HOME

TheInfoList



Click Here for Items Related To - Ciphertext-only
OR:
Ciphertext-only on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
, a ciphertext-only attack (COA) or known ciphertext attack is an
attack model In cryptanalysis, attack models or attack types are a classification of cryptographic attacks specifying the kind of access a cryptanalyst has to a system under attack when attempting to "break" an encrypted message (also known as ''ciphertext'') g ...
for cryptanalysis where the attacker is assumed to have access only to a set of
ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...
s. While the attacker has no channel providing access to the plaintext prior to encryption, in all practical ciphertext-only attacks, the attacker still has some knowledge of the plaintext. For instance, the attacker might know the language in which the plaintext is written or the expected statistical distribution of characters in the plaintext. Standard protocol data and messages are commonly part of the plaintext in many deployed systems and can usually be guessed or known efficiently as part of a ciphertext-only attack on these systems.


Attack

The attack is completely successful if the corresponding
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of com ...
s can be deduced, or even better, the key. The ability to obtain any information at all about the underlying plaintext beyond what was pre-known to the attacker is still considered a success. For example, if an adversary is sending ciphertext continuously to maintain traffic-flow security, it would be very useful to be able to distinguish real messages from nulls. Even making an informed guess of the existence of real messages would facilitate
traffic analysis Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, it can be performed even when the messages are encrypted. In general, the greater the number of messages observed ...
. In the
history of cryptography Cryptography, the use of codes and ciphers to protect secrets, began thousands of years ago. Until recent decades, it has been the story of what might be called classical cryptography — that is, of methods of encryption that use pen and paper, ...
, early ciphers, implemented using pen-and-paper, were routinely broken using ciphertexts alone. Cryptographers developed statistical techniques for attacking ciphertext, such as
frequency analysis In cryptanalysis, frequency analysis (also known as counting letters) is the study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers. Frequency analysis is based on ...
. Mechanical encryption devices such as Enigma made these attacks much more difficult (although, historically, Polish cryptographers were able to mount a successful ciphertext-only
cryptanalysis of the Enigma Cryptanalysis of the Enigma ciphering system enabled the western Allies in World War II to read substantial amounts of Morse-coded radio communications of the Axis powers that had been enciphered using Enigma machines. This yielded military ...
by exploiting an insecure protocol for indicating the message settings). More advanced ciphertext-only attacks on the Enigma were mounted in
Bletchley Park Bletchley Park is an English country house and estate in Bletchley, Milton Keynes (Buckinghamshire) that became the principal centre of Allied code-breaking during the Second World War. The mansion was constructed during the years following ...
during
World War II World War II or the Second World War, often abbreviated as WWII or WW2, was a world war that lasted from 1939 to 1945. It involved the World War II by country, vast majority of the world's countries—including all of the great power ...
, by intelligently guessing plaintexts corresponding to intercepted ciphertexts.


Modern

Every modern
cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...
attempts to provide protection against ciphertext-only attacks. The vetting process for a new cipher design standard usually takes many years and includes exhaustive testing of large quantities of ciphertext for any statistical departure from random noise. ''See:''
Advanced Encryption Standard process The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more ...
. Also, the field of
steganography Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, ...
evolved, in part, to develop methods like mimic functions that allow one piece of data to adopt the statistical profile of another. Nonetheless poor cipher usage or reliance on home-grown proprietary algorithms that have not been subject to thorough scrutiny has resulted in many computer-age encryption systems that are still subject to ciphertext-only attack. Examples include:


Examples

*Early versions of
Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
's
PPTP The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues. PPTP uses a TCP control channel and a Generic Routing Encapsulation tunnel to encapsulate P ...
virtual private network software used the same RC4 key for the sender and the receiver (later versions had other problems). In any case where a stream cipher like RC4 is used twice with the same key it is open to ciphertext-only attack. ''See:''
stream cipher attack Stream ciphers, where plaintext bits are combined with a cipher bit stream by an exclusive-or operation (xor), can be very secure if used properly. However, they are vulnerable to attacks if certain precautions are not followed: *keys must never ...
*
Wired Equivalent Privacy Wired Equivalent Privacy (WEP) was a security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional ...
(WEP), the first security protocol for
Wi-Fi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio w ...
, proved vulnerable to several attacks, most of them ciphertext-only. * GSM's
A5/1 A5/1 is a stream cipher used to provide over-the-air communication privacy in the GSM cellular telephone standard. It is one of several implementations of the A5 security protocol. It was initially kept secret, but became public knowledge through l ...
and A5/2 * Some modern cipher designs have later been shown to be vulnerable to ciphertext-only attacks. For example,
Akelarre ''Akelarre'' is the Basque term meaning Witches' Sabbath (the place where witches hold their meetings). ''Akerra'' means male goat in the Basque language. Witches' sabbaths were envisioned as presided over by a goat. The word has been loaned t ...
. * A cipher whose key space is too small is subject to
brute force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the corr ...
with access to nothing but ciphertext by simply trying all possible keys. All that is needed is some way to distinguish valid plaintext from random noise, which is easily done for natural languages when the ciphertext is longer than the unicity distance. One example is DES, which only has 56-bit keys. All too common current examples are commercial security products that derive keys for otherwise impregnable ciphers like
AES AES may refer to: Businesses and organizations Companies * AES Corporation, an American electricity company * AES Data, former owner of Daisy Systems Holland * AES Eletropaulo, a former Brazilian electricity company * AES Andes, formerly AES Gener ...
from a user-selected
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
. Since users rarely employ passwords with anything close to the entropy of the cipher's key space, such systems are often quite easy to break in practice using only ciphertext. The 40-bit CSS cipher used to encrypt DVD video discs can always be broken with this method, as all that is needed is to look for
MPEG-2 MPEG-2 (a.k.a. H.222/H.262 as was defined by the ITU) is a standard for "the generic coding of moving pictures and associated audio information". It describes a combination of lossy video compression and lossy audio data compression methods, w ...
video data.


References

*
Alex Biryukov Alex Biryukov is a cryptographer, currently a full professor at the University of Luxembourg. His notable work includes the design of the stream cipher LEX, as well as the cryptanalysis of numerous cryptographic primitives. In 1998, he developed ...
and Eyal Kushilevitz, From Differential Cryptanalysis to Ciphertext-Only Attacks,
CRYPTO Crypto commonly refers to: * Cryptocurrency, a type of digital currency secured by cryptography and decentralization * Cryptography, the practice and study of hiding information Crypto or Krypto may also refer to: Cryptography * Cryptanalysis ...
1998, pp72–88; Cryptographic attacks {{Attack models in cryptanalysis, state=expanded