next up previous
Up: Math 65S Home Page

Cryptoanalytic Attacks

Susan Landau, Sun Microsystems

Cryptoanalytic attacks fall into five general categories:

1.
Ciphertext-only attack. The cryptanalyst has the ciphertext of a message that has been encrypted using the algorithm.

Given: C1=Ek(P1), C2=Ek(P2), ..., Ci=Ek(Pi).

Deduce: P1, P2, ..., Pi or Pi+1 from Ek(Pi+1).

2.
Known-plaintext attack. The cryptanalyst not only has access to the ciphertext of a message but also its plaintext.

Given: P1, C1=Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi).

Deduce: k or an algorithm to determine Pi+1 from Ek(Pi+1).

3.
Chosen-plaintext attack. The cryptanalyst chooses the plaintext to encrypt.

Given: P1, C1=Ek(P1), P2, C2=Ek(P2), ..., Pi, Ci=Ek(Pi), where the cryptanalyst chooses P1, P2, ..., Pi.

Deduce: k or an algorithm to determine Pi+1 from Ek(Pi+1).

4.
Adaptive chosen-plaintext. A variation on the above, where the chosen plaintext Pj+1 is based on previous information gained from C1, ..., Cj.

5.
Chosen-ciphertext attack. Cryptanalyst chooses a ciphertext to be decrypted, while having access to the decrypted plaintext.

Given: C1, P1=Dk(C1), C2, P2=Dk(C2), ..., Ci, Pi=Dk(Ci).

Deduce: k or an algorithm to determine Pi+1 from Ek(Pi+1).

[Note from JBH: in these descriptions Pj are plaintext messages, Cj are ciphertext messages, k is the key, Ek is the encryption algorithm (or method) using k, and Dk is the corresponding decryption algorithm. The descriptions need to be modified slightly for a public-key, rather than symmetric, system.]

About this document ...

Cryptoanalytic Attacks

This document was generated using the LaTeX2HTML translator Version 97.1 (release) (July 13th, 1997)

Copyright © 1993, 1994, 1995, 1996, 1997, Nikos Drakos, Computer Based Learning Unit, University of Leeds.

The command line arguments were:
latex2html -link 0 -split +0 attacks.

The translation was initiated by Joshua Holden on 9/14/2000

next up previous
Up: Math 65S Home Page
Joshua Holden
9/14/2000