Cryptanalysis

Contents

• Basics
• Illustrations

Cryptanalysis basics

• Cryptanalysis and attacks - Wikipedia
• Amount of information available to the attacker (further to Kerckhoffs' principle)
• Ciphertext-only: the cryptanalyst has access only to a collection of ciphertexts or codetexts.
• Known-plaintext: the attacker has a set of ciphertexts to which they know the corresponding plaintext.
• Chosen-plaintext (chosen-ciphertext): the attacker can obtain the ciphertexts (plaintexts) corresponding to an arbitrary set of plaintexts (ciphertexts) of their own choosing.
• Adaptive chosen-plaintext: like a chosen-plaintext attack, except the attacker can choose subsequent plaintexts based on information learned from previous encryptions, similarly to the Adaptive chosen ciphertext attack.
• Related-key attack: Like a chosen-plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys. The keys are unknown, but the relationship between them is known; for example, two keys that differ in the one bit.
• Computational resources required
• Time – the number of computation steps (e.g., test encryptions) which must be performed.
• Memory – the amount of storage required to perform the attack.
• Data – the quantity and type of plaintexts and ciphertexts required for a particular approach.

Illustrations

• Univ of Maryland - William Arbaugh - chosen plaintext against WEP/WEP2
• EFF - 1999-01-19 56 bit DES crack in 22 1/4 h.
• Copacobana - Cost-Optimized Parallel COde Breaker for e.g. DES (FPGA-based machine)
• CWI - Lenstra, Te Riel, Montgomery - cracking RSA-155/512 bits
• MD5Crack - Gregory Duchemin
• DeCSS - decryption of DVD CSS - Dave Touretzky - Carnegie Mellon University - note that originally this seems to have been done by MoRE, a Norwegian group - Masters of Reverse Engineering