Cryptanalysis

Contributor(s): Rezos, KristenS, kingthorin

Description

Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and

using these weaknesses to decipher the ciphertext without knowing the secret key
(instance deduction). Sometimes the weakness is not in the cryptographic
algorithm itself, but rather in how it is applied that makes cryptanalysis successful.
An attacker may have other goals as well, such as:

 Total Break - Finding the secret key.

 Gobal Deduction - Finding a functionally equivalent algorithm for
encryption and decryption that does not require knowledge of the secret key.
 Information Deduction - Gaining some information about plaintexts or
ciphertexts that was not previously known.
 Distinguishing Algorithm - The attacker has the ability to distinguish the
output of the encryption (ciphertext) from a random permutation of bits.

The goal of the attacker performing cryptanalysis will depend on the specific needs
of the attacker in a given attack context. In most cases, if cryptanalysis is
successful at all, an attacker will not be able to go past being able to deduce some
information about the plaintext (goal 3). However, that may be sufficient for an
attacker, depending on the context.

Examples

A very easy to understand (but totally inapplicable to modern cryptographic

ciphers) example is a cryptanalysis technique called frequency analysis that can be
successfully applied to the very basic classic encryption algorithms that performed
monoalphabetic substitution replacing each letter in the plaintext with its
predetermined mapping letter from the same alphabet. This was considered an
improvement over a more basic technique that would simply shift all of the letters
of the plaintext by some constant number of positions and replace the original
letters with the new letter with the resultant alphabet position. While
monoalphabetic substitution ciphers are resilient to blind brute force, they can be
broken easily with nothing more than a pen and paper. Frequency analysis
cryptanalysis uses the fact that natural language is not random and monoalphabetic
substitution does not hide the statistical properties of the natural language. So if the
letter “E” in an English language occurs with a certain known frequency (about
12.7%), whatever “E” was substituted with to get to the ciphertext, will occur with
the similar frequency. Having this frequency information allows the cryptanalyst to
quickly determine the substitutions and decipher the ciphertext. Frequency analysis
techniques are not applicable to modern ciphers as they are all resilient to it (unless
this is a very bad case of a homegrown encryption algorithm). This example is just
here to illustrate a rudimentary example of cryptanalysis.

Cryptology has two parts namely, Cryptography which focuses on creating secret
codes and Cryptanalysis which is the study of the cryptographic algorithm and the
breaking of those secret codes. The person practicing Cryptanalysis is called a
Cryptanalyst. It helps us to better understand the cryptosystems and also helps us
improve the system by finding any weak point and thus work on the algorithm to
create a more secure secret code. For example, a Cryptanalyst might try to decipher
a ciphertext to derive the plaintext. It can help us to deduce the plaintext or the
encryption key.

Parts Of Cryptology

To determine the weak points of a cryptographic system, it is important to attack

the system. This attacks are called Cryptanalytic attacks. The attacks rely on
nature of the algorithm and also knowledge of the general characteristics of the
plaintext, i.e., plaintext can be a regular document written in English or it can be a
code written in Java. Therefore, nature of the plaintext should be known before
trying to use the attacks.
Types of Cryptanalytic attacks :

The Five Types of Cryptanalytic Attacks

 Known-Plaintext Analysis (KPA) :

In this type of attack, some plaintext-ciphertext pairs are already known.
Attacker maps them in order to find the encryption key. This attack is easier
to use as a lot of information is already available.
 Chosen-Plaintext Analysis (CPA) :
In this type of attack, the attacker chooses random plaintexts and obtains the
corresponding ciphertexts and tries to find the encryption key. Its very
simple to implement like KPA but the success rate is quite low.
 Ciphertext-Only Analysis (COA) :
In this type of attack, only some cipher-text is known and the attacker tries
to find the corresponding encryption key and plaintext. Its the hardest to
implement but is the most probable attack as only ciphertext is required.
 Man-In-The-Middle (MITM) attack :
In this type of attack, attacker intercepts the message/key between two
communicating parties through a secured channel.
 Adaptive Chosen-Plaintext Analysis (ACPA) :
This attack is similar CPA. Here, the attacker requests the cipher texts of
additional plaintexts after they have ciphertexts for some texts.

Cryptanalysis in Cryptography: Types and Applications

 Bhumika Dutta
 Jan 03, 2022
Stay Updated & Stay Safe!

Get updates on the latest posts and more from Analytics Steps straight to your
inbox.
By subscribing, your are giving consent to receive emails. Read our privacy policy.

Cryptography is a fascinating topic of study that focuses on the technique of

encrypting and decrypting messages in secret code so that only the intended
receiver can understand them. 

