Cryptography Reference
In-Depth Information
These are increasingly powerful attacks, since an attacker who can
choose
which
plaintext/ciphertext pairs to examine is clearly in a better position than an attacker
who can only see arbitrary plaintext/ciphertext pairs.
Our 'standard assumptions' do not clearly differentiate between known and
chosen-plaintext attacks, since this depends on whether the attacker can only see
plaintexts chosen by the sender or was able to select plaintexts for encryption.
It is safest to assume that an attacker has been able to choose the plaintexts for
which they know plaintext/ciphertext pairs. Most modern cryptosystems (and
all public-key cryptosystems) are thus designed to withstand chosen-plaintext
attacks.
While it will suffice for us to remember the three standard assumptions
about the knowledge of an attacker, it is worth recognising that cryptographic
researchers often have even more stringent assumptions about the possible attack
model. For example, in one strong theoretical model of security of a cryptosystem,
an attacker should not be able to tell the difference between ciphertext that
is produced using the cryptosystem and randomly generated data. While this
is a good property that any cryptosystem should aspire to, for many practical
applications it might be questionable whether it is strictly necessary to pass
this 'test'.
1.5.3
Knowledge of the encryption algorithm
As promised, we now consider the validity of the standard assumption that
an attacker knows the encryption algorithm. There tend to be two different
approaches to designing encryption algorithms, which result in most encryption
algorithms being classified as either:
publicly known algorithms
: the full details of the algorithmare in the public domain
and can be studied by anyone;
proprietary algorithms
: the details of the algorithmare only known by the designers
and perhaps a few selected parties.
In the case of publicly known encryption algorithms, an attacker knows the
encryption algorithm. In the case of proprietary encryption algorithms, an
attacker may well know the name of the encryption algorithm and certain basic
properties, but it is not intended that they know any of the details of how it
performs the encryption and decryption processes.
Note that the term 'proprietary' is often used in other contexts to describe
something that has an 'owner' (an individual or organisation) and may have
been patented, hence our use of this term is slightly unusual. It is possible for
a publicly known algorithm to be patented by an 'owner', and indeed there
are several high-profile examples. Further, it is not necessarily the case that a
proprietary algorithm has any patent issues, although its use will necessarily be
restricted.
