UnlabelledChosen-plaintext attack

Sabtu, 09 Juni 2018

- -
Sponsored Links

Chosen-plaintext attack - YouTube
src: i.ytimg.com

The select-plaintext attack ( CPA ) is an attack model for cryptanalysis that assumes that an attacker can obtain ciphertext for plaintext arbitrarily. The purpose of this attack is to obtain information that reduces the security of the encryption scheme.

The modern cipher aims to provide semantic security, also known as ciphertext indistinguishability under a select-plaintext attack , and therefore the design is generally invulnerable to a plaintext-selected attack if applied correctly.


Video Chosen-plaintext attack



Introduction

In a chosen attack-plaintext enemies can (perhaps adaptively) request ciphertext from arbitrary plaintext messages. It is formalized by enabling enemies to interact with oracle encryption, which is seen as a black box. The purpose of an attacker is to reveal all or some secret encryption keys.

It may seem improper in practice that an attacker can get a ciphertext for plaintext. However, modern cryptography is implemented in software or hardware and is used for a variety of applications; for many cases, plaintext-selected attacks are often very feasible (see also #In Practice). The plaintext-selected attack becomes very important in the context of public key cryptography, where the encryption key is public and the attacker can encrypt every plaintext they choose.

Maps Chosen-plaintext attack



Different forms

There are two forms of plaintext-select attacks:

  • The selected batch-plaintext attack , in which the enemy selects all plaintext before viewing one of the cipherteks in question. This is often the meaning meant by "select-plaintext attacks" when this does not qualify.
  • Adaptive select-plaintext attack ( CPA2 ), where enemies can request ciphertext from additional plaintext after viewing ciphertext for some plaintext.

CS 3700 Networks and Distributed Systems - ppt download
src: slideplayer.com


Common methods of attack

Commonly-chosen plaintext attacks are carried out as follows:

  1. Attackers can select n plaintexts. (These parameters are n defined as part of the attack model, may or may not be restricted.)
  2. The attacker then sends n this plaintext to oracle encryption.
  3. Oracle encryption will then encrypt the attacker's plaintext and send it back to the attacker.
  4. The attacker receives the n ciphertexts back from oracle, such that the attacker knows which ciphertext corresponds to each plaintext.
  5. Based on the plaintext-ciphertext pair, an attacker can try extracting the keys used by oracle to encrypt plaintext. Because the attacker in this type of attack is free to make plaintext to fit his needs, the attack's complexity can be reduced.

Pertimbangkan perpanjangan berikut dari situasi di atas. Setelah langkah terakhir,

  1. Output lawan dua plaintexts m 0 dan m 1 .
  2. Sedikit b dipilih secara seragam secara acak                         b          <-          {          0         ,          1         }                  {\ displaystyle b \ leftarrow \ {0,1 \}}    .
  3. Musuh menerima enkripsi m b , dan mencoba "menebak" plaintext mana yang diterima, dan menghasilkan bit b '.

Cipher has encryption that can not be distinguished under a select-plaintext attack if after running the above experiment with n = 1 enemy can not guess right ( b = b ') with the possibility can not be ignored better than 1/2.

Server Tailgating - A Chosen-PlainText Attack on RDP - YouTube
src: i.ytimg.com


Example

The following examples show how some ciphers that meet other security definitions can be broken with a plaintext-selected attack.

Caesar cipher

The following attacks on the Caesar password allow full recovery of the secret key:

  1. Suppose the enemy sends a message: Attack at dawn ,
  2. and oracle returns Nggnpx ng qnja .
  3. The enemy can then work to restore the key in the same way as you decrypt the Caesar password. The enemy can infer the substitution of A Ã, -> N , T Ã, -> G and so on. This will cause the enemy to specify that 13 is the key used in the Caesar password.

With a more complex or complex encryption methodology, decryption methods become more resource intensive, but the core concept is still relatively the same.

One-time pad

The following attacks on a single pad enable full recovery of the secret key. Suppose that message length and key length are the same as n .

  1. The enemy sends a string consisting of n zeroes into oracle.
  2. Oracle returns a bitwise exclusive-or key with a zero string.
  3. The string returned by oracle is the secret key.

Instructor: Dania Alomar - ppt video online download
src: slideplayer.com


In practice

In the US Navy's cryptanalysts II War found that Japan plans to attack a location referred to as "AF". They believe that the "AF" may be Midway Island, since other locations in the Hawaiian Islands have words that begin with "A". To prove their hypothesis that "AF" is related to "Midway Island" they are asking US troops at Midway to send plaintext messages about low inventory. Japan intercepted the message and immediately reported to their superiors that "AF" was low on water, confirming the Navy's hypothesis and allowing them to position their power to win the battle.

Also during World War II, Allied codebreakers at Bletchley Park occasionally asked the Royal Air Force to put mines in positions with no abbreviations or alternatives in reference to the German naval system grid. The hope is that Germany, looking at the mine, will use the Enigma machine to encrypt warning messages about mines and "all clear" messages after they are removed, providing enough information allies about the message to crack the German naval Enigma. The so-called plaintext planting process is called gardening . The Allied code breaker also helped create messages sent by a double agent Juan Pujol GarcÃÆ'a, whose radio-encrypted reports were received in Madrid, decrypted manually, and then re-encrypted with an Enigma machine to be sent to Berlin. It helps codebreaker decrypt the code used on the second leg, after providing the original text.

In modern times, select-plaintext (CPA) attacks are often used to solve symmetric ciphers. In order to be considered BPA-safe, symmetric ciphers should not be vulnerable to plaintext-selected attacks. Thus, it is important for the symmetric cipher implementers to understand how the attacker will attempt to decode them and make relevant improvements.

For some plaintext-selected attacks, only a fraction of the plaintext may need to be chosen by the attacker; Such attacks are known as plaintext injection attacks.

What is KNOWN-PLAINTEXT ATTACK? What does KNOWN-PLAINTEXT ATTACK ...
src: i.ytimg.com


Relation to another attack

The plaintext-selected attack is stronger than a plaintext-known attack, because an attacker can directly target a particular term or pattern without having to wait for it to appear naturally, enabling faster data collection relevant to a password reading. Therefore, ciphers that prevent plaintext-selected attacks are also safe against known-plaintext and ciphertext-only attacks.

However, the plaintext-selected attack is less powerful than the ciphertext-selected attack, in which the attacker can obtain plaintext ciphertexts arbitrarily. CCA attackers can sometimes damage the secure-BPA system. For example, El Gamal's cipher is safe against selected plaintext attacks, but is vulnerable to ciphertext attacks that are selected because it is unconditionally soft.

Instructor: Dania Alomar - ppt video online download
src: slideplayer.com


See also

  • Known attack-plaintext
  • Selected ciphertext attack
  • Selected attack-adaptive ciphertext
  • Related button attacks

Known-plaintext attack - YouTube
src: i.ytimg.com


References

Source of the article : Wikipedia

Read More Articles:

Comments
0 Comments
Langganan: Posting Komentar (Atom)