CRYPTANALYSIS: ART OF BREAKING CODES

What is Cryptanalysis?

Cryptanalysis is the reverse of cryptography. It is unauthorized decoding, i.e. decoding without actually having the secret information or the secret key that is typically required to do so. The word crypt analysis is derived from the Greek word Kryptos meaning ‘hidden’ and aniline meaning ‘analyze’.

In simple terms, cryptanalysis is Code Breaking or Cracking. To decrypt the ciphertext without actually knowing the plain text source, encryption key, or the algorithm used to encrypt it.

Cryptographic Attack

Any confidential information, called the plaintext which has to be sent to the recipient by a sender is first converted into an unreadable form called ciphertext using an encryption algorithm. The ciphertext is sent through an insecure channel to the recipient. The recipient then decrypts the ciphertext by applying the decryption algorithm to recover the plain text.

To decrypt the ciphertext one needs the cryptographic key or the decryption algorithm, so if the unauthorized person gets access to the ciphertext during transmission, without the secret key or the cryptographic key they cannot convert it back to the plain text. Hence the goal of the cryptanalysis is for a third party, a cryptanalyst, to gain as much information as possible from the ciphertext. It attempts to break the encryption to read the plaintext and learn the secret key so future messages can be decrypted and read. This process of this unauthorized access or unauthorized codebreaking is called a ‘Cryptographic Attack’.

Role of Cryptanalyst:

Cryptanalysis plays a very Important role in evaluating the security of cryptographic systems. Hence, the more difficult it is to crack a cryptographic system using cryptanalysis, the more secure any system is.

The diagram below shows the main work and responsibility of a cryptanalyst.

How Does Cryptanalysis Work?

Cryptanalysis uses a wide range of tools, techniques, and methods to decode the ciphertext. This includes:

• Mathematical analysis: The use of mathematical principles and algorithms to find weaknesses in a cryptographic system. It might use mathematical properties to find certain algorithms, patterns, or relationships in the encrypted text and detect vulnerabilities in the encryption key itself.
• Frequency analysis: It is the study of how frequently letters, symbols, or patterns are used in the encrypted message. This technique is especially effective against “substitution ciphers,” where each letter or symbol in the plaintext is simply replaced with some other letter.
• Pattern recognition: Identifying the repetitive sequences, symbols, or patterns in the ciphertext. Continuous patterns may correspond to common words or phrases like “the” or “and”, helping cryptanalysts to decrypt the message.

Types of Cryptanalysis techniques and Attack Model:

The work of a Cryptanalyst is acquired through many ways like espionage, betrayal, hit and try or reverse engineering, etc. This is classified into many types:

1. Ciphertext only: The attacker has access to a collection of ciphertext or coded text only.
2. Known-plaintext [KPA]: The attacker has ciphertexts to which they know the corresponding plaintext, which might be useful to decode other ciphertexts.
3. Chosen-plaintext (or chosen-ciphertext) [CPA]: The attacker can get the ciphertexts (or plaintexts) corresponding to an irrational set of plaintexts (or ciphertexts) of their choice.
4. Adaptive chosen-plaintext [ACPA]: It is like a chosen-plaintext attack, except the attacker can choose successive plaintexts based on information that is learned from the previous encryptions.
5. Related-key attack: Here the attacker can retrieve ciphertexts encrypted under two different keys. The keys are unknown, but their relationship is known; for example, two keys that might differ by just one bit.

These are the most common cryptanalytic attacks.

Challenges Faced

Cryptanalysis is a challenging area of study. The following are some of the major challenges faced by today’s cryptanalysts:

• Key size and algorithm complexity: When a large key is used to encrypt information, the higher number of possible keys might be used in encryption algorithm, which makes the algorithm more complex, anf the attacks more difficult or impossible at a human timescale.
• Encryption protocols: Cryptanalysis is not just focused on the mathematical properties of any encryption method, but also on the implementation of it in real-world encryption protocols. So, weaknesses in this implementation are often open to attack than the algorithm itself.
• Lack of KPA and CPA attacks: Known-plaintext and chosen-plaintext attacks are the best-case scenarios for attackers who seek and understanding of an algorithm’s behavior. However, in the real world, it is very rare for any cryptanalysts to have access to large amounts of data — they may only have ciphertext or only plaintext to analyze.

Is Cryptanalysis Ethical?

Cryptanalysis has many issues, controversies, and considerations. The would-be cryptanalysts have to obey some of the ethical boundaries and responsibilities. Those guidelines are:

• Authorization: Cryptanalysis should only be carried out only with the target’s permission, it is ethical way. Attempting to break encryption schemes without authorization is considered illegal.
• Privacy and data protection: Encryption is used on data, because it is sensitive or confidential (personal data, healthcare records, or financial details etc). Cryptanalysts must preserve data privacy even when the encryption algorithm is successfully cracked.
• Responsible disclosure: When cryptanalysts discover a vulnerability in a cryptographic system, it should be reported as soon as possible, so they can discreetly fix the issue rather than making a public announcement.

Written By: NANDNI JOSHI