## Computer Security :: Lessons :: Cryptanalysis

### Cryptanalytic Attacks

A cryptanalytic attack uses the characteristics of an encryption algorithm and some known elements of the plaintext or ciphertext to attempt to determine the plaintext message or the secret key being used by the encryption algorithm. Listed below are the types of attacks possible given different elements of the encryption process.

Encryption Algorithm |
Secret Key |
Ciphertext | Plaintext | |
---|---|---|---|---|

Ciphertext Only | ||||

Know Plaintext | One or more plaintext-ciphertext pairs. | |||

Chosen Plaintext | Plaintext message chosen by cryptanalyst and its corresponding ciphertext. | |||

Chosen Ciphertext | Ciphertext message chosen by cryptanalyst and its corresponding plaintext. | |||

Chosen Text | Ciphertext and ciphertext messages chosen by cryptanalyst and their corresponding plaintext/ciphertext. |

A ciphertext only attack can be most encryption algorithms. Only weak algorithms can lead to a successful ciphertext only attack. Most encryption algorithms are also built to withstand a known plaintext attack where the attack will know certain patterns of plaintext that will appear in the message. For example, if the file encrypted is an HTML page, the attack may know certain elements of the HTML tags that must be present in the plaintext, which can help lead to a decryption of the ciphertext.

All of the other attack types, chosen plaintext, chosen ciphertext, and chosen text, require that the attacker have access to the encryption system so they can choose messages to encrypt or decrypt in an attempt to deduce the secret key. An encryption scheme is computationally secure if the cost of breaking the cipher exceeds the worth of the information that is encrypted or the time to break the cipher exceeds the time that the encrypted information will be useful.

An encryption system is unconditionally secure if there is not enough information in the ciphertext to determine the corresponding plaintext. A one-time pad is the only encryption scheme that is known to be unconditionally secure. A one-time pad generates a random key with the same length as the plaintext message. This results in ciphertexts that can produce different valid plaintexts given different keys. This makes a one-time pad scheme unbreakable, but it is impractical to use in many situations since it requires random keys that are then discarded and key distribution must be done over a highly-secure environment. The video below is a quick example of how a one-time pad works.

### Brute-Force Attacks

A brute-force attack tries every possible secret key until a decryption of the ciphertext is generated. On average this will take X/2 tries if there are X possible secret keys. A brute-force attack is more difficult than just trying all of the possible secret keys, however. The program being used to attempt a brute-force attack must be able to recognize when it has generated valid plaintext. If the plaintext is in a specific language such English then the process of recognizing the plaintext can be automated, but if the plaintext represents some other type of data, especially if that data is compressed, then a brute-force attack can be infinitely more difficult. For a brute-force attack to be successful some knowledge of the expected plaintext may be necessary.

The video below is a quick example of a brute-force attack on a password-protected Microsoft Word document.