Known-plaintext attack

Last updated

The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib) and its encrypted version (ciphertext). These can be used to reveal secret keys and code books. The term "crib" originated at Bletchley Park, the British World War II decryption operation, where it was defined as:

Contents

A plain language (or code) passage of any length, usually obtained by solving one or more cipher or code messages, and occurring or believed likely to occur in a different cipher or code message, which it may provide a means of solving. [1] [2]

The Bletchley Park 1944 Cryptographic Dictionary formatted by Tony Sale, 2001 (PDF), p. 22

History

The usage "crib" was adapted from a slang term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlinear translation of a foreign-language text—usually a Latin or Greek text—that students might be assigned to translate from the original language.

The idea behind a crib is that cryptologists were looking at incomprehensible ciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect.

In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. The Bletchley Park team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the word Wetter (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in the Qattara Depression consistently reported that he had nothing to report. [3] "Heil Hitler," occurring at the end of a message, is another well-known example. [4]

At Bletchley Park in World War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to "seed" a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines. [5]

The Germans themselves could be very accommodating in this regard. Whenever any of the turned German Double-Cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin.

When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out, Alan Turing reviewed decrypted messages and determined that the number "eins" ("one") was the most common string in the plaintext (Benford's law). He automated the crib process, creating the Eins Catalogue, which assumed that "eins" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma. [6]

The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX"). [7]

The United States and Britain used one-time tape systems, such as the 5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one-time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, including cutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in an infamous incident during World War II when the nonsense padding added to a message sent to American admiral William Halsey Jr., "the world wonders", was not nonsensical enough and was interpreted as part of the actual message, leading Halsey to change his plans.

The KL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack. [8] :p.37

Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs.

See also

Notes

  1. Gordon Welchman, The Hut Six Story: Breaking the Enigma Codes, p. 78.
  2. Michael Smith, "How It Began: Bletchley Park Goes to War," in B. Jack Copeland, ed., Colossus: The Secrets of Bletchley Park's Codebreaking Computers.
  3. Lee, Loyd E. (1991). World War II: Crucible of the Contemporary World: Commentary and Readings. New York: M. E. Sharpe. p. 240. ISBN   0-87332-731-4.
  4. Geggel, Laura (29 May 2019). "Nazi Code-Making Enigma Machine Is Up for Auction". Live Science. Retrieved 31 August 2020.
  5. Singh, Simon (1999). The Code Book . New York: Arrow. p.  184. ISBN   0-385-49532-3.
  6. Hofstadter, D.; Teuscher, Christof (2004). Alan Turing : life and legacy of a great thinker. Berlin New York: Springer. p. 455. ISBN   3540200207.
  7. Marian Rejewski, "Summary of Our Methods for Reconstructing ENIGMA and Reconstructing Daily Keys, and of German Efforts to Frustrate Those Methods," Appendix C to Władysław Kozaczuk, Enigma, 1984, pp. 243–44.
  8. A History of U.S. Communications Security; the David G. Boak Lectures, National Security Agency (NSA), Volumes I, 1973, partially released 2008, additional portions declassified October 14, 2015, Quote: The KL-7 "was our first machine designed to serve very large nets which could stand matched plain and cipher text. For the first time, the man in the cryptocenter could take a message and simply type it into the machine as written, without changing the spacing between words, or cutting the message in half and sending the last part first. and without having to paraphrase the message text before it was released."

Related Research Articles

<span class="mw-page-title-main">Cryptanalysis</span> Study of analyzing information systems in order to discover their hidden aspects

Cryptanalysis refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.

<span class="mw-page-title-main">Enigma machine</span> German cipher machine

The Enigma machine is a cipher device developed and used in the early- to mid-20th century to protect commercial, diplomatic, and military communication. It was employed extensively by Nazi Germany during World War II, in all branches of the German military. The Enigma machine was considered so secure that it was used to encipher the most top-secret messages.

A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts. The goal of the attack is to gain information that reduces the security of the encryption scheme.

<span class="mw-page-title-main">Ciphertext</span> Encrypted information

In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it. This process prevents the loss of sensitive information via hacking. Decryption, the inverse of encryption, is the process of turning ciphertext into readable plaintext. Ciphertext is not to be confused with codetext because the latter is a result of a code, not a cipher.

In cryptanalysis, gardening is the act of encouraging a target to use known plaintext in an encrypted message. It was a term used at the British Government Code and Cypher School at Bletchley Park, England, during World War II, for schemes to entice the Germans to include particular words, which the British called "cribs", in their encrypted messages. This term presumably came from RAF minelaying missions, or "gardening" sorties. "Gardening" was standard RAF slang for sowing mines in rivers, ports and oceans from low heights, possibly because each sea area around the European coasts was given a code-name of flowers or vegetables.

<span class="mw-page-title-main">Bombe</span> Codebreaking device created at Bletchley Park (United Kingdom)

The bombe was an electro-mechanical device used by British cryptologists to help decipher German Enigma-machine-encrypted secret messages during World War II. The US Navy and US Army later produced their own machines to the same functional specification, albeit engineered differently both from each other and from Polish and British bombes.

