Courtois Publications

List of all publications presentation slides and other related work by Dr. Nicolas T. Courtois:

  1. On latin squares, invariant differentials, random permutations and historical Enigma rotors, in Cryptologia vol? 2022,  published online 07 dec 2021, see here.
  2. Nicolas T. Courtois, Jean-Jacques Quisquater:
    Can a Differential Attack Work for an Arbitrarily Large Number of Rounds? In ICISC 2020, pp. 157-181, LNCS 12593, Springer 2021, see here. Here are slides presented in normal extended version and here is the video of my presentation.
  3. Nicolas T. Courtois, Marek Grajek and Michal Rams:
    On Weak Rotors, Latin Squares, Linear Algebraic Representations, Invariant Differentials and Cryptanalysis of Enigma,
    in Rad HAZU, Matemati\^{c}ke Znanosti, pp. 51-77,
    a.k.a. post-proceedings of CECC 2020, conference took place in Zagreb, Croatia on June 24 – 26, 2020. (the initial title was different).

    1. slides presented are here.
    2. and here is the final version of our paper.
  4. Nicolas T. Courtois: A nonlinear invariant attack on T-310 with the original Boolean function, In Cryptologia, vol. 45, iss. 2, pp. 178-192, 2021, available here.
  5. Nicolas T. Courtois, Marios Georgiou:
    Variable elimination strategies and construction of nonlinear polynomial invariant attacks on T-310,
    in Cryptologia, published online: 18 Oct 2019, here.
  6. Nicolas T. Courtois:
    Structural Nonlinear Invariant Attacks on T-310: Attacking Arbitrary Boolean Functions,
    preprint available here, received 28 Dec 2018. Updated 13 June 2019.

