Cryptanalysis is the decryption and analysis of codes, ciphers or encrypted text. It goes with other names like (code-breaking and cracking the code).
Basically, cryptanalysis uses mathematical formulas to look for algorithm weaknesses and break into information security systems built with cryptography.
Cryptanalysis generally involves studying cryptographic systems in order to understand how they work and to identify flaws that could be there so as to break into, with or without the key.
The main aim of a cryptanalyst is to be able to decode ciphertexts without knowing:
- The source of the plaintext.
- The encryption key used.
- The algorithm that was used to encode information.
In order to discover the hidden aspects of a system and solve codes, the following traits are common among cryptanalyst:
- Patience, since it takes a lot of time to crack a given code.
- Perseverance, since this is a demanding task and they should not quit failing to break codes.
- Cryptanalyst needs to be good at mathematics.
- A high-performance computer is needed.
- High level of intuition.
It’s a battle between code makers (cryptographers) vs code breakers (cryptanalyst). With all the efforts being made, the field of cryptology has continued to grow and become better day after day.
Are you interested in learning how to break codes?
The Elementary Cryptanalysis – A Mathematical Approach book by Abraham Sinkov is what I would recommend.
In this guide I will be discussing the following:
- Types of cryptanalysis attacks.
- Cryptanalysis examples.
- Text characterization.
- Modern cryptanalysis.
- Cryptanalysis tools.
- Cryptanalyst goals.
- Controls against cryptanalysis attacks.
1) Types of cryptanalysis attacks
These cryptanalysis attacks depend on how much information is known about the ciphertext.
Here are some of the cryptanalytic methods and techniques:
- Known-plaintext Analysis (KPA) – is an attack about ciphertext decryption with known partial plaintext.
- Chosen-plaintext Analysis (CPA) – an attack that makes use of ciphertext that matches arbitrarily selected plaintext through the same algorithm technique.
- Ciphertext-only Analysis (COA) – this attack involves the use of known ciphertext collections.
- Man-in-the-Middle Attack – occurs when two parties use the message or key shared via a communication channel that has been compromised.
- Adaptive Chosen-plaintext Attack (ACPA) – involves the use of chosen plaintext and ciphertext based on data learned from past encryptions.
- Differential cryptanalysis attack – involves analyzing pairs of plaintext to determine how the algorithm under scrutiny works when different types of data are used.
- Integral cryptanalysis – it uses sets of plaintexts in which part of the plaintext is kept constant but the rest of the plaintext is modified.
- Side-channel attack – depends on the information collected from a physical system used to encrypt or decrypt data. Such information includes the time a system takes to respond to queries, power consumption used by the encryption system, and the electromagnetic radiation emitted by the system.
- Dictionary attack – this technique is used against password files based on natural words and known sequences of letters or numbers.
2) Cryptanalysis examples
Cryptographic ciphers can be broken in many ways. Modern cryptographic algorithms are harder to break compared to classical ciphers.
- Read: What does cipher mean.
While caesar cipher may be solved by hand, others like ADFGVX cipher require the use of a computer.
Here are a few cryptanalysis examples and techniques on classical ciphers:
- Cryptanalysis of the playfair cipher.
- Cryptanalysis of the vigenere cipher.
- Cryptanalysis of hill cipher.
3) Text Characterisation
Text characterization is an automatic determination of how close a piece of text is to natural language.
Here are methods a cryptanalyst can use to find the key in order to solve a certain text:
- Counting frequency of the text.
- Identifying patterns.
- Cryptanalysis tool kit.
- Index of the coincidence to estimate the distribution of letter frequency in a given language.
- Unicity distance.
- Quadgram statistics, which involve adding up all likelihoods of ciphertext appearing in a length of four blocks to determine how close the code is to a given language (English).
4) Modern cryptanalysis
Most of the modern techniques are about differential power analysis and timing.
Here are a few modern cryptanalysis techniques:
- Measurement of differences in electricity consumption when the system is encrypting.
- Social engineering, tricking individuals into giving them: passwords and keys.
- Exploiting a weakness known with a specific cryptosystem.
- Using Trojan horse viruses to steal private keys from personal computers.
5) Cryptanalysis tools
Here are tools and resourses that you can use to learn more about cryptanalysis:
- CrypTool – this has e-learning programs and also a web portal for learning cryptanalysis and cryptographic algorithms.
- Ganzúa – is an open source cryptanalysis tool used for classical polyalphabetic and monoalphabetic ciphers.
- Cryptol – helps users monitor how algorithms operate in software programs that use specific algorithms and ciphers.
- CryptoBench – this is a program used to do cryptanalysis of ciphertext generated with most common algorithms.
6) Cryptanalysts goals
Here are goals an attacker/cryptanalyst maybe after when trying to break into a system:
- Total break – to find the secret key.
- Global deduction – to find a functionally equivalent algorithm for encryption and decryption that does not need the secret key.
- Information deduction – to gain some information about plaintexts or ciphertexts that were not known before.
- Distinguishing algorithm – to distinguish the output of the encryption or ciphertext from a random permutation of bits.
7) Controls against cryptanalysis attacks
Here controls and precautions to take to prevent cryptanalytic attacks:
- Instead of designing your own personal algorithm, use the proven existing ones already.
- Use cryptographic algorithms with the best-recommended key sizes.
- Ensure correct use of any given algorithm.
- Generate key material using good sources of randomness and avoid known weak keys.
- Use the already proven protocols and their correct implementations.
- Choose initialization vectors with good random numbers.
- Use the most appropriate cryptographic algorithm depending on the data.
Now I want to hear from you.
What are some of your favorite techniques for breaking codes?
Or maybe I missed an important aspect of cryptanalysis.
Either way, let me know by leaving a comment below.