By Aakanksha Mirdha
Cryptanalysis refers to the study of ciphers, cipher text, or cryptosystems (that is, to secret code systems) with a view to finding weaknesses in them that will permit retrieval of the plaintext from the cipher text, without necessarily knowing the key or the algorithm. This is known as breaking the cipher, cipher text, or cryptosystem.
Successful cryptanalysis is a combination of mathematics, inquisitiveness, intuition, persistence, powerful computing resources - and more often than many would like to admit - luck. However, successful cryptanalysis has made the enormous resources often devoted to it more than worthwhile: the breaking of the German Enigma code during WWII, for example, was one of the key factors in an early Allied victory.
There are numerous techniques for performing cryptanalysis, depending on what access the cryptanalyst has to the plaintext, cipher text, or other aspects of the cryptosystem. Below are some of the most common types of attacks:
1) Known-plaintext analysis: With this procedure, the cryptanalyst has knowledge of a portion of the plaintext from the cipher text. Using this information, the cryptanalyst attempts to deduce the key used to produce the cipher text.
2) Chosen-plaintext analysis (also known as differential cryptanalysis): The cryptanalyst is able to have any plaintext encrypted with a key and obtain the resulting cipher text, but the key itself cannot be analysed. The cryptanalyst attempts to deduce the key by comparing the entire cipher text with the original plaintext.
3) Cipher text-only analysis: The cryptanalyst has no knowledge of the plaintext and must work only from the cipher text. This requires accurate guesswork as to how a message could be worded. It helps to have some knowledge of the literary style of the cipher text writer and/or the general subject matter.
4) Man-in-the-middle attack: This differs from the above in that it involves tricking individuals into surrendering their keys. The cryptanalyst/attacker places him or herself in the communication channel between two parties who wish to exchange their keys for secure communication (via asymmetric or public key infrastructure cryptography). The cryptanalyst/attacker then performs a key exchange with each party, with the original parties believing they are exchanging keys with each other. The two parties then end up using keys that are known to the cryptanalyst/attacker. This type of attack can be defeated by the use of a hash function.
5) Timing/differential power analysis: This is a new technique made public in June 1998, particularly useful against the smart card, that measures differences in electrical consumption over a period of time when a microchip performs a function to secure information. This technique can be used to gain information about key computations used in the encryption algorithm and other functions pertaining to security.
Today, cryptanalysis is practiced by a broad range of organizations: governments try to break other governments' diplomatic and military transmissions; companies developing security products send them to cryptanalysts to test their security features and to a hacker or cracker to try to break the security of Web sites by finding weaknesses in the securing protocols. It is this constant battle between cryptographers trying to secure information and cryptanalysts trying to break cryptosystems that moves the entire body of cryptology knowledge forward.
Successful cryptanalysis is a combination of mathematics, inquisitiveness, intuition, persistence, powerful computing resources - and more often than many would like to admit - luck. However, successful cryptanalysis has made the enormous resources often devoted to it more than worthwhile: the breaking of the German Enigma code during WWII, for example, was one of the key factors in an early Allied victory.
There are numerous techniques for performing cryptanalysis, depending on what access the cryptanalyst has to the plaintext, cipher text, or other aspects of the cryptosystem. Below are some of the most common types of attacks:
1) Known-plaintext analysis: With this procedure, the cryptanalyst has knowledge of a portion of the plaintext from the cipher text. Using this information, the cryptanalyst attempts to deduce the key used to produce the cipher text.
2) Chosen-plaintext analysis (also known as differential cryptanalysis): The cryptanalyst is able to have any plaintext encrypted with a key and obtain the resulting cipher text, but the key itself cannot be analysed. The cryptanalyst attempts to deduce the key by comparing the entire cipher text with the original plaintext.
3) Cipher text-only analysis: The cryptanalyst has no knowledge of the plaintext and must work only from the cipher text. This requires accurate guesswork as to how a message could be worded. It helps to have some knowledge of the literary style of the cipher text writer and/or the general subject matter.
4) Man-in-the-middle attack: This differs from the above in that it involves tricking individuals into surrendering their keys. The cryptanalyst/attacker places him or herself in the communication channel between two parties who wish to exchange their keys for secure communication (via asymmetric or public key infrastructure cryptography). The cryptanalyst/attacker then performs a key exchange with each party, with the original parties believing they are exchanging keys with each other. The two parties then end up using keys that are known to the cryptanalyst/attacker. This type of attack can be defeated by the use of a hash function.
5) Timing/differential power analysis: This is a new technique made public in June 1998, particularly useful against the smart card, that measures differences in electrical consumption over a period of time when a microchip performs a function to secure information. This technique can be used to gain information about key computations used in the encryption algorithm and other functions pertaining to security.
Today, cryptanalysis is practiced by a broad range of organizations: governments try to break other governments' diplomatic and military transmissions; companies developing security products send them to cryptanalysts to test their security features and to a hacker or cracker to try to break the security of Web sites by finding weaknesses in the securing protocols. It is this constant battle between cryptographers trying to secure information and cryptanalysts trying to break cryptosystems that moves the entire body of cryptology knowledge forward.
RSS Feed