Theknown-plaintext attack (KPA) is anattack model forcryptanalysis where the attacker has access to both theplaintext (called acrib) and itsencrypted version (ciphertext). These can be used to revealsecret keys andcode books. The term "crib" originated atBletchley Park, the BritishWorld War II decryption operation, where it was defined as:
A plain language (or code) passage of any length, usually obtained by solving one or more cipher or code messages, and occurring or believed likely to occur in a different cipher or code message, which it may provide a means of solving.[1][2]
History
editThe usage "crib" was adapted from aslang term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlineartranslation of a foreign-language text—usually aLatin orGreek text—that students might be assigned to translate from the original language.
The idea behind a crib is that cryptologists were looking at incomprehensibleciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect.
In the case ofEnigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. TheBletchley Park team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the wordWetter (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in theQattara Depression consistently reported that he had nothing to report.[3]"Heil Hitler," occurring at the end of a message, is another well-known example.[4]
At Bletchley Park inWorld War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask theRoyal Air Force to "seed" a particular area in theNorth Sea withmines (a process that came to be known asgardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines.[5]
The Germans themselves could be very accommodating in this regard. Whenever any of the turned GermanDouble-Cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin.
When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out,Alan Turing reviewed decrypted messages and determined that the number "eins" ("one") was the most common string in the plaintext (Benford's law). He automated the crib process, creating theEins Catalogue, which assumed that "eins" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma.[6]
The PolishCipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX").[7]
The United States and Britain usedone-time tape systems, such as the5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one-time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, includingcutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in an infamous incident during World War II when the nonsense padding "the world wonders" was not nonsensical enough and was misinterpreted as part of the actual message, leading American admiralWilliam Halsey Jr. to change his plans.
TheKL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack.[8]: p.37
Classical ciphers are typically vulnerable to known-plaintext attack. For example, aCaesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A generalmonoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs.
See also
editNotes
edit- ^Gordon Welchman,The Hut Six Story: Breaking the Enigma Codes, p. 78.
- ^Michael Smith, "How It Began: Bletchley Park Goes to War," inB. Jack Copeland, ed.,Colossus: The Secrets of Bletchley Park's Codebreaking Computers.
- ^Lee, Loyd E. (1991).World War II: Crucible of the Contemporary World: Commentary and Readings. New York: M. E. Sharpe. p. 240.ISBN 0-87332-731-4.
- ^Geggel, Laura (29 May 2019)."Nazi Code-Making Enigma Machine Is Up for Auction".Live Science. Retrieved31 August 2020.
- ^Singh, Simon (1999).The Code Book. New York: Arrow. p. 184.ISBN 0-385-49532-3.
- ^Hofstadter, D.; Teuscher, Christof (2004).Alan Turing : life and legacy of a great thinker. Berlin New York: Springer. p. 455.ISBN 3540200207.
- ^Marian Rejewski, "Summary of Our Methods for Reconstructing ENIGMA and Reconstructing Daily Keys, and of German Efforts to Frustrate Those Methods," Appendix C toWładysław Kozaczuk,Enigma, 1984, pp. 243–44.
- ^A History of U.S. Communications Security; the David G. Boak Lectures, National Security Agency (NSA), Volumes I, 1973, partially released 2008, additional portions declassified October 14, 2015, Quote: The KL-7 "was our first machine designed to serve very large nets which could stand matched plain and cipher text. For the first time, the man in the cryptocenter could take a message and simply type it into the machine as written, without changing the spacing between words, or cutting the message in half and sending the last part first. and without having to paraphrase the message text before it was released."
References
edit- Władysław Kozaczuk,Enigma: How the German Machine Cipher Was Broken, and How It Was Read by the Allies in World War Two, edited and translated byChristopher Kasparek, Frederick, MD, University Publications of America, 1984,ISBN 0-89093-547-5.
- Marian Rejewski, "Summary of Our Methods for Reconstructing ENIGMA and Reconstructing Daily Keys, and of German Efforts to Frustrate Those Methods," Appendix C toWładysław Kozaczuk,Enigma, 1984, pp. 241–45.
- Welchman, Gordon (1982),The Hut Six Story: Breaking the Enigma Codes, Harmondsworth: Allen Lane,ISBN 0-7139-1294-4
- Smith, Michael (2006), "How It Began: Bletchley Park Goes to War", inCopeland, B. Jack (ed.),Colossus: The Secrets of Bletchley Park's Codebreaking Computers, Oxford: Oxford University Press,ISBN 978-0-19-284055-4
- Geggel, Laura (29 May 2019)."Nazi Code-Making Enigma Machine Is Up for Auction".Live Science. Retrieved31 August 2020.