5.3 CRYPTANALYSIS
Cryptanalysis is the study and practice of breaking cipher systems—that is, discovering plaintext or the key from ciphertext without authorization. Effective cryptanalysis exploits any structure or redundancy that remains in the ciphertext, so modern cipher design strives to make the ciphertext appear statistically indistinguishable from random noise, exhibiting no observable relationship between ciphertext and corresponding plaintext.
Depending on the information available to the analyst, attacks are categorized as:
- Ciphertext-only attacks. The attacker has access only to one or more ciphertexts and tries to deduce the plaintext or the key. Practical examples include passive interception of encrypted traffic or archived ciphertexts. Success typically depends on redundancy and non-uniformity in the plaintext (language statistics, repeated protocol fields) and on weak cipher/key choices.
- Known-plain text attacks. The attacker has examples of plaintext together with the corresponding ciphertext and uses those pairs to recover the key or decrypt other messages. This frequently arises because of predictable file headers or protocol fields (file numbers, compression/resynchronisation markers, fixed protocol headers, or well-known greetings), repeated structured data, or predictable message formats. Such partial correspondences provide starting points for cryptanalysis (for example, recovering substitution tables or enabling crib dragging).
- Chosen-plaintext attacks. The attacker can obtain ciphertexts for plaintexts of their choosing (for instance by submitting messages to be encrypted). This capability is stronger than known-plaintext and models many real-world scenarios (e.g., a service that will encrypt attacker-supplied data). Many modern security definitions require indistinguishability under chosen-plaintext attack (IND-CPA).
- Chosen-ciphertext attacks. the attacker can supply ciphertexts to a decryption oracle and obtain the resulting plaintexts (or error behaviour). This is an even stronger adversary model; practical historical attacks (e.g., Bleichenbacher’s RSA padding oracle) exploited subtle differences in decryption error messages to recover keys. Strong modern schemes aim for IND-CCA security.
