Known-plaintext attack

Known-plaintext attack

The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has samples of both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal further secret information such as secret keys and code books. The term "crib" originated at Bletchley Park, the British World War II decryption operation.[1][2]

Contents

History

The usage "crib" was adapted from a slang term referring to cheating—thus, "I cribbed my answer from your test paper." A "crib" originally was a literal or interlinear translation of a foreign-language text — usually a Latin or Greek text — that students might be assigned to translate from the original language.

The idea behind a crib is that cryptologists were looking at incomprehensible ciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge"—a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message, to good effect.

In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system, and understood the possible problem of cribs. The day-to-day trench operators, on the other hand, were less careful. The Bletchley Park team would guess some of the plaintext based upon when the message was sent. For instance, a daily weather report was transmitted by the Germans, at the same time every day. Due to the regimented style of military reports, it would contain the word Wetter (German for "weather") at the same location in every message, and knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well. Another example was an officer in the Africa Corps who helped greatly by constantly sending: “Nothing to report.” Other operators too would send standard salutations or introductions.

At Bletchley Park in World War II, strenuous efforts were made to use and even force the Germans to produce messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to “seed” a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area, or the harbour threatened by the mines.

When a captured German revealed under interrogation, that Enigma operators had been instructed to encode numbers by spelling them out. Alan Turing reviewed decrypted messages, and determined that the number “eins” ("1") appeared in 90% of messages. He automated the crib process, creating the Eins Catalogue, which assumed that “eins” was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma.

The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "ANX" — German for "To," followed by "X" as a spacer.)[3]

Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs.

Present day

Modern ciphers such as Advanced Encryption Standard are not currently susceptible to known-plaintext attacks.

Encrypted file archives such as ZIP are prone to this attack.[citation needed] For example, an attacker with an encrypted ZIP file needs only (part of) one unencrypted file from the archive which forms the "known-plaintext".[4][5] Then using some publicly available software they can quickly calculate the key required to decrypt the entire archive. To obtain this unencrypted file the attacker could search the website for a suitable file, find it from another archive they can open, or manually try to reconstruct a plaintext file armed with the knowledge of the filename from the encrypted archive.

See also

Notes

  1. ^ Gordon Welchman, The Hut Six Story: Breaking the Enigma Codes, p. 78.
  2. ^ Michael Smith, "How It Began: Bletchley Park Goes to War," in B. Jack Copeland, ed., Colossus: The Secrets of Bletchley Park's Codebreaking Computers.
  3. ^ Marian Rejewski, "Summary of Our Methods for Reconstructing ENIGMA and Reconstructing Daily Keys, and of German Efforts to Frustrate Those Methods," Appendix C to Władysław Kozaczuk, Enigma, 1984, pp. 243–44.
  4. ^ Biham, Eli; Kocher, Paul (1994), "A Known Plaintext Attack on the PKZIP Stream Cipher", in Preneel, Bart, Fast Software Encryption, Lecture Notes in Computer Science, 1008, 1995, pp. 144–153, doi:10.1007/3-540-60590-8_12 
  5. ^ Stay, Michael (2002), "ZIP Attacks with Reduced Known", in Matsui, Mitsuru, Fast Software Encryption, Lecture Notes in Computer Science, 2355, pp. 411–429, doi:10.1007/3-540-45473-X_10 

References

  • Władysław Kozaczuk, Enigma: How the German Machine Cipher Was Broken, and How It Was Read by the Allies in World War Two, edited and translated by Christopher Kasparek, Frederick, MD, University Publications of America, 1984, ISBN 0-89093-547-5.
  • Marian Rejewski, "Summary of Our Methods for Reconstructing ENIGMA and Reconstructing Daily Keys, and of German Efforts to Frustrate Those Methods," Appendix C to Władysław Kozaczuk, Enigma, 1984, pp. 241–45.
  • Welchman, Gordon (1982), The Hut Six Story: Breaking the Enigma Codes, Harmondsworth: Allen Lane, ISBN 0713912944 
  • Smith, Michael (2006), "How It Began: Bletchley Park Goes to War", in Copeland, B. Jack, Colossus: The Secrets of Bletchley Park's Codebreaking Computers, Oxford: Oxford University Press, ISBN 978-0-19-284055-4 

Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Chosen-plaintext attack — A chosen plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. The goal of the attack is to gain… …   Wikipedia

  • Known-Plaintext-Attacken — Die Kryptoanalyse (in neueren Publikationen auch: Kryptanalyse) bezeichnet im ursprünglichen Sinne das Studium von Methoden und Techniken, um Informationen aus verschlüsselten Texten zu gewinnen. Diese Informationen können sowohl der verwendete… …   Deutsch Wikipedia

  • Known Plaintext — Die Kryptoanalyse (in neueren Publikationen auch: Kryptanalyse) bezeichnet im ursprünglichen Sinne das Studium von Methoden und Techniken, um Informationen aus verschlüsselten Texten zu gewinnen. Diese Informationen können sowohl der verwendete… …   Deutsch Wikipedia

  • Chosen-plaintext attack — Die Kryptoanalyse (in neueren Publikationen auch: Kryptanalyse) bezeichnet im ursprünglichen Sinne das Studium von Methoden und Techniken, um Informationen aus verschlüsselten Texten zu gewinnen. Diese Informationen können sowohl der verwendete… …   Deutsch Wikipedia

  • Attack model — Attack models or attack typesref|secondname specify how much information a cryptanalyst has access to when cracking an encrypted message. Some common attack models are: *Ciphertext only attack *Known plaintext attack *Chosen plaintext attack… …   Wikipedia

  • Known Ciphertext — Die Kryptoanalyse (in neueren Publikationen auch: Kryptanalyse) bezeichnet im ursprünglichen Sinne das Studium von Methoden und Techniken, um Informationen aus verschlüsselten Texten zu gewinnen. Diese Informationen können sowohl der verwendete… …   Deutsch Wikipedia

  • Slide attack — The slide attack is a form of cryptanalysis designed to deal with the prevailing idea that even weak ciphers can become very strong by increasing the number of rounds, which can ward off a differential attack. The slide attack works in such a way …   Wikipedia

  • Brute force attack — In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, possible keys in order to decrypt a message. In most schemes, the theoretical possibility of a brute… …   Wikipedia

  • Ciphertext-only attack — In cryptography, a ciphertext only attack (COA) or known ciphertext attack is an attack model for cryptanalysis where the attacker is assumed to have access only to a set of ciphertexts. The attack is completely successful if the corresponding… …   Wikipedia

  • Chosen-ciphertext attack — A chosen ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst gathers information, at least in part, by choosing a ciphertext and obtaining its decryption under an unknown key. In the attack, an adversary has a… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”