    • Here are slides presented at CECC 2019 (invited talk).
    • And here are slides presented at the 2019  biennial Symposium on Cryptologic History, 17-19 October 2019, Kossiakoff center, Laurel, Maryland, US.
  7. Nicolas T. Courtois: Si seulement Enigma tournait moins vite,
    ou cryptanalyse d’Enigma avec un rotor faible
    , Bulletin de l’ARCSI, Nr. 46, Paris, France, 2020.
  8. Nicolas T. Courtois, Matteo Abbondati, Hamy Ratoanina, Marek Grajek:
    Systematic Construction of Nonlinear Product Attacks on Block Ciphers. In ICISC 2019, pp. 20-51, LNCS 11975, Springer.
  9. Nicolas T. Courtois, Aidan Patrick:
    Lack of Unique Factorization as a Tool in Block Cipher Cryptanalysis,
    preprint, submitted 12 May 2019.
  10. Nicolas T. Courtois, Invariant Hopping Attacks on Block Ciphers, an early version was accepted and presented at WCC2019, The Eleventh International Workshop on Coding and Cryptography, Saint-Jacut-de-la-Mer, France, from 31st March to 5 April 2019. Here is the paper accepted and revised. Here are slides presented at WCC 2019.
    Here is the new extended version of this paper.
  11. Nicolas Courtois, Jörg Drobick and Klaus Schmeh:
    Feistel ciphers in East Germany in the communist Era, in Cryptologia, vol. 42, Iss. 6, 2018, pp. 427-444, see here.
    Some free preprints can be found here.
  12. Christopher D. Clack, Nicolas T. Courtois:
    Distributed Ledger Privacy: Ring Signatures, Möbius and CryptoNote,
    Submitted 7 Feb 2019. Here.
  13. Nicolas T. Courtois, Marios Georgiou:
    Constructive Non-Linear Polynomial Cryptanalysis of a Historical Block Cipher,
    Written in October 2018, public release atARXIV on 7 Feb 2019.
  14. Nicolas Courtois, Maria-Bristena Oprisanu and Klaus Schmeh:
    Linear Cryptanalysis and Block Cipher Design
    in Eastern Germany in the 1970s
    will appear in Cryptologia in 2018.
  15. Tooba Faisal, Nicolas Courtois, Antoaneta Serguieva:
    The Evolution of Embedding Metadata in Blockchain Transactions, preprint, 18 June 2018.
  16. On Use and Abuse of Blockchains, talk at Blockchain UA. by Nicolas Courtois, 3 July 2018, here.
  17. Nicolas T. Courtois, Maria-Bristena Oprisanu:
    Ciphertext-only attacks and weak long-term keys in T-310,
    in Cryptologia, pages 1-21, published online 08 Jan 2018, onlive version is available here.
    And here is a special link to access it for free [first-come first-served.]
  18. Speaker at ASHES 2017 workshop on hardware security:  Nicolas T. Courtois, Varnavas Papaioannou : On Feasibility and Performance of RowHammer AttackWork by  Varnavas Papaioannou done at UCL under supervision of Nicolas Courtois.
    • Nicolas Courtois, Varnavas  Papaioannou: On Feasibility and Performance of Rowhammmer Atack, one version is available here.
    • Slides presented at ASHES. Available here.Here is one recent updated version of our paper presented at ASHES on 3 nov 2017.
    • Our tutorial: Varnavas Papaioannou: Rowhammer TutorialSeptember 24, 2017. Available here.
    • Our github:  It should be cited as: Varnavas Papaioannou. User-Space Rowhammer Testing Tools, October 2017. It contains the following: 
      • 0) our patches to improve two third party tools (hammertime by Tatar 2016 and rowhammer-test by Dullien and Seaborn 2015).
      • 1) a stand-alone tool hprh based on Transparent Huge Pages (THP) feature in Linux
      • 2) a stand-alone tool tcrh based on a timing channel and trying to identify possible targets that are mapped within the same RAM bank.
      • 3) another stand-alone timing attack able to identify regions in memory that are physically contiguous.
  19. Speaker at CECC 2017 in Warsaw, Poland, 29 June 2017, 10:00, slides presented.
  20. Nicolas T. Courtois: Decryption oracle slide attacks on T-310, will appear in print in Cryptologia in 2017/18, electronic version is available now.
  21. Nicolas T. Courtois , Klaus Schmeh , Jörg Drobick, Jacques Patarin, Maria-Bristena Oprisanu, Matteo Scarlata, Om Bhallamudi:
    Cryptographic Security Analysis of T-310. Work in progress, last eprint version received 20 May 2017 and last revised 26 June 2017.
  22. Nicolas T. Courtois and Rebekah Mercer:
    Stealth Address and Key Management Techniques in Blockchain Systems;
    in proceedings of ICISSP 2017, 19-21 Feb 2017, Porto, Portugal.
    Here are some of our slides on this topic. Extended long paper in preparation.
  23. Nicolas T. Courtois:
    Features or Bugs: The Seven Sins of Current Bitcoin,
    In Banking Beyond Banks and Money,
    pp. 97-120, 1 September 2016, Springer.
    Available here.
    ISBN: 978-3-319-42446-0 (Print) 978-3-319-42448-4 (Online)
  24. Talk given in French: État de l’art de la sécurité des blockchains – Nicolas Courtois, Palais Brongniart, Paris, 16 déc. 2016, here.
  25. Talk given in French: “Blockchain vision #3 – Nicolas Courtois”, Paris, France, see here. 12 April 2016.
  26.  Invited “insight talk” at MyCrypt 2016.
    Survey presentation title is Algebraic Cryptanalysis: From Plug-and-Pray Experimental Approach to Constructive Optimization.
    The Pre-proceedings paper title was changed to Two Philosophies For Solving Non-Linear Equations in Algebraic Cryptanalysis the initial version is available here and final post-proceedings Springer version is here.
  27. Nicolas T. Courtois:
    High Saturation Complete Graph Approach for EC Point Decomposition and ECDL Problem, preprint, 18 Jul 2016, cf. here.
    Work in progress, here is a brief review.
  28. Nicolas T. Courtois, Kacper T. Gradon, Klaus Schmeh:
    Crypto Currency Regulation and Law Enforcement Perspectives, avail. here.
  29. Related but not identical: slides presented at MyCrypt 2016 (invited “insight talk”) can be found here.
  30.  Nicolas T. Courtois, Iason Papapanagiotakis-Bousy, Pouyan Sepehrdad and Guangyan Song:
    Predicting Outcomes of ElimLin Attack on Lightweight Block Cipher Simon,
    In Secrypt 2016 proceedings, pp. 465-470. Avail. here.
    ISBN 978-989-758-196-0, DOI: 10.5220/0005999504650470
  31. Nicolas Courtois:
    An Improved Differential Attack on Full GOST,
    in “The New Codebreakers — a Festschrift for David Kahn”, LNCS 9100, Springer, 2016, pp.282-303.
    This paper contains the best single-key attack on GOST ever found (2^179)!
    This Springer version is a short 20-page version of a substantially longer paper. Initially this was an older preprint draft (15 March 2012) which was later was updated to become an extended version of this paper which contains a lot of additional material which explains the philosophy of such attacks, how such attacks can be discovered, what are the key structural properties of GOST at work, what happens for alternative S-boxes, etc. This extended full version has 54 pages as of 17 December 2015.
  32. Petr Susil, Pouyan Sepehrdad, Serge Vaudenay, Nicolas Courtois:
    On selection of samples in algebraic attacks and a new technique to find hidden low degree equations, Int. J. Inf. Sec. 15(1): 51-65 (2016).
    Here is the paper and here is an earlier version.
  33. Nicolas Courtois, Guangyan Song, Ryan Castellucci:
    Speed Optimizations in Bitcoin Key Recovery Attacks,
    In CECC 2016, post-proceedings of Tatracrypt 2016 conference, final published version,
    earlier preprint available here (8 February 2016),  Some basic slides can be found here.
  34. Nicolas Courtois:
    On Splitting a Point with Summation Polynomials in Binary Elliptic Curves, 6 January 2016,
    preprint available here. Some comments can be found here.
  35. Nicolas Courtois:
    On Multiple Symmetric Fixed Points in GOST,
    In Cryptologia, Volume 39, Issue 4, 2015, pp. 322-334.
    Full version can be found here.
    A longer extended monograph work is available, which puts this attack in a context of all known attacks on GOST, see Table 4, Section 29, page 124 in here.
  36. Survey talk on cryptanalysis of GOST given at Edinburgh,
    part of workshop on Security of symmetric ciphers in network protocols, May 25, 2015 – May 29, 2015, ICMS, Edinburgh, UK.
    Here are slides presented.
  37. Nicolas Courtois, Theodosis Mourouzis: Advanced Truncated Differential Attacks Against GOST Block Cipher and Its Variants,
    in Computation, Cryptography, and Network Security, Springer, pp. 351-380, 2015. Cf here.
  38. Nicolas Courtois, Theodosis Mourouzis, Michal Misztal, Jean-Jacques Quisquater, Guangyan Song
    Can GOST Be Made Secure Against Differential Cryptanalysis?,
    In Cryptologia, vol. 39, Iss. 2, 2015, pp. 145-156.  Available here.
  39. Theodosis Mourouzis and Guangyan Song and Nicolas Courtois and Michalis Christofii:
    Advanced Differential Cryptanalysis of Reduced-Round SIMON64/128 Using Large-Round Statistical Distinguishers.
    Preprint: here.
  40. Theodosis Mourouzis, Nicolas Courtois:
    Hypothesis testing and advanced distinguishers in differential cryptanalysis of block ciphers,
    In Tatra Mountains Mathematical Publications,
    Vol. 64, Iss. 1 (Sep 2015), pp. 217-231. Avail. here.
  41. Nicolas T. Courtois:  Good prospects for securing the Wild West,
    pages 38-39, in INFO, the Magazine for Anglo-French Business, November-December 2014.
  42. Theodosis Mourouzis, Nicolas Courtois, Nikos Komninos:
    Advanced truncated differential cryptanalysis of GOST block cipher.
    Paper presented at the 2nd International Conference on Cryptography,
    Network Security and Applications in the Armed Forces,
    1 – 2 April 2014, Hellenic Military Academy, Athens, Greece.
  43. Nicolas Courtois, Theodosis Mourouzis, Anna Grocholewska-Czurylo and Jean-Jacques Quisquater:
    On Optimal Size in Truncated Differential Attacks,
    In CECC 2014, Budapest, Hungary, 21 – 23 May 2014.
    Post-proceedings in Studia Scientiarum Mathematicarum Hungarica, Vol. 52 Iss. 2, cf. here.
    Here are the slides presented  and here is a MUCH longer all-about-Russian-GOST presentation.
    Here are the closely related (but not identical) results presented at CECC 2014.

