# Cryptography Basics, Part 2: Attack Models for Cryptanalysis

Welcome back, my aspiring cyber warriors!

In an earlier tutorial, I tried to explain some of the __basic concepts and terms of cryptography__. Not only are those terms and concepts key to becoming effective in the world of cyber security, but they are required to pass such certification exams such as the CISSP, CWA, Security+ and many others.

In this tutorial we will address the various attack models for cryptanalysis. In other words, what methods can a cryptanalyst use to break the encryption without knowing the key. Besides being fascinating, you are likely to find these methods, concepts and analysis on the CISSP and CASP exams.

**Terminology**

Some terminology before we begin.

**plaintext - text that has not been encrypted**

**ciphertext - text that has been encrypted**

**cryptanalyst - person knowledgeable in breaking encryption without the key**

**cipher - a way of hiding the content and message of plaintext**

We can divide these methods into four types and further classify them as passive and active.

Let's look at the passive methods first.

**Passive**

**Ciphertext-Only Attackers (COA)**

In this attack on the encryption, attacker/cryptanalyst can only observe the ciphertext. In order words, they can only see what all of us see, what appears to be indecipherable nonsense that comes out after the encryption such as that below.

The cryptananlyst doesn't have any of the plaintexts that went into the encryption algorithm, they have no idea what plaintexts created the ciphertexts, and they are totally passive (they can't send known--their own-- plaintext through the algorithm and observe the ciphertext).

Most encryption algorithms are NOT vulnerable to this type of attack and the attackers/cryptanalyst's probability of success is VERY low.

**Known-Plaintext Attack (KPA)**

In this attack, the attacker/cryptanalysts know the plaintext that generates the ciphertext. They can't select the plaintext, but they can observe plaintext-ciphertext pairs. This attack has a significantly better chance of success than COA. Simple XOR ciphers and the old PKZIP were vulnerable to this attack.

From a historical context, this is one of the approaches taken at Bletchley Park by Allen Turing and his team to decipher the Nazi messages generated by the German Enigma machine (they knew that the German messages had some common plaintext in their messages such as headers and weather forecasts).

Now, Let's look at two active attacks.

**Active Attacks**

**Chosen-Plaintext Attack (CPA)**

In this attack, the attacker/cryptanalyst can select or choose the plaintext that is sent through the encryption algorithm and observe the ciphertext that it generates. This is an active model where the attacker actually gets to chose the plaintext and do the encryption.

Being able to chose any plaintext and observing the ciphertext gives the attacker a strong foothold into the inner workings of the algorithm and secret key. One approach here would be to generate a database of popular plaintexts and ciphertexts and then use this database of common plaintext-ciphertext pairs to determine the cipher text input.

As you might imagine, by being able to select the plaintext and observe the ciphertext, the chances of breaking the encryption is significantly improved.

**Chosen-Ciphertext Attack**

In this attack, the attacker can both encrypt and decrypt. This means that they can select plaintext, encrypt it, observe the ciphertext and then reverse the entire process. Note that the cryptanalyst is not necessarily trying to find the plaintext, but rather is trying to decipher the algorithm and secret key used to encrypt the plaintext.

This model has a good probability of success.

**Summary**

Although this information might seem a bit geeky and obscure, the professional-level cyber warrior must be conversant in these techniques and concepts.