The known-plaintext attack (KPA) is an attack model for

cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic se ...

where the attacker has access to both the

plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...

(called a crib) and its encrypted version (

ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...

). These can be used to reveal secret keys and

code book A codebook is a type of document used for gathering and storing cryptography codes. Originally, codebooks were often literally , but today "codebook" is a byword for the complete record of a series of codes, regardless of physical format. Cr ...

s. The term "crib" originated at

Bletchley Park Bletchley Park is an English country house and Bletchley Park estate, estate in Bletchley, Milton Keynes (Buckinghamshire), that became the principal centre of Allies of World War II, Allied World War II cryptography, code-breaking during the S ...

, the British

World War II World War II or the Second World War (1 September 1939 – 2 September 1945) was a World war, global conflict between two coalitions: the Allies of World War II, Allies and the Axis powers. World War II by country, Nearly all of the wo ...

decryption operation, where it was defined as:

History

The usage "crib" was adapted from a

slang A slang is a vocabulary (words, phrases, and linguistic usages) of an informal register, common in everyday conversation but avoided in formal writing and speech. It also often refers to the language exclusively used by the members of pa ...

term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlinear

translation Translation is the communication of the semantics, meaning of a #Source and target languages, source-language text by means of an Dynamic and formal equivalence, equivalent #Source and target languages, target-language text. The English la ...

of a foreign-language text—usually a

Latin Latin ( or ) is a classical language belonging to the Italic languages, Italic branch of the Indo-European languages. Latin was originally spoken by the Latins (Italic tribe), Latins in Latium (now known as Lazio), the lower Tiber area aroun ...

Greek Greek may refer to: Anything of, from, or related to Greece, a country in Southern Europe: *Greeks, an ethnic group *Greek language, a branch of the Indo-European language family **Proto-Greek language, the assumed last common ancestor of all kno ...

text—that students might be assigned to translate from the original language. The idea behind a crib is that cryptologists were looking at incomprehensible

, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect. In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. The

team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the word ''Wetter'' (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in the

Qattara Depression The Qattara Depression () is a depression (geology), depression in northwestern Egypt, specifically in the Matruh Governorate. The depression is part of the Western Desert (Egypt), Western Desert of Egypt. The Qattara Depression lies below sea ...

consistently reported that he had nothing to report. ''"Heil Hitler,"'' occurring at the end of a message, is another well-known example. At Bletchley Park in

, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the

Royal Air Force The Royal Air Force (RAF) is the Air force, air and space force of the United Kingdom, British Overseas Territories and Crown Dependencies. It was formed towards the end of the World War I, First World War on 1 April 1918, on the merger of t ...

to "seed" a particular area in the

North Sea The North Sea lies between Great Britain, Denmark, Norway, Germany, the Netherlands, Belgium, and France. A sea on the European continental shelf, it connects to the Atlantic Ocean through the English Channel in the south and the Norwegian Se ...

with mines (a process that came to be known as

gardening Gardening is the process of growing plants for their vegetables, fruits, flowers, herbs, and appearances within a designated space. Gardens fulfill a wide assortment of purposes, notably the production of Aesthetics, aesthetically pleasing area ...

, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines. The Germans themselves could be very accommodating in this regard. Whenever any of the turned German Double-Cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin. When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out,

Alan Turing Alan Mathison Turing (; 23 June 1912 – 7 June 1954) was an English mathematician, computer scientist, logician, cryptanalyst, philosopher and theoretical biologist. He was highly influential in the development of theoretical computer ...

reviewed decrypted messages and determined that the number "''eins''" ("one") was the most common string in the plaintext ( Benford's law). He automated the crib process, creating the ''Eins Catalogue'', which assumed that "''eins''" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma. The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX").

Marian Rejewski Marian Adam Rejewski (; 16 August 1905 – 13 February 1980) was a Polish people, Polish mathematician and Cryptography, cryptologist who in late 1932 reconstructed the sight-unseen German military Enigma machine, Enigma cipher machine, aided ...

, "Summary of Our Methods for Reconstructing ENIGMA and Reconstructing Daily Keys, and of German Efforts to Frustrate Those Methods," Appendix C to Władysław Kozaczuk, ''Enigma'', 1984, pp. 243–44. The United States and Britain used one-time tape systems, such as the 5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one-time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, including cutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in an infamous incident during World War II when the nonsense padding " the world wonders" was not nonsensical enough and was misinterpreted as part of the actual message, leading American admiral William Halsey Jr. to change his plans. The KL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack.A History of U.S. Communications Security; the David G. Boak Lectures
National Security Agency (NSA), Volumes I, 1973, partially released 2008, additional portions declassified October 14, 2015, Quote: The KL-7 "was our first machine designed to serve very large nets which could stand matched plain and cipher text. For the first time, the man in the cryptocenter could take a message and simply type it into the machine as written, without changing the spacing between words, or cutting the message in half and sending the last part first. and without having to paraphrase the message text before it was released." Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs.

Notes

References

* Władysław Kozaczuk, ''Enigma: How the German Machine Cipher Was Broken, and How It Was Read by the Allies in World War Two'', edited and translated by Christopher Kasparek, Frederick, MD, University Publications of America, 1984, . *

History

See also

Notes

References