ου γαρ εστιν κρυπτον ο ου φανερον γενησεται ουδε αποκρυφον ο ου γνωσθησεται και εις φανερον ελθη
Wersja PL ENG Version

Chosen-ciphertext attack

A cryptanalyst can analyze chosen ciphertexts together with corresponding plaintexts. His goal is to acquire a secret key or to get as many information about the attacked system, as possible.

The attacker has capability to make the victim (who knows the secret key) decrypt a selected ciphertext and send him the result. Analyzing the chosen ciphertext and corresponding received plaintext, the intruder tries to guess the secret key which was used by the victim.

Chosen-ciphertext attacks are usually used for breaking systems with public key encryption. For example, early versions of RSA cipher were vulnerable to such attacks. They are used less often for attacking systems protected by symmetric ciphers. Some self-synchronizing stream ciphers were attacked in that way.

Adaptive-chosen-ciphertext attack

In this kind of chosen-ciphertext attack, an attacker can obtains different ciphertexts - this means that they may be chosen adaptively before or after sending them to the attacker.

There are few practical adaptive-chosen-ciphertext attacks and rather this model is used for analysing security of a given system. Proving that this attack doesn't break the security confirms that any realistic chosen-ciphertext attack cannot be succeed.