Cryptography: Cryptanalytic Attacks Examples

 

Known Ciphertext Attack

Example:

• Eve steals a bunch of ciphertexts from Alice's handbag, but has no idea what they mean.

Known Plaintext Attack

Example:

• Eve overhears an encrypted communication from Bob to Alice, and later observes them meeting at Baker Street - Eve can now guess that the communication contained the word "baker street" somewhere, a form of known plaintext attack.

Chosen Plaintext Attack

Example:

• A poorly designed file storage system uses the same key to encrypt everyone's files, and lets anyone see anyone's files (in encrypted form). Eve knows Bob uses the service, she registers as well and starts encrypting arbitrary files (which she can choose) and looks at the resulting ciphertext. From this she obtains the service's encryption key, and decrypts Bob's stuff.

 
 
Chosen Ciphertext Attack

Example:

• Eve breaks into Bob's house while he is sleeping, and replaces the ciphertext he was going to send to Alice tomorrow with a new one of her choosing. She then eavesdrops on their communications (encrypted or not) the next day to try and work out what Alice read when she decrypted the fake ciphertext (variants of this involve Eve not just creating a new ciphertext, but modifying the existing one slightly).

Cryptography: Cryptanalytic Attacks

•Ciphertext only attack

–In this method, the attacker has access to a set of ciphertext(s). One ciphertext or many?

–He does not have access to corresponding plaintext.

–COA is said to be successful when the corresponding plaintext can be determined from a given set of ciphertext.

–Occasionally, the encryption key can be determined from this attack.

–Modern cryptosystems are guarded against ciphertext-only attacks.

 

•Known plaintext attack

–In this method, the attacker knows the plaintext for some parts of the ciphertext.

–The task is to decrypt the rest of the ciphertext using this information.

–This may be done by determining the key or via some other method.

–Let’s say for example that Alice sends Bob a message everyday starting with “hello” messages…. If Darth analyzes those ciphertext to get the message.

 

•Chosen plaintext attack

–In this method, the attacker has the text of his choice encrypted.

–So he has the ciphertext-plaintext pair of his choice.

–This simplifies his task of determining the encryption key.

–A popular public key cryptosystem, RSA is also vulnerable to chosen-plaintext attacks.

–Chosen-plaintext attacks were used by Allied cryptanalysts in World War II for breaking of Enigma ciphers.

 

•Chosen ciphertext attack

–A cryptanalyst can analyze chosen ciphertexts together with corresponding plaintexts. His goal is to acquire a secret key or to get as many information about the attacked system, as possible.

–The attacker has capability to make the victim (who knows the secret key) decrypt a selected ciphertext and send him the result. Analyzing the chosen ciphertext and corresponding received plaintext, the intruder tries to guess the secret key which was used by the victim.

–Chosen-ciphertext attacks are usually used for breaking systems with public key encryption. For example, early versions of RSA cipher were vulnerable to such attacks. They are used less often for attacking systems protected by symmetric ciphers. Some self-synchronizing stream ciphers were attacked in that way.

 

Types of Attacks	Known to Cryptanalyst
Ciphertext Only	·Encryption algorithm ·Ciphertext
Known Plaintext	·Encryption algorithm ·Ciphertext ·One or more plaintext–ciphertext pairs formed with the secret key
Chosen Plaintext	·Encryption algorithm ·Ciphertext ·Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key

 

Types of Attacks	Known to Cryptanalyst
Chosen Ciphertext	·Encryption algorithm ·Ciphertext ·Ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key
Chosen Text	·Encryption algorithm ·Ciphertext ·Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext generated with the secret key ·Ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

•Chosen text attack
–This is a combination of Chosen plaintext attack and chosen ciphertext attack

Cryptography: Why do we Attack an Encryption System? What are its Approaches?

• 
  
  Typically, the objective of attacking an encryption system is to recover the key in use rather than simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a conventional encryption scheme: 
  •Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext–ciphertext pairs.
  •This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
  •Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
  On average, half of all possible keys must be tried to achieve success.