Cryptanalytic Attacks

Cryptanalytic Attacks

There is an accepted terminology used to categorize the various possible types of cryptanalytic attacks. The following types of attacks are listed in order from hardest to easiest in terms of analytical difficulty, but from most likely to least likely in terms of the probability of the opportunity being presented to the attacker. This is not an exhaustive list, but it gives a basic overview of the most important types of attacks.

• Ciphertext -only attack: Attacker has only some randomly selected ciphertext.

• Known plaintext attack: Attacker has some randomly selected plaintext and corresponding ciphertext.

• Chosen plaintext attack: Attacker has some chosen plaintext and corresponding ciphertext.

• Chosen ciphertext attack: Attacker has some chosen ciphertext and the corresponding decrypted plaintext.

• Adaptive chosen plaintext attack: Attacker can determine the ciphertext of chosen plaintexts in an iterative manner building on previous calculations. This type of attack is also referred to as a differential cryptanalysis attack .

The ciphertext-only attack is the easiest opportunity to imagine. When you first begin your surveillance of messages between a sender and a receiver, you will not likely have much to go on beyond the encrypted packets being sent over the channel. Unfortunately, with so little information to go on, this is the most difficult attack. Then, perhaps over time, you learn about certain plaintext messages that have been encrypted, or perhaps you suspect that certain words or phrases are frequently contained in the plaintext. For example, many of the Nazi secret messages in the first part of World War II contained highly predictable text. This enables a known plaintext attack. The chosen plaintext attack seems a bit more difficult to establish, because you somehow must trick the sender into encrypting and sending a plaintext message that you, the attacker, have chosen. This would be possible if, for example, you pretended to be some trusted party, and you then sent your chosen plaintext message to the sender, convincing the sender to encrypt it and send it to a receiver. By carefully selecting the plaintext message, you can often improve the odds of recovering the key.

Of course, there are rather unsavory, nontechnical alternatives to these attacks, such as physical theft or simply bribing and/or threatening the key owner. Legalities, ethics, and morality aside, these alternatives have practical disadvantages, including the fact that the key owners (i.e., sender and receiver) and perhaps others will know that the key is compromised. This could elicit a change in key or even the transmission of intentionally misleading ciphertext messages. There is an enormous advantage in keeping a secret of the fact that you can crack a cipher.

As was mentioned earlier, a brute-force search attack is an exhaustive test of each possible key applied to the ciphertext. When applied to a ciphertext-only attack, the key space is searched until a plausible plaintext is obtained, in which case the success of the search is not entirely certain but often fairly reliable. If the corresponding plaintext is known, then the success of the search is completely certain by direct comparison with the known plaintext. Once the key has been obtained, all other ciphertext encrypted with that key can be easily decrypted.