Cryptography Reference
In-Depth Information
cumbersome to use, it has the potential to make an exhaustive key search
much
more cumbersome to conduct. We give an example of a cryptographic
primitive that has been deliberately slowed down for this reason in Section 8.4.2.
Nonetheless, most applications tend to choose to maximise decryption speeds
in order to make the cryptography as 'seamless' as possible. Hence making sure
that the keys are sufficiently long is the only protection against an exhaustive key
search.
1.6.5
Classes of attack
Although we do not plan to discuss the details of many cryptanalytic attacks, it
is important to be aware of the types of attack that cryptosystems are commonly
subjected to. A simple classification of the most common classes of cryptanalytic
attack is as follows:
Generic attacks
. These are attacks that apply to a wide range of cryptographic
primitives and do not normally employ knowledge of the working of the
primitive itself. We have already discussed the most important member of
this class, the exhaustive key search. Other examples are:
•
Dictionary attacks
. This term is used in a number of different contexts, all of which
relate to attacks that involve compiling a type of 'dictionary'. For example:
- An attacker of a simple cryptosystem (for example, one using a block cipher in ECB
mode, see Section 4.6.1) with a fixed key might be able to build a dictionary which
consists of ciphertexts corresponding to plaintexts that the attacker has been able to
learn by some means. For example, if the plaintexts correspond to dates that an event
will occur on, the attacker will learn the plaintext when they later observe the event
occurring. When a future ciphertext is seen, the attacker looks up the dictionary in the
hope that the observed ciphertext is listed, in which case the attacker can read off the
corresponding plaintext.
- An attacker exploits a key derivation process (see Section 10.3.2) where keys are
derived from passwords. In this case the attacker compiles a dictionary of likely
passwords and then derives the resulting keys from them, which are then used in
an 'intelligent' exhaustive key search.
•
Time memory tradeoff attacks
. These are related to both exhaustive key searches
and dictionary attacks, and are based on balancing computational and memory
resources in attempts to determine decryption keys. For example:
- An attacker builds tables which consist of ciphertexts corresponding to specific
(commonly sent) plaintexts encrypted using a large number of keys. When a ciphertext
is seen that the attacker suspects may correspond to one of the commonly sent
plaintexts, the attacker looks up the tables in the hope that the observed ciphertext
is listed, in which case the attacker can then read off which key is likely to have been
used. The size of the tables that the attacker needs to store in memory can be traded
off against the time saved by table lookups.
