|Previous||Table of Contents||Next|
There are at least three other types of cryptanalytic attack.
Known-plaintext attacks and chosen-plaintext attacks are more common than you might think. It is not unheard-of for a cryptanalyst to get a plaintext message that has been encrypted or to bribe someone to encrypt a chosen message. You may not even have to bribe someone; if you give a message to an ambassador, you will probably find that it gets encrypted and sent back to his country for consideration. Many messages have standard beginnings and endings that might be known to the cryptanalyst. Encrypted source code is especially vulnerable because of the regular appearance of keywords: #define, struct, else, return. Encrypted executable code has the same kinds of problems: functions, loop structures, and so on. Known-plaintext attacks (and even chosen-plaintext attacks) were successfully used against both the Germans and the Japanese during World War II. David Kahns books [794,795,796] have historical examples of these kinds of attacks.
And dont forget Kerckhoffss assumption: If the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithms inner workings, youre sunk. If you believe that keeping the algorithms insides secret improves the security of your cryptosystem more than letting the academic community analyze it, youre wrong. And if you think that someone wont disassemble your code and reverse-engineer your algorithm, youre naïve. (In 1994 this happened with the RC4 algorithmsee Section 17.1.) The best algorithms we have are the ones that have been made public, have been attacked by the worlds best cryptographers for years, and are still unbreakable. (The National Security Agency keeps their algorithms secret from outsiders, but they have the best cryptographers in the world working within their wallsyou dont. Additionally, they discuss their algorithms with one another, relying on peer review to uncover any weaknesses in their work.)
Cryptanalysts dont always have access to the algorithms, as when the United States broke the Japanese diplomatic code PURPLE during World War II but they often do. If the algorithm is being used in a commercial security program, it is simply a matter of time and money to disassemble the program and recover the algorithm. If the algorithm is being used in a military communications system, it is simply a matter of time and money to buy (or steal) the equipment and reverse-engineer the algorithm.
Those who claim to have an unbreakable cipher simply because they cant break it are either geniuses or fools. Unfortunately, there are more of the latter in the world. Beware of people who extol the virtues of their algorithms, but refuse to make them public; trusting their algorithms is like trusting snake oil.
Good cryptographers rely on peer review to separate the good algorithms from the bad.
Security of Algorithms
Different algorithms offer different degrees of security; it depends on how hard they are to break. If the cost required to break an algorithm is greater than the value of the encrypted data, then youre probably safe. If the time required to break an algorithm is longer than the time the encrypted data must remain secret, then youre probably safe. If the amount of data encrypted with a single key is less than the amount of data necessary to break the algorithm, then youre probably safe.
I say probably because there is always a chance of new breakthroughs in cryptanalysis. On the other hand, the value of most data decreases over time. It is important that the value of the data always remain less than the cost to break the security protecting it.
Lars Knudsen classified these different categories of breaking an algorithm. In decreasing order of severity :
An algorithm is unconditionally secure if, no matter how much ciphertext a cryptanalyst has, there is not enough information to recover the plaintext. In point of fact, only a one-time pad (see Section 1.5) is unbreakable given infinite resources. All other cryptosystems are breakable in a ciphertext-only attack, simply by trying every possible key one by one and checking whether the resulting plaintext is meaningful. This is called a brute-force attack (see Section 7.1).
Cryptography is more concerned with cryptosystems that are computationally infeasible to break. An algorithm is considered computationally secure (sometimes called strong) if it cannot be broken with available resources, either current or future. Exactly what constitutes available resources is open to interpretation.
You can measure the complexity (see Section 11.1) of an attack in different ways:
As a rule of thumb, the complexity of an attack is taken to be the minimum of these three factors. Some attacks involve trading off the three complexities: A faster attack might be possible at the expense of a greater storage requirement.
Complexities are expressed as orders of magnitude. If an algorithm has a processing complexity of 2128, then 2128 operations are required to break the algorithm. (These operations may be complex and time-consuming.) Still, if you assume that you have enough computing speed to perform a million operations every second and you set a million parallel processors against the task, it will still take over 1019 years to recover the key. Thats a billion times the age of the universe.
|Previous||Table of Contents||Next|