Attack Models for Cryptanalysis
Attacking a cipher or a cryptographic system may lead to breaking it fully or only partially. After compromising the security, the attacker may obtain various amounts and kinds of information.
Lars Knudsen, a Danish researcher, proposed the following division for determining the scale of attacker's success:
- Total break: deducing and obtaining a secret key.
- Global deduction: discovering an algorithm, which allows to decrypt many messages, without knowing the actual secret key.
- Local deduction: discovering an original plaintext of the specific given ciphertext.
- Information deduction: obtaining some information about the secret key or original message (for example, a few bits of the key or information about a plaintext format).
The best ciphers should protect against all the cipher's failures levels mentioned above. No attack should be able to reveal any information related to the secret key and plaintext messages.
Types of cryptographic attacks
The following main types of theoretical attack models can be defined:
- Known-plaintext attack
- Chosen-plaintext attack
- Ciphertext-only (known ciphertext) attack
- Chosen-ciphertext attack
- Chosen-key attack
Within the groups defined above, the following attacks can be highlighted:
- Brute force attack
- Man-in-the-middle attack
- Attack on Two-Time Pad
- KRACK attack
- Frequency analysis
- Meet-in-the-middle attack
- Replay attack
- Homograph attack
It seems to be worth mentioning that there are two more effective methods of breaking ciphers. A purchase-key attack involves using bribery for obtaining secret keys or other protected information. Whereas, in the so-called rubber-hose method blackmail, threats, and torture are the means used for obtaining the desirable secret information.