Cryptanalysis refers to the study of ciphers, ciphertext, or cryptosystems (that is, to secret code systems) with a view to finding weaknesses in them that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the algorithm. This is known as breaking the cipher, ciphertext, or cryptosystem.
Breaking is sometimes used interchangeably with weakening. This refers to finding a property (fault) in the design or implementation of the cipher that reduces the number of keys required in a brute force attack (that is, simply trying every possible key until the correct one is found).
For example, assume that a symmetric cipher implementation uses a key length of 2^128 bits (2 to the power of 128): this means that a brute force attack would need to try up to all 2^128 possible combinations (rounds) to be certain of finding the correct key (or, on average, 2^127 possible combinations) to convert the ciphertext into plaintext, which is not possible given present and near future computing abilities. However, a cryptanalysis of the cipher reveals a technique that would allow the plaintext to be found in 2^40 rounds. While not completely broken, the cipher is now much weaker and the plaintext can be found with moderate computing resources.
There are numerous techniques for performing cryptanalysis, depending on what access the cryptanalyst has to the plaintext, ciphertext, or other aspects of the cryptosystem. Below are some of the most common types of attacks:
1) Known-plaintext analysis: With this procedure, the cryptanalyst has knowledge of a portion of the plaintext from the ciphertext. Using this information, the cryptanalyst attempts to deduce the key used to produce the ciphertext.
2) Chosen-plaintext analysis (also known as differential cryptanalysis): The cryptanalyst is able to have any plaintext encrypted with a key and obtain the resulting ciphertext, but the key itself cannot be analyzed. The cryptanalyst attempts to deduce the key by comparing the entire ciphertext with the original plaintext. The Rivest-Shamir-Adleman encryption technique has been shown to be somewhat vulnerable to this type of analysis.
3) Ciphertext-only analysis: The cryptanalyst has no knowledge of the plaintext and must work only from the ciphertext. This requires accurate guesswork as to how a message could be worded. It helps to have some knowledge of the literary style of the ciphertext writer and/or the general subject matter.
4) Man-in-the-middle attack: This differs from the above in that it involves tricking individuals into surrendering their keys. The cryptanalyst/attacker places him or herself in the communication channel between two parties who wish to exchange their keys for secure communication (via asymmetric or public key infrastructure cryptography). The cryptanalyst/attacker then performs a key exchange with each party, with the original parties believing they are exchanging keys with each other. The two parties then end up using keys that are known to the cryptanalyst/attacker. This type of attack can be defeated by the use of a hash function.
5) Timing/differential power analysis: This is a new technique made public in June 1998, particularly useful against the smart card, that measures differences in electrical consumption over a period of time when a microchip performs a function to secure information. This technique can be used to gain information about key computations used in the encryption algorithm and other functions pertaining to security. The technique can be rendered less effective by introducing random noise into the computations, or altering the sequence of the executables to make it harder to monitor the power fluctuations. This type of analysis was first developed by Paul Kocher of Cryptography Research, though Bull Systems claims it knew about this type of attack over four years before.
In addition to the above, other techniques are available, such as convincing individuals to reveal passwords/keys, developing Trojan horse programs that steal a victim’s secret key from their computer and send it back to the cryptanalyst, or tricking a victim into using a weakened cryptosystem. All of these are valid techniques in cryptanalysis, even though they may be considered unorthodox.
Successful cryptanalysis is a combination of mathematics, inquisitiveness, intuition, persistence, powerful computing resources – and more often than many would like to admit – luck. However, successful cryptanalysis has made the enormous resources often devoted to it more than worthwhile: the breaking of the German Enigma code during WWII, for example, was one of the key factors in an early Allied victory.
Today, cryptanalysis is practiced by a broad range of organizations: governments try to break other governments’ diplomatic and military transmissions; companies developing security products send them to cryptanalysts to test their security features and to a hacker or cracker to try to break the security of Web sites by finding weaknesses in the securing protocols. It is this constant battle between cryptographers trying to secure information and cryptanalysts trying to break cryptosystems that moves the entire body of cryptology knowledge forward.