 | This article has multiple issues. Please helpimprove it or discuss these issues on thetalk page.(Learn how and when to remove these messages) (Learn how and when to remove this message)
|
Incryptography, aciphertext-only attack (COA) orknown ciphertext attack is anattack model forcryptanalysis where the attacker is assumed to have access only to a set ofciphertexts. While the attacker has no channel providing access to the plaintext prior to encryption, in all practical ciphertext-only attacks, the attacker still has some knowledge of the plaintext. For instance, the attacker might know the language in which the plaintext is written or the expected statistical distribution of characters in the plaintext. Standard protocol data and messages are commonly part of the plaintext in many deployed systems, and can usually be guessed or known efficiently as part of a ciphertext-only attack on these systems.
The attack is completely successful if the correspondingplaintexts can be deduced, or even better, thekey. The ability to obtain any information at all about the underlying plaintext beyond what was pre-known to the attacker is still considered a success. For example, if an adversary is sending ciphertext continuously to maintaintraffic-flow security, it would be very useful to be able to distinguish real messages from nulls. Even making an informed guess of the existence of real messages would facilitatetraffic analysis.
In thehistory of cryptography, early ciphers, implemented using pen-and-paper, were routinely broken using ciphertexts alone. Cryptographers developed statistical techniques for attacking ciphertext, such asfrequency analysis. Mechanical encryption devices such asEnigma made these attacks much more difficult (although, historically, Polish cryptographers were able to mount a successful ciphertext-onlycryptanalysis of the Enigma by exploiting an insecure protocol for indicating the message settings). More advanced ciphertext-only attacks on the Enigma were mounted inBletchley Park duringWorld War II, by intelligently guessing plaintexts corresponding to intercepted ciphertexts.
Every moderncipher attempts to provide protection against ciphertext-only attacks. The vetting process for a new cipher design standard usually takes many years and includes exhaustive testing of large quantities of ciphertext for any statistical departure from random noise.See:Advanced Encryption Standard process. Also, the field ofsteganography evolved, in part, to develop methods likemimic functions that allow one piece of data to adopt the statistical profile of another. Nonetheless, poor cipher usage or reliance on home-grown proprietary algorithms that have not been subject to thorough scrutiny has resulted in many computer-age encryption systems that are still subject to ciphertext-only attack. Examples include:
