paris, February 2002, LNCS 2274, pp. 211-227, Springer.
  108. Nicolas Courtois:
    The security of cryptographic primitives based on multivariate algebraic problems: MQ, MinRank, IP, HFE.
    PhD thesis, Paris 6 university, September 25th 2001, in French, under the direction of Sami
    . The PhD thesis is available here.
    And here are slides from my PhD defense.
  109. Nicolas CourtoisMatthieu Finiasz and Nicolas Sendrier:
    How to achieve a McEliece-based Digital Signature Scheme.
    Here is full version, it was published in Asiacrypt 2001, LNCS 2248, Springer, pp. 157-174.
    An early version was published at eprint, and even earlier as Inria rapport de recherche 4118, February 2001. Here are the slides presented at the rump session of Crypto 2001.
    Check also the homepage of McEliece signature scheme.
  110. Nicolas Courtois:
    Efficient Zero-knowledge authentication based on a linear algebra problem MinRank.
    Presented at Asiacrypt 2001, LNCS 2248, Springer, pp. 402-421.
    The full paper is available at the iacr server, download directly the ps/pdf file.
    Here is the presentation from Asiacrypt 2001
    A preliminary version was presented at the Rump Session of Crypto 2000 and also at the
    PKC&CNT conference
    . This paper also contains a Ring Signature scheme.
    A slide showing some difficult problems and reductions known in multivariate cryptography.
  111. Nicolas Courtois:
    The Security of Hidden Field Equations (HFE),
    Cryptographers’ Track Rsa Conference 2001
    LNCS 2020, pp. 266-281, Springer-Verlag.
    Donwload the paper hfesec.dvi / / hfesec.pdf.
    The slides on HFE security from RSA2001:
    / / hfesecsl.pdf.Comments: This paper describes a subexponential attack on HFE and is the best
    attack ever found on HFE and HFE Challenge
    At Crypto 2003 Joux and Faugère will explain why this attack works and improve it slightly.
    See also the “official” HFE cryptosystem home page.
  112. Nicolas CourtoisLouis Goubin and Jacques Patarin:
    Quartz, 128-bit long digital signatures, submitted to
    Nessie European Call for Primitives
    , and also published in
    Cryptographers’ Track Rsa Conference 2001
    , LNCS
    2020, pp.282-297, Springer-Verlag.
    The official homepage for Quartz.
  113. Nicolas CourtoisLouis Goubin and Jacques Patarin: Flash, a fast multivariate
    signature algorithm
    , submitted to
    Nessie European Call for Primitives
    , and also published in
    Cryptographers’ Track Rsa Conference 2001
    , LNCS 2020, pp. 298-307, Springer.
    The official homepages for Flash/Sflash.
  114. Nicolas Courtois:
    On multivariate signature-only public key cryptosystems,
    paper available at
  115. My talk Hfe and MinRank
    at the PKC&CNT conference.
  116. Nicolas Courtois and Louis Goubin:
    The Cryptanalysis of TTM
    In Asiacrypt’2000, LNCS 1976, Springer, pp.44-57.
    Slides from Asiacrypt 2000 talk on the cryptanalysis of TTM.
  117. web page about TTM.
  118. My talk from the Enigma 2000 conference (in Polish),
    Nicolas Courtois:
    Algorytm klucza publicznego HFE
    , corrected and extended,
  119. An intoduction to multivariate cryptography, (in Polish), presented
    also at the Enigma 2000 conference (in Polish),
    Nicolas CourtoisKryptografia Wielu Zmiennych, corrected and extended
  120. Nicolas Courtois, Alexander Klimov,  Jacques Patarin, and Adi Shamir:
    Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial
    , Eurocrypt 2000,
    LNCS 1807, Springer, pp. 392-407.
    The extended version of the paper is available here.
    Here are slides from my talk at Eurocrypt 2000
    (but does not include 2 slides I made by hand).
  121. Mes transparents (en français) sur HFE et polynômes multivariables (Batz-sur-Mer, 1er Juin
    1999). Corrigé.
  122. English-French-Polish cryptology dictionary.
  123. Nicolas CourtoisLouis Goubin and Jacques Patarin:
    C*-+ and HM – Variations around two schemes of T. Matsumoto and H. Imai;
    Asiacrypt’ 98
    , Springer, pp.35-49.
    Here is the extended version of the paper dvi / ps / pdf.
  124. Nicolas CourtoisLouis Goubin and Jacques Patarin:
    Improved Algorithms for Isomorphism of Polynomials.
    , Springer, pp.184-200.
    Here isthe extended version of the paper as a  dvi/ ps or pdf file.
    Here are slides from my talk at Eurocrypt’98.
  125. Nicolas Courtois:
    Extensive study of Isomorphism of Polynomials
    and Asymmetric Cryptography
    Download it’s abstract  (English/French).
    Or the whole work in French (quite out of date now).
  126. Nicolas Courtois: Article Metoda Hylemorficzna
    presented at VIth Philosophical Symposium, Toruñ, Poland, September 7th 1995.
  127. Nicolas Courtois:
    Report on the cryptanalysis of the HARALIA cryptosystem (1995).
    You can download it’s abstract (English/French) and introduction (in French).
  128. Nicolas Courtois:
    A student project about Quantum teleportation (EPR pairs) – scanned bad quality
    in french and quite out of date (1993).
  129. A short note about protecting radio communications from eavesdropping,
    published in the “Pomysly” of the popular Polish magazine “Mlody Technik”, in the early 80s.

Leave a Reply

Your email address will not be published. Required fields are marked *