  44. Nicolas T. Courtois, Pinar Emirdag and Filippo Valsorda:
    Privilege Escalation and Combination Attacks on HD Wallet Systems in Bitcoin,
    in proceedings of Texas Bitcoin Conference 2015, Austin, Texas, 27-29 March 2015.
    See also this earlier paper on the same topic and these slides on BIP032.
  45. Nicolas T. Courtois, Pinar Emirdag and Filippo Valsorda:
    Private Key Recovery Combination Attacks: On Extreme Fragility of Popular Bitcoin Key Management, Wallet and Cold Storage Solutions in Presence of Poor RNG Events,
    16 October 2014, preprint available here.
  46. Some talks in video on the same topic:
    1. What Bitcoin Private keys say to each other (Nicolas T. Courtois, October 2015), see here.
    2. “How to Steal Bitcoins” – talk by Nicolas Courtois, 7 Feb 2015, part 1, part 2, part 3, part 4, part 5, part 6.
  47. Nicolas T. Courtois, Pinar Emirdag and Zhouyixing Wang:
    On Detection of Bitcoin Mining Redirection Attacks, In ICISSP 2015, 1st International Conference on Information Systems Security and Privacy, 9-11 Feb 2015, Angers, France.   Here is the paper and here are slides presented.
  48. Nicolas T. Courtois, Pinar Emirdag and Daniel A. Nagy:
    Could Bitcoin Transactions Be 100x Faster?,
    In SECRYPT 2014, 28-30 August 2014, Vienna, Austria. Here is the proceedings version.
    An extended version in preparation. Here is our poster about improving bitcoin speed presented at SECRYPT 2014.
  49. Nicolas Courtois, Theodosis Mourouzis, Guangyan Song, Pouyan Sepehrdad and Petr Susil:
    Combined Algebraic and Truncated Differential Cryptanalysis on Reduced-round Simon,
    in proceedings of SECRYPT 2014, 28-30 August 2014, Vienna, Austria. Available here.
  50. Financial Times video interviews:
    excerpts from an interview with Dr Courtois on the problem of slow transactions in bitcoin.
  51.  Nicolas Courtois:
    On The Longest Chain Rule and Programmed Self-Destruction of Crypto Currencies, 2 May 2014.
    Available here. Here is a long, extended set of slides
  52. Nicolas Courtois: Set of Slides about bitcoin and payment
  53. Nicolas Courtois, Lear Bahack:
    On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency,
    28 January 2014.
    Available here. Some slides (not too many) are contained inside this long extended set of slides
  54. Nicolas Courtois, Marek Grajek, Rahul Naik:
    Optimizing SHA256 in Bitcoin Mining,
  55. in proc. of CSS 2014, Springer CCIS vol. 448, pp 131-144.  Available here.
    And here are our detailed slides on bitcoin mining.
  56. Nicolas Courtois, Marek Grajek, Rahul Naik: 
    The Unreasonable Fundamental Incertitudes Behind Bitcoin Mining,
    31 October 2013. Available here.
    Here are the old slides. They are also contained inside this extended set of slides, May 2014. And here are our later detailed slides on bitcoin mining.

  57. Nicolas Courtois: Low-Complexity Key Recovery Attacks on GOST Block Cipher
    In Cryptologia, Volume 37, Issue 1, pp. 1-10, 2013.
    Available here or here
    Here is a very long all-about-Russian-GOST presentation

