Cryptography Reference
In-Depth Information
1.4 Cryptographic Attack Models
From the viewpoint of cryptanalysis, there are four basic models [174, Page
26] of attacks. In these basic models, it is assumed that the attacker has access
to the details of the encryption and decryption algorithms.
1. Known Ciphertext Attack or Ciphertext-only attack: The attacker knows
the ciphertext of several messages encrypted with the same key or several
keys and his goal is to recover the plaintext of as many messages as
possible or to deduce the key (or keys).
2. Known Plaintext Attack: The attacker knows {ciphertext, plaintext}
pair for several messages and his goal is to deduce the key to decrypt
further messages.
3. Chosen Plaintext Attack: The attacker can choose the plaintext that
gets encrypted. This type of situation is possible, for example, when
the attacker has access to the encryption device for a limited time.
4. Chosen Ciphertext Attack: A decryption oracle is available to the at-
tacker and the attacker gets the plaintexts corresponding to a series of
ciphertexts of his choice. Based on this information, the attacker may
decrypt new ciphertexts or determine the secret key.
For stream ciphers, the above four attack models essentially boil down to
two distinct attacks, namely, the key recovery attack (retrieving the secret key
from the keystream) and the distinguishing attack (identifying a non-random
event in the keystream). We will discuss each of these in more detail in later
chapters.
The above attacks are all passive attacks, where the adversary only mon-
itors the communication channel. A passive attacker only threatens confi-
dentiality of data. There is another type of attack, called an active attack,
where the adversary attempts to alter or add or delete the transmissions on
the channel. An active attacker threatens data integrity and authentication
as well as confidentiality.
1.5 Cryptographic Security
The concept of cryptographic security is attributed to Kerckhoffs. Ker-
ckhoffs' Principle [82] states that the security of a cipher should rely on the
secrecy of the key only. It is assumed that the attacker knows every detail of
the cryptographic algorithm except the key. With this fundamental premise,
there exist several notions of cryptographic security [174, Page 45].
Search WWH ::




Custom Search