Cryptography can also refer to the art of cryptanalysis, which is the process of
breaking cryptographic codes. In this article, we are going to learn about
Cryptanalysis and its types, along with its contributions to cybersecurity.

Cryptanalysis: An Overview

Cryptanalysis is the technique of examining cryptographic systems for flaws or

information leakage. Cryptanalysis is commonly thought of as searching for flaws
in a cryptographic system's core mathematics, but it also involves looking for flaws
in implementation, such as side-channel attacks or weak entropy inputs. 

Cryptanalysis is a technique for converting ciphertext to plaintext. Eavesdropping

on the unprotected channel, an unauthorized person tries to decipher the
communication. It's also known as cracking codes. This individual is unconstrained
by any rules. To get the plaintext, he can use any approach.

Types of Cryptanalysis Attacks:

Cryptanalytic attacks are used to find vulnerabilities in a cryptographic system.

Cryptography can be deciphered by exploiting these flaws. The nature of the
method and knowledge of the plaintext's general properties are the most important
factors in these cryptanalysis assaults. 

A plaintext can be written in any language, including English and Java code.
Before launching an attack, it's critical to understand the plaintext. There are 5
types of them, and all of them are given below:

1. Known-Plaintext Analysis (KPA):

The attacker is aware of plaintext-ciphertext pairings in this case. An attacker

just needs to map those pairings to find the encryption key. This assault is
quite simple since the attacker already has a wealth of information at his
disposal.

2. Chosen-Plaintext Analysis (CPA):

This attack is carried out by selecting random plaintexts and then acquiring
the ciphertexts that correspond to them. The encryption key must be
discovered by the attacker. Though it is comparable to KPA and is reasonably
easy to deploy, it has a low success rate.

3. Ciphertext-Only Analysis (COA):

This type of attack is conceivable when the attacker just has access to some
ciphertext and is attempting to decipher the encryption key and plaintext.
Though this is the most difficult attack, the success rate is reasonably high
because just the ciphertext is required.
 

4. Man-in-the-middle (MITM):

This technique successfully intercepts a message transmitted over a secure

channel between two communicators.

5. Adaptive Chosen-Plaintext Analysis (ACPA):

Unlike CPA, it includes attackers demanding ciphertexts of additional

plaintexts.

History of Cryptanalysis:

While cryptography is unmistakably a science with well-established analytic and

synthesis principles, cryptanalysis was formerly considered an art as well as a
science. 

The reason for this is because cryptanalysis success is frequently the result of
flashes of inspiration, gamelike intuition, and, most importantly, the cryptanalyst's
awareness of pattern or structure in the cipher on an almost subconscious level.

There were a few types of ciphers known in this field, as written by Simplilearn:

 
  Substitution cipher in which the units of plaintext (a character or group of
characters) are replaced with ciphertext.
 Transposition cipher in which plaintext units' locations are altered
according to a regular scheme, resulting in a permutation of the plaintext in
the ciphertext.
 A polyalphabetic substitution cipher is a substitution cipher that employs
a number of different substitution alphabets.
 Permutation cipher is a transposition cipher with a permutation as the key.

It's simple to express and show the concepts that underpin the scientific side of
cryptanalysis, but it's practically hard to give a sense of the art with which the
principles are put into practice. Mathematics and massive quantities of processing
power, on the other hand, are the pillars of modern cryptanalysis.

Applications of Cryptanalysis:

Cryptography and cryptanalysis have many real-life applications. Jigsaw Academy

has listed out some of them:

1. Integrity in storage:

Cryptanalysis is used to maintain integrity in storage. Access control systems

with locks and keys can help with this. These are used to protect stored data
from unwanted access. 

 
 Cryptographic checksums aid in determining the authenticity of stored data in
a dynamic environment where viruses have modified data protection
approaches. 

A cryptographic checksum is created and compared to the anticipated value

during any such data transmission. Storage media is more vulnerable to
assault because it contains higher amounts of data or data that has been
exposed for longer periods.

2. Identity authentication:

Identity authentication is the process of confirming a user's authority to

access data, and cryptanalysis is employed to do so. To facilitate identity
authentication, passwords are exchanged. 

For more reliable and efficient identity identification, modern systems

combine cryptographic transformations with other attributes of persons. The
passwords are kept in an encrypted format, and applications that may utilize
them have read access to them. 

The system's security is not jeopardized since the passwords are not saved in
plaintext. These passwords are similar to a cryptosystem's key. Anything to
which the password has access can be encrypted and decrypted using this
cryptosystem. It is preferable to choose a longer password since the more
characters in a password, the more difficult it is to guess.