  58. Nicolas Courtois, Daniel Hulme, Kumail Hussain, Jerzy Gawinecki, Marek Grajek:
    On Bad Randomness and Cloning of Contactless Payment and Building Smart Cards,
    In IWCC 2013, International Workshop on Cyber Crime, co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S+P 2013) San Francisco, USA, 24 May 2013.
    The paper is available at here and here are the slides.
  59. Nicolas T. Courtois: Cryptanalysis of GOST  In the Multiple Key Scenario.
    In post-proceedings of CECC 2013, 
    Tatra Mountains Mathematical Publications. Vol. 57, no. 4 (2013), p. 45-63. Available here. And here is a very long all-about-Russian-GOST presentation
  60. Nicolas T. Courtois, Theodosis Mourouzis:
    Advanced Differential Cryptanalysis and GOST Cipher.
    A 30 minute oral presentation at the 3rd IMA Conference on Mathematics in Defence to be held
    At Tom Elliott Conference Centre, QinetiQ, Malvern, UK on Thursday 24 October 2013.
    6-pages paper in CD-ROM and web proceedings, cf. here.
  61. Nicolas T. Courtois, Theodosis Mourouzis:
    Enhanced Truncated Differential Cryptanalysis of GOST.
    In SECRYPT 2013, 10th International Conference on Security and Cryptography Reykjavik, Iceland, July 29-31, 2013 . Here is the last version I have.
    Some of the results presented are contained inside this very long all-about-Russian-GOST presentation
    And here is the PhD thesis by Theodosis Mourouzis.
  62. Nicolas T. Courtois, Theodosis Mourouzis:
    Propagation of Truncated Differentials in GOST.
    In SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and
    Technologies, August 25 – 31, 2013 – Barcelona, Spain .
    See also this very long all-about-Russian-GOST presentation
  63. Nicolas T. Courtois, Daniel Hulme, Theodosis Mourouzis:
    Multiplicative Complexity and Solving Generalized Brent Equations With SAT Solvers.
    The Third International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking,
    July 22-27, 2012 – Nice, France.
    Published in: conference, ISBN: 978-1-61208-222-6,
    Pages: 22 to 27, Copyright: Copyright (c) IARIA, 2012,
    Date: 22 July 2012, full paper vailable here.
    We have received the Best Paper Award.
    Here are extended slides by Courtois et al. about Multiplicative Complexity:.
    And here is an excellent FSE 2016 follow-up paper which uses the same methodology.
    And here is the PhD thesis by Theodosis Mourouzis.
    And here is our bitslice implementation of PRESENT: present_bitslice.hpresent_bitslice.cpp.
    And here are some S-box optimisations for Algebraic Cryptanalysis for GOST and other ciphers.
  64. Nicolas T. Courtois, Daniel Hulme and Theodosis Mourouzis:
    Exact Logic Minimization and Multiplicative Complexity of Concrete Algebraic and Cryptographic Circuits, In International journal on advances in intelligent systems, vol 6 no 3 & 4, pp.165-176, 2013, avail. here.
  65. A talk at 29C3 conference in Hamburg: Cryptanalysis of GOST, 27-30 December 2012. Slides are here.

  66. Nicolas Courtois, Jerzy A. Gawinecki, Guangyan Song: 
    Contradiction Immunity and Guess-Then-Determine Attacks On GOST
    In Tatra Mountains Mathematic Publications,
    Vol. 53 no. 3 (2012), pp. 65-79.
    Post-proceedings of CECC 2012 (Tatracrypt 2012) conference.
    Here is a very long all-about-Russian-GOST presentation

  67. Nicolas Courtois: Faster Attacks on Full GOST.
    A short presentation presented at FSE 2012 rump session, available here.
  68. Nicolas T. Courtois, Theodosis Mourouzis and Pho V. Le
    Extension of de Weger’s Attack on RSA with Large Public Keys, .
    In SECRYPT 2012, 24-27 July, Rome, Italy. here.

  69. Nicolas Courtois: Algebraic Complexity Reduction and Cryptanalysis of GOST.
    The “master paper” on GOST, a monumental monograph work on the GOST cipher with in-depth analysis of all possible attacks on (except simple/truncated  differential attacks which are covered in a several other papers by the same author) with a detailed analysis of basic facts methods and techniques, 214 pages, available here

  70. Nicolas Courtois: Security Evaluation of GOST 28147-89 In View Of International Standardisation
    In Cryptologia, Volume 36, Issue 1, pp. 2-13, 2012.
    Available here
    Here is our very long all-about-Russian-GOST presentation.An older version of this report was also presented to the experts of International Standards Organisation (ISO) involved in the standardisation of GOST through two member countries, and this version is available at:

  71. Nicolas T. Courtois, Pouyan Sepherdad, Petr Susil and Serge Vaudenay:
    ElimLin Algorithm Revisited. In FSE 2012, LNCS 7549, pp. 306-325, Springer 2012. Can also be found here or here.

  72. Nicolas T. Courtois, Daniel Hulme, Theodosis Mourouzis:
    Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis.
    In SHARCS 2012,
    workshop without formal proceedings, 70 participants,
    Washington DC, 17-18 March 2012.
    On page 179 of the workshop record.
  73. Nicolas T. Courtois, Daniel Hulme and Theodosis Mourouzis:
    Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis, .
    In electronic proceedings of
    2nd IMA Conference Mathematics in Defence 2011,
    20 October 2011,
    Defence Academy of the United Kingdom, Swindon, UK.
    The initial short 6-page version is found
    at here.
    A longer version is available at eprint:
  74. Nicolas T. Courtois, Gregory V. Bard and Daniel Hulme:
    A New General-Purpose Method to Multiply 3×3 Matrices Using Only 23 Multiplications, .
    At arxiv.1108.2830.
  75. Ravi Jhawar, Philip Inglesant, Martina Angela Sasse, and Nicolas Courtois:
    Make Mine a Quadruple:
    Strengthening the Security of Graphical One-Time PIN Authentication
    In NSS 2011,
    5th International Conference on Network and System Security,
    Milan, Italy, September 6-8, 2011.
    Nicolas Courtois:

    Cryptanalysis of Two GOST Variants With 128-bit Keys .
    In Cryptologia Cryptologia vol. 38(4), pp. 348-361, 2014.
    Here is a very long all-about-Russian-GOST presentation
    Nicolas Courtois, Michal Misztal: 
    Differential Cryptanalysis of GOST.
    Preprint, work in progress, at

    A better attack was developed later, see eprint/2012/138 listed above.
    Nicolas Courtois, Michal Misztal: 

    First Differential Attack On Full 32-Round GOST.
    Accepted at ICICS’11, Thirteenth International Conference on Information and Communications Security,
    November 23-26, 2011, Beijing, China. Springer LNCS 7043.

