Cryptanalysis and Types of Attacks
Cryptology has two parts namely, Cryptography which focuses on creating secret codes and Cryptanalysis which is the study of the cryptographic algorithm and the breaking of those secret codes. The person practicing Cryptanalysis is called a Cryptanalyst. It helps us to better understand the cryptosystems and also helps us improve the system by finding any weak point and thus work on the algorithm to create a more secure secret code. For example, a Cryptanalyst might try to decipher a ciphertext to derive the plaintext. It can help us to deduce the plaintext or the encryption key.
To determine the weak points of a cryptographic system, it is important to attack the system. This attacks are called Cryptanalytic attacks. The attacks rely on nature of the algorithm and also knowledge of the general characteristics of the plaintext, i.e., plaintext can be a regular document written in English or it can be a code written in Java. Therefore, nature of the plaintext should be known before trying to use the attacks.
Types of Cryptanalytic attacks :
- Known-Plaintext Analysis (KPA) :
In this type of attack, some plaintext-ciphertext pairs are already known. Attacker maps them in order to find the encryption key. This attack is easier to use as a lot of information is already available.
- Chosen-Plaintext Analysis (CPA) :
In this type of attack, the attacker chooses random plaintexts and obtains the corresponding ciphertexts and tries to find the encryption key. Its very simple to implement like KPA but the success rate is quite low.
- Ciphertext-Only Analysis (COA) :
In this type of attack, only some cipher-text is known and the attacker tries to find the corresponding encryption key and plaintext. Its the hardest to implement but is the most probable attack as only ciphertext is required.
- Man-In-The-Middle (MITM) attack :
In this type of attack, attacker intercepts the message/key between two communicating parties through a secured channel.
- Adaptive Chosen-Plaintext Analysis (ACPA) :
This attack is similar CPA. Here, the attacker requests the cipher texts of additional plaintexts after they have ciphertexts for some texts.