Cryptanalysis and brute-force attacks Flashcards
What are the typical objectives of attacking an encryption system?
- is not simply to recover the plaintext of a single ciphertext
- but to recover the key in use (so that all future and past messages encrypted with that key are compromised).
What is cryptanalysis?
- Attacks rely on nature of the algorithm plus perhaps some knowledge of general characteristics of the plaintext or even some sample plaintext-ciphertext pairs.
- Exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
What is brute-force attack?
- Attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained - assumes that plaintext is known ore recognisable.
- On average, half of all possible keys must be tried to achieve success.
- Its cost (heavily) depends on key size and on average, half of all possible keys must be tried to achieve success (greater key size -> more time to try out keys)
What are cryptanalytic attacks? What are some of the assumptions?
- ALWAYS ASSUME THAT THE ATTACKER KNOWS WHAT ALGORITHMS ARE BEING USED.
- Algorithms should be published so that their security can be evaluated.
- Contrasts with security by obscurity - extremely dangerous.
What is the model of attack? (the attacker adversary game model)
- Input: what the attacker knows from the start (input das). This could be the public key, the distribution of plaintext…
- Oracle: provides additional information to the attacker during the attack - more info that characterises the different types of attacks.
- Output: what the attacker is trying to obtain/ achieve, for example, the secret key/ private key, partial info about plaintext. If the attacker obtains what he wants - he wins the game
What are the different types of attacks?
- Ciphertext only
- Known plaintext
- Chosen plaintext
- Chosen ciphertext
- Chosen text
What is the ciphertext only attack?
- attacker knows: ciphertext C and the encryption algorithm E
- Given C1,….,Cn where C1 = Ek(M1)…. Cn = Ek(Mn)
- Deduce the messages M1,….,Mn or the algorithm/key to compute Mn+1 from Cn+1 (Decryption key) where Cn+1 = Ek(Mn+1)
What is the known plaintext attack?
- attacker knows: ciphertext, encryption algorithm and one or more plaintext-ciphertext pairs formed with the secret key.
- Given: M1, C1 = Ek(M1),…..,Mn, Cn = Ek(Mn)
- Deduce the inverse key/ decryption key or algorithm to compute Mn+1 from Cn+1 = Ek(Mn+1)
What is the chosen plaintext attack?
- attacker knows: ciphertext, encryption algorithm and they can choose M1,…Mn
- The attackers tests out messages Mi from M1,…Mn and observes the ciphertext C in order to deduce the key (goal)
What is the adaptive chosen plaintext attack?
- attacker not only chooses the plaintext but can also modify it based on the encryption results.
What is the chosen ciphertext attack?
- attacker knows: ciphertext, encryption algorithm, ciphertexts can be chosen by the attacker and these can be decrypted to get access to the decrypted plaintext.
- tries to recover key with this info
What is the chosen text attack?
- attacker knows: Encryption algorithm, ciphertext, plaintext message chosen, together with its corresponding ciphertext generated with the secret key and ciphertext chosen, together with its corresponding decrypted plaintext generated with the secret key.
How to build a definition for security? (going back to the adversary game)
- Specify an oracle (a type of attack) and the input data (what the attacker knows from the start)
- Define what the adversary needs to do to win the game, i.e., a condition on his output.
- The system is secure under the definition, if any efficient adversary (realistic computing power) wins the game with only negligible probability (very low).
What is unconditional security?
- System (algorithm) is secure even if attacker has unbounded computing power since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext.
- security is measured using information theory.
- ONE TIME PAD IS THE ONLY ENCRYPTION ALGO THAT IS UNCONDITIONALLY SECURE.
What is the criteria for unconditional security?
- Cost of breaking cipher exceeds value of encrypted information.
- Time required to break cipher exceeds useful lifetime of information.
Algorithm is COMPUTATIONALLY SECURE if either of these two criteria are met.