  79. Nicolas Courtois, Michal Misztal: 
    Differentials and Cryptanalysis of PP-1 and GOST
    . in 11th
    Central European Conference on Cryptology, Full paper appear in Periodica Mathematica Hungarica Vol. 65 (2 ),
    2012, pp. 11–26, DOI: 10.1007/s10998-012-2983-8. 
    Nicolas Courtois, Theodosis Mourouzis:
    Black-Box Collision Attacks on the Compression Function of the GOST Hash
    In 6th International Conference on Security and Cryptography SECRYPT 2011, 18-21 July, Seville,
  81. Nicolas T. Courtois and Gregory V. Bard:
    Random Permutation Statistics and An Improved Slide-Determine Attack on KeeLoq
    To appear in special volume Quisquater Festschrift Springer LNCS 6805, 2011.
  82. Gregory Bard, Nicolas Courtois, Jorge Nakahara Jr, Pouyan Sepehrdad and
    Bingsheng Zhang: 
    Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers. 
    In Indocrypt 2010, LNCS 6498, pp 176-196, Springer.
    See paper and another version and here are the slides.
    Gregory V. Bard, Shaun V. Ault and Nicolas T. Courtois:
    Statistics of Random Permutations
    and the Cryptanalysis Of Periodic Block Ciphers
    In Cryptologia, Vol. 36, Issue 03, pp. 240-262, July 2012.
  84. Nicolas T. Courtois, Keith Jackson and David Ware: 
    Fault-Algebraic Attacks on Inner Rounds of DES. 
    eSmart 2010, European Smart Card Security Conference, 22-24 September 2010,
    Sophia Antipolis, French Riviera, with web proceedings (slides
    presented available here
  85. Nicolas T. Courtois, Sean O’Neil and Jean-Jacques Quisquater: 
    Practical Algebraic Attacks on the Hitag2 Stream Cipher
    , In 12th
    Information Security Conference, ISC 2009, Pisa, Italy 7-9 September 2009,
    Springer LNCS 5735, pp. 167-176.
  86. Nicolas T. Courtois: 
    Self-similarity Attacks on Block Ciphers and Application to KeeLoq
    , was once
    presented at a the International Workshop on Coding and Cryptography
    in Norway in May 2009, is present in printed pre-proceedings but was
    withdrawn from printed final proceedings.
    In special volume Quisquater Festschrift,
    LNCS vol. 6805, Springer, 2011, David Naccache editor.

  87. Nicolas T. Courtois, Sean O’Neil and Jean-Jacques
    Practical Algebraic Attacks on the Hitag2 Stream Cipher in RFID Transponders.  In
    eSmart 2009, European Smart Card Security Conference, 22-25 September 2009,
    Sophia Antipolis, French Riviera, with proceedings being published as a CD-ROM
    (slides presented).

  88. Card-only attacks on MiFare Crypto-1 cipher.Nicolas T. Courtois:
    The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes Anywhere, Anytime, new attack requires only 300 queries to the card, appears in SECRYPT 2009 –
    International Conference on Security and Cryptography: 7-10 July 2009, Milan,
    Italy. Also known as “Courtois dark side” attack on MiFare Classic. Here are
    the slides).A version of this paper is available here. This paper concerns more than 2 billion of smart cards sold and compromises
    very heavily the security of thousands of buildings and several
    train/bus/parking payment systems in Europe and elsewhere (allowing for example unauthorized access to buildings, travel for free, free parking in say Cambridge UK, or Malaysia, the Netherlands, or Boston US, etc. etc.). Other researchers also found other and  different card-only attacks on MiFare Classic but they are more than 10 times more difficult to handle in terms of online time (more queries to the card, for example when standing or sitting next to the victim).
    The best practical attack currently known on MiFare Classic is actually a combination of our attack with 300 queries to find the first key (estimated time: 10 seconds with Proxmark3), and the Nested Authentication attack from the Oakland paper
    to recover all the other keys (which is extremely fast).
  89.  Nicolas T. Courtois and Karsten Nohl and Sean O’Neil:
    Algebraic attacks on MiFare Crypto-1 cipher
    This work was a bit of disappointment: we could recover the key in 12 seconds
    but this automated cryptanalysis, we did not realize how weak this cipher
    actually was, and later Dutch researchers have shown a simpler and better attack that does the job in less than
    0.1 seconds (in contrast our attack is more generally applicable and can also break Hitag2, see ).
  90. Nicolas Courtois: Improved Brute Force Attacks on KeeLoq,
    In 6th ESCAR conference – Embedded Security in Cars 2008.
    Hotel Hafen Hamburg (Germany), 18-19 November 2008.
  91. Nicolas Courtois and Blandine Debraize:
    Algebraic Description and Simultaneous Linear Approximations of Addition in Snow 2.0.
    In ICICS 2008, 10th International Conference on Information and Communications Security, 20 – 22 October, 2008, Birmingham, UK. Appears in LNCS, Springer.
    (slides presented available here ).
    Also was presented at SASC 2008 workshop, Lausanne, Switzerland, 13-14 February
  92. Côme Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri
    Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine
    Minier, Thomas Pornin and Hervé Sibert: Sosemanuk
    , a Fast Software-Oriented Stream Cipher
    , In New Stream
    Cipher Designs, The eSTREAM Finalists, LNCS 4986, pp.
    98-118, Springer, 2008.
  93. Côme Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois,
    Blandine Debraize, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan,
    Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert:
    Decim v2
    , In New Stream Cipher Designs, The eSTREAM
    Finalists, LNCS 4986, pp. 140-151, Springer, 2008.
  94. Nicolas Courtois, Gregory V. Bard and Andrey Bogdanov:
    Periodic Ciphers with Small Blocks and Cryptanalysis of KeeLoq,
    In Tatra Mountains Mathematic Publications, 41 (2008), pp. 167-188, post-proceedings of
    Tatracrypt 2007 conference.
  95. Sean O’Neil, Nicolas Courtois: Reverse-engineered Philips/NXP Hitag2 Cipher,
    presented at the rump session of FSE 2008, Lausanne, 12 February 2008.
    Source code + nice picture can be found here.

