This preview shows page 1. Sign up to view the full content.
Unformatted text preview: on algorithm used: 1. Ciphertextonly attack. The cryptanalyst has the ciphertext of several messages, all of which have been encrypted using the same encryption algorithm. The cryptanalyst’s job is to recover the plaintext of as many messages as possible, or better yet to deduce the key (or keys) used to encrypt the messages, in order to decrypt other messages encrypted with the same keys. Given: C1 = Ek(P1), C2 = Ek(P2),...Ci = Ek(Pi) Deduce: Either P1, P2,...Pi; k; or an algorithm to infer Pi+1 from Ci+1 = Ek(Pi+1) 2. Knownplaintext attack. The cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages. His job is to deduce the key (or keys) used to encrypt the messages or an algorithm to decrypt any new messages encrypted with the same key (or keys). Given: P1, C1 = Ek(P1), P2, C2 = Ek(P2),...Pi, Ci = Ek(Pi) Deduce: Either k, or an algorithm to infer Pi+1 from Ci+1 = Ek(Pi+1) 3. Chosenplaintext attack. The cryptanalyst not only has access to the ciphertext and associated plaintext for several messages, but he also chooses the plaintext that gets encrypted. This is more powerful than a knownplaintext attack, because the cryptanalyst can choose specific plaintext blocks to encrypt, ones that might yield more information about the key. His job is to deduce the key (or keys) used to encrypt the messages or an algorithm to decrypt any new messages encrypted with the same key (or keys). Given: P1, C1 = Ek(P1), P2, C2 = Ek(P2),...Pi, Ci = Ek(Pi), where the cryptanalyst gets to choose P1, P2,...Pi Deduce: Either k, or an algorithm to infer Pi+1 from Ci
+1 = Ek(Pi+1) 4. Adaptivechosenplaintext attack. This is a special case of a chosenplaintext attack. Not only can the cryptanalyst choose the plaintext that is encrypted, but he can also modify his choice based on the results of previous encryption. In a chosenplaintext attack, a cryptanalyst might just be able to choose one large block of plaintext to be encrypted; in an adaptivechosenplaintext attack he can choose a smaller block of plaintext and...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details