3. System credentials:

 
 The use of cryptography aids in the creation of system credentials. Users
generate proof of a person's qualification by producing a credential. 

Electronic credentials may now be created to enable electronic verification.

It's mostly utilized with smart cards to conduct cryptographic activities and
store secret data.

4. Digital signatures:

They're commonly used to verify the authenticity of communication and

show that it came from a known sender. It's akin to signing a document on
paper. Digital signatures must be difficult to fabricate if they are to be as
successful as paper signatures. 

When organizations are located in different locations and are unable to meet
in person yet must deal with large amounts of paperwork, digital signatures
can be quite useful. It is particularly advantageous in high-value commercial
transactions. 

A public-key cryptosystem and hashing process may be used to simply

produce digital signatures. Another advantage of a digital signature is that any
individual who has access to the sender's public key may verify and sign the
document. It's frequently part of a digital signature's format.

5. ETFs:

 
 Everyone is aware that electronic money has long since supplanted cash
transactions. Electronic funds transfer (ETF), digital gold money, virtual
currency, and direct deposits are all examples of cryptography-based assets. 

ATM withdrawals, debit card payments, direct deposits, wire transfers, and
other electronic money operations are examples.

Requirements for Cryptanalysis

 The primary responsibility of this position is to study, research, and test

novel cryptology ideas and applications.
 It is able to test computational models for correctness and dependability
 Ensures that message transmission data (wireless network, secure telephone,
cellphones, email, and so on) is not accessed or altered unlawfully while in
transit.
 Safeguard sensitive data from being intercepted, copied, manipulated, or
destroyed.
 For military, political, and law enforcement forces, capable of interpreting
obscure signals and coding schemes.
 Create statistical and mathematical models for data analysis and solving
security-related problems.
 In cryptographic security systems and algorithms, evaluate, analyze, and
target flaws.
 To avoid weaknesses, create effective security solutions.
 Capable of probing for communication line flaws.

What is Cryptanalysis in Information Security?

Information SecuritySafe & SecurityData Structure

Cryptanalysis is the decryption and inquiry of codes, ciphers or encrypted text.
Cryptanalysis need numerical rule to search for algorithm susceptibility and divide
into cryptography or information security systems.

The main objective of cryptanalysis is to discover weaknesses in or otherwise

defeat encryption algorithms. This research can be used by cryptographers to
enhance and strengthen or else restore irreparably flawed algorithms.

These type of attack exploits the nature of the algorithm to acquire the plaintext or
the key being utilized from the encrypted message.

Cryptanalysis generally require a direct examination of the cryptosystem in place,

frequently an advanced focused mathematical effort at decryption using data that is
known about the encryption design.

These can involve intercepted encrypted messages (ciphertext), intercepted full,

partial, likely, or associated initial messages (plaintext), or they can use data that is
known for use adaptively in successive trials.

Computer resources needed for cryptanalysis such as time, memory, and

information. There are also changeable degrees of achievement ranging from a
total break of the encryption algorithm to the ascertainment of weaknesses in it.

There are various types of Cryptanalysis attacks which are as follows −

 Ciphertext-only attacks − In this attack, the attacker has access to only

some ciphertext. It attempt to discover the corresponding key and plaintext.
It is considered that attacker understand the algorithm and can intercept the
ciphertext.
 Known-plaintext attack − In this attack, the cryptanalyst understand some
plaintext pairs that have been collected earlier, moreover the intercepted
ciphertext that it wants to break.
 Chosen-plaintext attack − Chosen-plaintext attack is same to known-
plaintext attack but the plaintext pairs have been selected by the attacker
himself. This type of attack is simpler to implement but they are less likely
to appear.
 Brute force attack − This type of attack need algorithms that try to guess
some possible logical set of the plaintext which are then ciphered and
compared against the initial cipher.
 Chosen-ciphertext attack − The chosen-ciphertext attack is same to the
chosen plaintext. In this, the attacker select some ciphertext and decrypts it
 to develop a ciphertext. This attack is applicable if the attacker has access to
the receiver’s computer.
 Dictionary attack − This type of attack need a wordlist in order to discover
a match of either the plaintext or key. It is generally used when attempting to
crack encrypted passwords.
 Rainbow table attack − This type of attack compares the cipher text against
precomputed hashes to discover matches.
 Man-in-the-Middle (MITM) Attack − Attack appears when two parties
use message or key sharing for communication through a channel that occur
secure but is generally compromised.

Attacker employs this attack for the blocking of messages that pass through
the communications channel. Hash functions avoid MITM attacks.

 Adaptive Chosen-Plaintext Attack (ACPA) − It is similar to a CPA, this

attack uses chosen plaintext and ciphertext based on data learned from past
encryptions.