Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [ciphertext-only-attack]

A cyphertext-only attack is a form of cryptographic attack in which the attacker possesses only the encrypted message, with no corresponding plain text or segment of the key to work with.

A cyphertext-only attack is a form of cryptographic attack in which the attacker possesses only the encrypted message, with no corresponding plain text or segment of the key to work with. He may have information about what the plaintext packet may be (for example, "it's ASCII-encoded English text")

45 questions
21
votes
1 answer

How to attack a "many-time pad" based on what happens when an ASCII space is XORed with a letter?

I've already sent my correct solution to a homework exercise from Dan Boneh's Introduction to Cryptography class on Coursera: "Let us see what goes wrong when a stream cipher key is used more than once. Below are eleven hex-encoded ciphertexts that…
sunrise
  • 321
  • 1
  • 2
  • 5
14
votes
4 answers

Why is a known-plaintext attack considered a complete break?

I read somewhere that if a cipher has a known-plaintext attack, then it is considered completely broken. Say there is a cipher that someone uses where the algorithm is understood and a known-plaintext attack is trivial to perform, however a…
Danegraphics
  • 251
  • 2
  • 6
11
votes
2 answers

Measuring entropy for a ciphertext only attack

When bruteforcing a password (e.g. the common attacks on DES), where you have ciphertext only, you need a way to assess whether a decrypted plaintext is the right one. I believe the EFF DES machine does this by checking if the chars are printable. …
S. Robert James
  • 329
  • 4
  • 8
7
votes
2 answers

How does cryptanalysis of the Playfair cipher work?

I have a set of Playfair-enciphered data that I'm trying to crack without the key. I know I need to analyse bigrams; I've currently worked out what decrypts to th, er, in, and he, and have figured out where th and he are in the grid. However, now…
helpneeded123
  • 71
  • 1
  • 3
7
votes
2 answers

For public-key encryption, why does COA resistance imply CPA resistance?

My professor told me: If a public-key crypto-system is secure against ciphertext-only attacks, then it is also secure against a chosen-plaintext attack. Why is this true? Is there a proof that confirms this?
Bobby S
  • 1,973
  • 4
  • 23
  • 30
5
votes
1 answer

Are ciphertext-only attacks on LFSRs possible?

Reading about LFSR, I know that breaking an LFSR by knowing it's design and having enough (plaintext, ciphertext) pairs is an relatively easy task but let's assume we know the design of LFSR and a just a long ciphertext, which is the result of…
Mehran Torki
  • 302
  • 2
  • 13
4
votes
2 answers

How to decrypt two images encrypted using XOR with the same key?

I am trying to solve the following puzzle from CryptoHack involving two images encrypted with the same key: I've hidden two cool images by XOR with the same secret key so you can't see them! lemur.png flag.png If I compare both images using an…
user93353
  • 2,348
  • 3
  • 28
  • 49
4
votes
1 answer

Attacking historical ciphers methodology

It's more a theoretical question of how would you approach it. All you know about the ciphertext it's was generated with a historical cipher. The ciphertext appears to be random, BUT it's divided into sets of six letters. By historical ciphers I…
Adam
  • 41
  • 2
4
votes
3 answers

Is this "layered" XOR cipher secure?

I am aware of the vulnerabilities of simple xor ciphers and recently I came across a block cipher that claims to solve those vulnerabilities. The cipher goes as follows with both the block and key sizes at 256-bits: the key is separated into chunks…
Chris Smith
  • 1,202
  • 1
  • 11
  • 18
4
votes
2 answers

Textbook RSA Attacks

Given textbook RSA encryption, if an attacker obtains the ciphertext and has the public key that was used, can he or she decrypt said ciphertext without calculating the private key?
user41131
4
votes
1 answer

How to attack polyalphabetic affine cipher with only ciphertext?

How to attack polyalphabetic affine cipher with only the ciphertext? A polyalphabetic affine cipher can be seen as the composition of an affine cipher ($p \mapsto c \equiv a \times p + b \pmod{26})$ and a Vigenère cipher. Consider we have a key such…
Retikulum
  • 41
  • 1
  • 3
4
votes
2 answers

Given a pseudorandom function F, is $(F_k(r) \; | \; F_k(r + 1))$ also a PRF?

Given: F is a pseudorandom function, G is a pseudorandom generator with $l(n) = n+1$. The following schemes should be classified as being insecure, IND-COA secure, IND-CPA secure. To encrypt $m \in \{0, 1\}^{n+1}$ choose a random $r \leftarrow \{0,…
Lemon
  • 411
  • 6
  • 13
4
votes
1 answer

Deciphering “easy” ciphers without hints

I've been keen on IT Security for a long time now and I've learned a lot about networking & security. However trying a "decryption challenge" I'm lacking what I think is basic encryption/decryption knowledge. So I've got a ciphertext without knowing…
UsuallyNot
  • 93
  • 6
4
votes
3 answers

Ciphertext-only attacks on randomly permuted many-time-pad

Consider the encryption scheme where an $n$-bit message $m$ is encrypted with an $n$-bit key $k$ by randomly choosing a permutation $\pi$ of $1,2,3,\dots,n$, and the ciphertext is the pair $(\pi, \pi(m) \oplus k)$ (where $\pi(m)$ is the bits of $m$…
Command Master
  • 351
  • 3
  • 11
3
votes
1 answer

Identity Based Encryption: Known Random Value

Let's consider a situation whereby: Alice generates a ciphertext c from a message m using Bob’s ID. An attacker Carol can get c from the open channel. She knows that c is generated by using Bob’s ID but she does not know Bob’s secret key. On…
Jeevan Pillay
  • 39
  • 3
1
2 3