  96. Nicolas Courtois, Gregory V. Bard and David Wagner:
    Algebraic and Slide Attacks on KeeLoq
    . This paper
    describes 1) the first successful algebraic attack in history on a full round
    real-life block cipher 2) the fastest attack ever found on KeeLoq. The
    complexity of the latter is about 2^28  KeeLoq encryptions on average, and can be even
    for a fraction of keys (see our next paper in preparation, not in FSE proceedings).
    The paper w
    as presented at Fast Software Encryption 2008, Lausanne, Switzerland, February
    10-13, 2008, and appears in LNCS Springer, 2008. It is the most highly cited paper in this Springer volume.
    Here are the slides.
    See also a VERY OLD version of the paper, NOT up-to-date at all: eprint/2007/062/.
  97. Experimental algebraic cryptanalysis of block ciphers – web page.
  98.  Tools for algebraic cryptanalysis of ciphers – web page.
  99.  Hard problems in computer science, algebra and cryptanalysis – web page.
  100. Nicolas Courtois: 
    New Frontier in Symmetric Cryptanalysis
    slides from an invited talk by N. Courtois at Indocrypt 2008,
    14-17 December 2008.
    Full version of the slides are available here.
    Another version was presented at ECRYPT workshop Tools for Cryptanalysis in Krakow, 24-25 Sept 2007.
  101. Nicolas Courtois and Blandine Debraize:
    Specific S-box Criteria in Algebraic Attacks on Block Ciphers with Several Known Plaintexts
    , in post-proceedings of WEWoRC 2007, Western European Workshop on Research in Cryptology, July 4-6, 2007, Ruhr-University Bochum, Germany. In LNCS 4945, Springer, 2008, cf. here.
  102. Nicolas Courtois, Gregory V. Bard:
    Algebraic Cryptanalysis of the Data Encryption Standard,
    In 11-th IMA Conference, Cirencester, UK, 18-20 December 2007, Springer LNCS
    Was also presented at
    ECRYPT workshop Tools for Cryptanalysis in Krakow, 24-25 September
    See also
  103. Presentation
    New Frontiers in Symmetric Cryptanalysis
    , from the talk
    given by N. Courtois at rump session of Eurocrypt 2007,
    available he
    Longer and different version was presented at
    ECRYPT workshop Tools for Cryptanalysis
    and is
    available he
  104. Nicolas Courtois, Gregory V. Bard,
    Chris Jefferson: Efficient Methods for
    Conversion and Solution of Sparse Systems of Low-Degree Multivariate
    Polynomials over GF(2) via SAT-Solvers
    , eprint/2007/024/ .
    Also presented at
    ECRYPT workshop Tools for Cryptanalysis in Krakow, 24-25 September
    . A
    working Windows distribution with source code can be found here (it
    requires careful manual installation). 
  105. Nicolas T. Courtois: How Fast can be Algebraic Attacks on Block Ciphers?,
    in online proceedings of
    Dagstuhl Seminar 07021 “Symmetric Cryptography”
    07-12 January 2007,
    available here. ISSN 1862 – 4405, 2007.
    Also available from
  106. Nicolas Courtois, Blandine Debraize and Eric Garrido:
    On Exact Algebraic [Non-]Immunity of S-boxes Based on Power Functions,
    In ACISP 2006, 11th Australasian Conference on Information Security and
    Privacy. 3 – 5 July 2006. Melbourne. Australia.
    Cf. also eprint/2005/203/, and  pdf here.
  107. Nicolas Courtois: Cryptanalysis of Sfinks, eprint/2005/243/.
    In ICISC 2005, LNCS 3935, Springer.
  108. Nicolas Courtois, Louis Goubin: An Algebraic Masking Method to Protect AES Against Power Attacks,In ICISC 2005, LNCS 3935, Springer. CF. also eprint/2005/204/.
  109. Nicolas Courtois:
    The Best Differential Characteristics and Subtleties of the Biham-Shamir Attacks on DES,
  110. C. Berbain, O. Billet, A. Canteaut,
    N. Courtois
    , H. Gilbert, L. Goubin, A. Gouget, L. Granboulan, C.
    Lauradoux, M. Minier, T. Pornin, and H. Sibert:
    SOSEMANUK, a fast software-oriented stream cipher
    submission to ECRYPT call for stream ciphers and presented at SKEW 2005
    workshop in Aarhus, Denmark on 26 May 2005.
  111. C. Berbain, O. Billet, A. Canteaut,
    N. Courtois
    , H. Gilbert, L. Goubin, A. Gouget, L. Granboulan, C.
    Lauradoux, M. Minier, T. Pornin, and H. Sibert:
    DECIM, a new stream cipher for hardware applications
    submission to ECRYPT call for stream ciphers and presented at SKEW 2005
    workshop in Aarhus, Denmark on 27 May 2005.
  112. Aline Gouget, Hervé Sibert, Côme Berbain, Nicolas Courtois, Blandine
    Debraize, Chris Mitchell: Analysis of the
    Bit-Search Generator and sequence compression techniques
    FSE 2005, LNCS 3557, pp. 196-214, Springer, 2006.