The Cipher Bureau was the interwar Polish General Staff's Second Department's unit charged with SIGINT and both cryptography and cryptanalysis.

<span class="mw-page-title-main">Bomba (cryptography)</span> Polish decryption device

The bomba, or bomba kryptologiczna, was a special-purpose machine designed around October 1938 by Polish Cipher Bureau cryptologist Marian Rejewski to break German Enigma-machine ciphers.

Cryptanalysis of the Enigma ciphering system enabled the western Allies in World War II to read substantial amounts of Morse-coded radio communications of the Axis powers that had been enciphered using Enigma machines. This yielded military intelligence which, along with that from other decrypted Axis radio and teleprinter transmissions, was given the codename Ultra.

Cryptography was used extensively during World War II because of the importance of radio communication and the ease of radio interception. The nations involved fielded a plethora of code and cipher systems, many of the latter using rotor machines. As a result, the theoretical and practical aspects of cryptanalysis, or codebreaking, were much advanced.

<span class="mw-page-title-main">Zygalski sheets</span> Cryptologic technique used in World War II

The method of Zygalski sheets was a cryptologic technique used by the Polish Cipher Bureau before and during World War II, and during the war also by British cryptologists at Bletchley Park, to decrypt messages enciphered on German Enigma machines.

Alfred Dillwyn "Dilly" Knox, CMG was a British classics scholar and papyrologist at King's College, Cambridge and a codebreaker. As a member of the Room 40 codebreaking unit he helped decrypt the Zimmermann Telegram which brought the USA into the First World War. He then joined the Government Code and Cypher School (GC&CS).

Harold Hall "Doc" Keen (1894–1973) was a British engineer who produced the engineering design, and oversaw the construction of, the British bombe, a codebreaking machine used in World War II to read German messages sent using the Enigma machine. He was known as "Doc" Keen because of his habit of carrying tools and paperwork in a case resembling a doctor's bag. After the war he was awarded the O.B.E.

<span class="mw-page-title-main">Cyclometer</span> Cryptologic device

The cyclometer was a cryptologic device designed, "probably in 1934 or 1935," by Marian Rejewski of the Polish Cipher Bureau's German section (BS-4) to facilitate decryption of German Enigma ciphertext. The original machines are believed to have been destroyed shortly before the German invasion of Poland that launched the Second World War, to prevent the Germans learning that their cipher had been broken.

In cryptography, the clock was a method devised by Polish mathematician-cryptologist Jerzy Różycki, at the Polish General Staff's Cipher Bureau, to facilitate decrypting German Enigma ciphers. The method determined the rightmost rotor in the German Enigma by exploiting the different turnover positions. For the Poles, learning the rightmost rotor reduced the rotor-order search space by a factor of 3. The British improved the method, and it allowed them to use their limited number of bombes more effectively.

In cryptanalysis, attack models or attack types are a classification of cryptographic attacks specifying the kind of access a cryptanalyst has to a system under attack when attempting to "break" an encrypted message generated by the system. The greater the access the cryptanalyst has to the system, the more useful information they can get to utilize for breaking the cypher.

John William Jamieson Herivel was a British science historian and World War II codebreaker at Bletchley Park.

<span class="mw-page-title-main">Marian Rejewski</span> Polish mathematician and cryptologist (1905–1980)

Marian Adam Rejewski was a Polish mathematician and cryptologist who in late 1932 reconstructed the sight-unseen Nazi German military Enigma cipher machine, aided by limited documents obtained by French military intelligence. Over the next nearly seven years, Rejewski and fellow mathematician-cryptologists Jerzy Różycki and Henryk Zygalski developed and used techniques and equipment to decrypt the German machine ciphers, even as the Germans introduced modifications to their equipment and encryption procedures. Five weeks before the outbreak of World War II in Europe, the Poles shared their technological achievements with the French and British at a conference in Warsaw, thus enabling Britain to begin reading German Enigma-encrypted messages, seven years after Rejewski's original reconstruction of the machine. The intelligence that was gained by the British from Enigma decrypts formed part of what was code-named Ultra and contributed—perhaps decisively—to the defeat of Nazi Germany.

Turingery or Turing's method was a manual codebreaking method devised in July 1942 by the mathematician and cryptanalyst Alan Turing at the British Government Code and Cypher School at Bletchley Park during World War II. It was for use in cryptanalysis of the Lorenz cipher produced by the SZ40 and SZ42 teleprinter rotor stream cipher machines, one of the Germans' Geheimschreiber machines. The British codenamed non-Morse traffic "Fish", and that from this machine "Tunny".

Wahlwort is a cryptographic term used particularly in connection with the Wehrmacht, which used wahlworts on their Enigma rotor machine in the encryption of their communication in World War II. The term describes a randomly selected word which was inserted at the beginning or end of the radiogram plaintext. The wahlwort was intended to hinder the enemy's cryptanalysis and prevent the decryption of the ciphertext.

References