Cryptography Reference
In-Depth Information
Ciphertext-only attack
: The key or plaintext is revealed exclusively by means
of the ciphertext. This method is the most difficult. If too little is known of
the rules of the ciphertext to be able to exploit them, only one obvious thing
remains: trying every possible key. This is called
brute-force attack
(exploiting
the key space; exhaustion method). Often, however, it is sufficient to try just a
few keys; but more about this later.
Known-plaintext attack
: Part of the plaintext is known in addition to the
ciphertext, and used to reveal the remaining plaintext, normally by means of
the key. This is perhaps the most important cryptanalytic method, because it is
much more powerful than a ciphertext-only attack and normally possible: the
attacker guesses certain words in the text; the beginning of the text is fixed;
known, uncritical plaintexts are encoded with the same key as confidential
plaintexts, etc.
Chosen-plaintext attack
: This is also a plaintext attack, except that the attacker
can choose the plaintext so that the attack becomes possible in the first place,
or will become easy. In this case, the cryptanalyst is active himself: he needs
a James Bond to deliberately introduce some text.
Adaptive-chosen-plaintext attack
: This is a repeated attack with selected
plaintext, where the plaintext deliberately introduced is selected dependent on
the current state of the cryptanalysis. Algorithms used in ciphering devices with
permanently burnt-in keys have to be resistant against this sharpest method.
So these are the methods commonly used, but not all conceivable ones. For
example, most textbooks don't mention the following method:
Ciphertext-ciphertext attack
: This is the method described in Section 2.5.2,
where the plaintext is encrypted with two different methods. The attacker can
exploit this in different ways. In general, a method is already broken so that
•
Using stereotype formulations (facilitating plaintext attacks).
•
Repeated sending of slightly changed plaintexts.
•
Inappropriate, foreseeable selection of keys.
•
Using pad characters (e.g., 'X' for blanks, or for padding the text at the end).
Figure 3.1:
Some common ciphering errors.