  113. Nicolas Courtois:
    Algebraic Attacks on Combiners with Memory and Several Outputs,
    In ICISC 2004, LNCS, Springer.
    The extended and recently updated version of this paper is available at

  114. Nicolas Courtois
    , Feistel Schemes and
    Bi-Linear Cryptanalysis
    , In Crypto 2004, LNCS 3152, pp.
    23-40, Springer. The extended version is available at
  115. Nicolas Courtois,
    The Inverse S-box and Two Paradoxes of Whitening,
    Presented at the Rump Session of Crypto 2004. Here is
    the long, very much extended version of the slides
  116. Jiun-Ming Chen, Nicolas Courtois and Bo-Yin Yang:
    On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic
    In ICICS’04, LNCS 3269, pp. 401-413, Springer, 2004.
  117. Nicolas Courtois,
    Short Signatures, Provable Security, Generic Attacks and Computational Security of Multivariate Polynomial Schemes such as HFE, Quartz and Sflash,
    draft, eprint 2004/143.
  118. Nicolas Courtois,
    The Inverse S-box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers, in
    AES 4 Conference
    , Bonn May 10-12 2004, LNCS 3373, pp. 170-188, Springer.
    Available for Springer subscribers.
    Full version is available here.
  119. Nicolas Courtois,
    General Principles of Algebraic Attacks and New Design Criteria for Components of Symmetric Ciphers.
    Invited talk, AES 4 Conference,
    Bonn, 10-12 May 2004, LNCS 3373, pp. 67-83, Springer.
    Available for Springer subscribers.
    Full version is available here.
  120. Nicolas Courtois, Louis Goubin and Jacques Patarin:
    SFLASHv3, a  fast asymmetric signature scheme
    available on
    This paper specifies the new
    version of Sflash. The previous version is no longer recommended.
    Sflash-v3 should remain the fastest signature scheme known and can only be
    rivalled by NTRU.
  121. Nicolas Courtois:
    Algebraic Attacks over GF(2^k), Application to HFE Challenge 2 and Sflash-v2.
    PKC 2004, LNCS, Springer.
    Warning: all numeric complexity estimates of this paper are out of date.
  122. Nicolas Courtois,
    Guilhem Castagnos and Louis Goubin:
    What do
    DES S-boxes Say to Each Other ?

    Available on
    This paper exhibits some structure in the DES S-boxes.
    It also introduces a new type of algebraic attack on block ciphers.

  123. Nicolas Courtois:
    Fast Algebraic Attacks on Stream Ciphers with Linear Feedback.

    Crypto 2003, August 17-21 2003, LNCS 2729, pp. 177-194, Springer.

  124. Nicolas Courtois, Willi Meier:
    Algebraic Attacks on Stream Ciphers with Linear
    Eurocrypt 2003, LNCS 2656, pp. 345-359,
    IMPORTANT: Here is  
    the long extended version of the paper
    and here are
    EXTENDED SLIDES from 2005 with a lot of added material
  125. Nicolas Courtois,
    Robert T. Johnson, Pascal Junod, Thomas Pornin and Michael Scott:
    Did Filiol Break AES ?
    Available at
    . See also
    this page
  126. Nicolas CourtoisJacques Patarin:
    About the XL Algorithm over GF(2)
    in Cryptographers’Track RSA 2003,
    April 13-17, San Francisco, LNCS 2612, pages 141-157, Springer.
  127. Nicolas Courtois:
    Higher Order Correlation Attacks, XL algorithm,
    and Cryptanalysis of Toyocrypt.

