Cryptography Reference
In-Depth Information
Chapter 5
General Cryptanalytic Methods
The previous chapters introduced block ciphers and several techniques for attacking them based solely on com-
promising the underlying mathematics. However, not all ciphers let their security rest solely on the difficulty of
computing certain mathematical operations, such as discrete logarithms and factoring; often ciphers are designed
with some of the discussed techniques, such as substitution-permutation networks, Feistel structures, and shift
registers.
In the following sections, I discuss various general techniques that can be used to attack ciphers of these types.
Here's a quick review of the various forms of attacks possible:
•
Ciphertext-Only Attack
— This method presumes the minimum amount of information for cryptanalys-
is: that we have intercepted an encrypted communication, and we wish to discover the plaintext and, if
possible, the key.
All modern cryptosystems are designed with at least this attack in mind: if a ciphertext-only attack were not
feasible, that would mean that the messages are sent over uncompromisable channels, so there would be no
need for the encryption!
•
Known-Plaintext Attack
— A known-plaintext attack dictates that we have obtained a ciphertext and
know the associated plaintext with it, and we wish to derive the key. A known-plaintext attack is still often
reasonable.
•
ProbablePlaintextAttack
—Thisisamorereasonable,butlessusefulcaseoftheknown-plaintextattack
in which certain plaintexts are more likely to be associated with a ciphertext. For example, if we intercep-
ted an encrypted e-mail message, then the first few characters could be fairly easy to guess: the from field,
the date and time sent, and so forth. Furthermore, if a message is known to be encoded in a scheme such
as ASCII, then certain bits of the message will be known, and many will appear more often than others.
•
Chosen-Plaintext Attack
— A chosen-plaintext attack is one of the least realistic, but often most power-
ful. It states that not only can we intercept an encrypted message, but also we have some degree of control
over what the plaintext message is for that. Chosen-plaintext attacks often rely on creating plaintexts with
certain properties with the hope of affecting some measurable change in the ciphertext to derive informa-
tion about the key.
•
Chosen-CiphertextAttack
— An extension to a chosen-plaintext attack is a chosen-ciphertext attack, that
is, one in which we can choose ciphertexts to be decrypted with a certain key. This kind of attack is the
leastrealistic, especially whencombinedwithachosen-plaintext attack(aswedoforoneofthelatermeth-
ods).
Search WWH ::
Custom Search