Cryptography Reference
In-Depth Information
everything boils down to a plaintext attack. Such an attack is always based on a
ciphering error. Good cryptographers use a different plaintext for each method.
Later in this topic, we will discuss the
chosen-ciphertext attack
, which plays
a role with digital signatures. The attacker deliberately introduces a certain
ciphertext and gains access to the 'plaintext' generated from that ciphertext.
The attacker can use this information to calculate other plaintexts, and the code
writer is unable to prove the attack (see Section 4.5.3).
Yet another method is the
chosen-key attack
, which will be discussed in
Section 4.4.3. With this type of attack, the attacker exploits known relation-
ships between unknown keys. For example, he might know in what bits the
keys differ. Using each of these keys, an attacker encrypts the same plaintext
and then studies the results, and finally reconstructs the original key.
Of course, there are many other 'methods' to get hold of a key: vulnerabilities
in the security system, extortion, keyword guessing, and many more. The first
two methods (i.e., ciphertext-only attack and known-plaintext attack) play the
major roles in this topic, because using them means the smallest risk for the
attacker's cryptanalysis, while the code writer runs the risk of being totally
compromised.
Every Cryptographer Has to Be a Good Cryptanalyst
Every cryptographer's aim is naturally to design an algorithm that won't supply
any practically usable results when cryptanalyzed. This doesn't necessarily
mean that it can't be cryptanalyzed at all. It normally means that it would take
too long (the encrypted information might become worthless in the meantime),
or that it would be too costly to justify the value of the information.
For instance, the encryption methods used at the fronts in World War I had
been estimated by the cryptologists to require at least one day's work for the
adversary to recover the plaintext. After one day, the encrypted commands
had become worthless — the shells had long hit by that time. The catch in the
matter could only have been that the adversary deciphered faster than expected
[BauerMM].
Both the time and the cost of a cryptanalysis have to be in a reasonable rela-
tionship to its result. Hardly anyone would buy a supercomputer to write a love
letter.
Unfortunately, there is no recipe for designing good encryption algorithms.
The one-time pad (Section 2.6) is the only method that is theoretically secure