    In ICISC 2002,  November 28-29, 2002, Seoul, Korea,
    LNCS 2587, pp. 182-199, Springer.
  128. See also my(older)  web page page about algebraic attacks on stream ciphers.
  129. Nicolas Courtois, Josef Pieprzyk:
    Cryptanalysis of Block Ciphers with Overdefined Systems of Equations; (or
    the XSL attack on block ciphers), in Asiacrypt 2002, LNCS 2501, pp.267-287,
    A DIFFERENT VERSION of this paper with two different versions of the XSL attack are available on
  130. Here is my AES / Rijndael page with the latest news about algebraic attacks on AES.
    This page is frequently updated.
  131. An article entitled Comment Tout Dire Sans Rien Révéler, published special issue of the
    French magazine Pour La Science (French edition of Scientific American),
    available everywhere in France in July-October 2002.
  132. Nicolas Courtois, Magnus Daum and Patrick Felke:
    On the Security of HFE, HFEv- and Quartz,
    In PKC 2003, LNCS 2567, Springer, pp. 337-350.
    An extended
    version can be found on eprint.
  133. Mehdi-Laurent Akkar, Nicolas Courtois,  Louis Goubin, Romain Duteuil,
    A Fast and Secure Implementation of Slash,
    In PKC 2003, LNCS 2567, Springer, pp. 267-278.
    See also the Sflash web page.
  134. Nicolas Courtois:
    Generic Attacks and the Security of Quartz,
    PKC 2003, LLNCS 2567, Springer, pp. 351-364. A preliminary
    version has been presented at the second Nessie workshop, September 13th 2001,
    Royal Holloway, University of London.
    Download the extended version of the paper
    download my PKC presentation.
  135. Nicolas CourtoisLouis Goubin, Willi Meier, Jean-Daniel Tacier:
    Solving Underdefined Systems of Multivariate Quadratic Equations;
    PKC 2002, Paris, February 2002, LNCS 2274, pp. 211-227, Springer.
  136. Nicolas Courtois:
    The security of cryptographic primitives based on multivariate algebraic problems: MQ, MinRank, IP, HFE.
    PhD thesis, Paris 6 university, September 25th 2001, in French, under the direction of Sami
    . The PhD thesis is available here.
    And here are slides from my PhD defense.
  137. Nicolas CourtoisMatthieu Finiasz and Nicolas Sendrier:
    How to achieve a McEliece-based Digital Signature Scheme.
    Here is full version, it was published in Asiacrypt 2001, LNCS 2248, Springer, pp. 157-174.
    An early version was published at eprint, and even earlier as Inria rapport de recherche 4118, February 2001. Here are the slides presented at the rump session of Crypto 2001.
    Check also the homepage of McEliece signature scheme.
  138. Nicolas Courtois:
    Efficient Zero-knowledge authentication based on a linear algebra problem MinRank.
    Presented at Asiacrypt 2001, LNCS 2248, Springer, pp. 402-421.
    The full paper is available at the iacr server, download directly the ps/pdf file.
    Here is the presentation from Asiacrypt 2001
    A preliminary version was presented at the Rump Session of Crypto 2000 and also at the
    PKC&CNT conference
    . This paper also contains a Ring Signature scheme.
    A slide showing some difficult problems and reductions known in multivariate cryptography.
  139. Nicolas Courtois:
    The Security of Hidden Field Equations (HFE),
    Cryptographers’ Track Rsa Conference 2001
    LNCS 2020, pp. 266-281, Springer-Verlag.
    Donwload the paper hfesec.dvi / / hfesec.pdf.
    The slides on HFE security from RSA2001:
    / / hfesecsl.pdf.Comments: This paper describes a subexponential attack on HFE and is the best
    attack ever found on HFE and HFE Challenge
    At Crypto 2003 Joux and Faugère will explain why this attack works and improve it slightly.
    See also the “official” HFE cryptosystem home page.
  140. Nicolas CourtoisLouis Goubin and Jacques Patarin:
    Quartz, 128-bit long digital signatures, submitted to
    Nessie European Call for Primitives
    , and also published in
    Cryptographers’ Track Rsa Conference 2001
    , LNCS
    2020, pp.282-297, Springer-Verlag.
    The official homepage for Quartz.
  141. Nicolas CourtoisLouis Goubin and Jacques Patarin: Flash, a fast multivariate
    signature algorithm
    , submitted to
    Nessie European Call for Primitives
    , and also published in
    Cryptographers’ Track Rsa Conference 2001
    , LNCS 2020, pp. 298-307, Springer.
    The official homepages for Flash/Sflash.
  142. Nicolas Courtois:
    On multivariate signature-only public key cryptosystems,
    paper available at
  143. My talk Hfe and MinRank
    at the PKC&CNT conference.
  144. Nicolas Courtois and Louis Goubin:
    The Cryptanalysis of TTM
    In Asiacrypt’2000, LNCS 1976, Springer, pp.44-57.
    Slides from Asiacrypt 2000 talk on the cryptanalysis of TTM.
  145. web page about TTM.
  146. My talk from the Enigma 2000 conference (in Polish),
    Nicolas Courtois:
    Algorytm klucza publicznego HFE
    , corrected and extended,
  147. An intoduction to multivariate cryptography, (in Polish), presented
    also at the Enigma 2000 conference (in Polish),
    Nicolas CourtoisKryptografia Wielu Zmiennych, corrected and extended
  148. Nicolas Courtois, Alexander Klimov,  Jacques Patarin, and Adi Shamir:
    Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial
    , Eurocrypt 2000,
    LNCS 1807, Springer, pp. 392-407.
    The extended version of the paper is available here.
    Here are slides from my talk at Eurocrypt 2000
    (but does not include 2 slides I made by hand).
  149. Mes transparents (en français) sur HFE et polynômes multivariables (Batz-sur-Mer, 1er Juin
    1999). Corrigé.
  150. English-French-Polish cryptology dictionary.
  151. Nicolas CourtoisLouis Goubin and Jacques Patarin:
    C*-+ and HM – Variations around two schemes of T. Matsumoto and H. Imai;
    Asiacrypt’ 98
    , Springer, pp.35-49.
    Here is the extended version of the paper dvi / ps / pdf.
  152. Nicolas CourtoisLouis Goubin and Jacques Patarin:
    Improved Algorithms for Isomorphism of Polynomials.
    , Springer, pp.184-200.
    Here isthe extended version of the paper as a  dvi/ ps or pdf file.
    Here are slides from my talk at Eurocrypt’98.
  153. Nicolas Courtois:
    Extensive study of Isomorphism of Polynomials
    and Asymmetric Cryptography
    Download it’s abstract  (English/French).
    Or the whole work in French (quite out of date now).
  154. Nicolas Courtois: Article Metoda Hylemorficzna
    presented at VIth Philosophical Symposium, Toruñ, Poland, September 7th 1995.
  155. Nicolas Courtois:
    Report on the cryptanalysis of the HARALIA cryptosystem (1995).
    You can download it’s abstract (English/French) and introduction (in French).
  156. Nicolas Courtois:
    A student project about Quantum teleportation (EPR pairs) – scanned bad quality
    in french and quite out of date (1993).
  157. A short note about protecting radio communications from eavesdropping,
    published in the “Pomysly” of the popular Polish magazine “Mlody Technik”, in the early 80s.

Leave a Reply

Your email address will not be published. Required fields are marked *