Cryptography Reference
In-Depth Information
5.7
WEAKNESSES OF THE BLOCK AFFINE CIPHER-KNOWN
PLAINTEXT ATTACK
This cipher, though not vulnerable to frequency analysis, is vulnerable to a different kind
of attack, called a known plaintext attack. This is when the cryptanalyst has both the cipher-
text and the corresponding plaintext for a particular message. (This is not so unlikely; one
plaintext message getting into enemy hands is good enough for this to work. We always
assume that the cryptanalyst has easy access to every ciphertext message.) Say the analyst
has ciphertext blocks
C
1
and
C
2
, and their corresponding plaintext blocks
P
1
and
P
2
. These
m
b
values are known, and it is only left to calculate
and
from the two congruences
)
C
2
mP
2
+
b
(mod
n
).
We assume that the block size, and hence the value of the modulus, is also known to the
cryptanalyst. (If not, it shouldn't be hard to figure out simply by trying different values.)
C
1
mP
1
+
b
(mod
n
E
XAMPLE
.
Suppose we use the message HOWDY DOO, as previously presented, with the
same values for the multiplier
= 23210025. Suppose someone
eavesdrops on our transmission and easily gets the ciphertext
m
= 21035433 and shift
b
08007496 20470469.
But somehow, through devious means he also gets the plaintext message
HOWDY DOO
or
07142203
24031414.
To obtain the values for
, he must simply solve the two congruences
8007496
7142203
m
+
b
(mod 25252526)
20470469
m
and
b
m
b
24031414
+
(mod 25252526)
for
. He subtracts the first congruence from the second to get
12462973
16889211
m
(mod 25252526)
which he can solve quickly to get
m
and
b
m
m
21035433 (mod 25252526). Replacing
in the first
congruence with 21035433, he gets
8007496
7142203
21035433 +
b
(mod 25252526),
which is then easily solved for
b
to yield
b
23210025 (mod 25252526).
Though a known plaintext attack may be thought unlikely, especially by egomaniacs
running a “secure” facility, it is dangerous to use block affine ciphers for this reason, even
Search WWH ::
Custom Search