Score:1

Is it allowable to put a restriction on the length of the plaintext used in the known-plaintext attack?

us flag

The definition of the known-plaintext attack: I have a plaintext and I can encrypt it to have its ciphertext, then I use this pair to break the cipher.

The question: The only thing I further assume is the length of the used known plaintext, not its content. Is this allowable in the known-plaintext attack?

A note: I think if it is not allowable, then the attack should work with whatever pair of plaintext and ciphertext the attacker has to deal with to the point of one-bit plaintext.

Score:1
dz flag

I would say this is no longer a known-plaintext attack.

My reasoning is to start with a ciphertext-only attack, and see what we can determine about the plaintext length.

  • For most classical ciphers, the plaintext length and ciphertext length are equal, and for algorithms like Playfair or ADFGVX the lengths may not be equal, but the plaintext length can be easily determined from the ciphertext, so the attacker doesn't really have any new information.
  • [Edit] In some cases, such as "The world wonders" message, the length would be new information, but even then you don't know exactly where the real message begins and ends.
  • For modern ciphers, the ciphertext would be (depending on the mode) some combination of IV, plaintext, padding, and authentication tag. The lengths of the IV and authentication tag would be known from the algorithm, so only the padding (if present) would be a new piece of information, and I don't see that as that much help.

The information available to the attacker is almost the same as a ciphertext-only attack, so I would call this a slightly enhanced ciphertext-only attack, rather than a known-plaintext attack.

user2357 avatar
us flag
But with your reasoning, the attack should work with whatever pair the attacker has to deal with to the point of one-bit plain text.
user2357 avatar
us flag
Thanks for missioning the confusion with the ciphertext attack. It is the core of my confusion.
user2357 avatar
us flag
So, what do you think of my first comment?
Eugene Styer avatar
dz flag
I didn't say the attack would work, just that you have roughly the same information. With a modern cipher, it shouldn't be doable in either case. For example, if "AQZW" is encrypted using monoalphabetic substitution, the plaintext could be "rail", "bath", "your" or many other words, and a ciphertext-only attack would not be able to determine which one is correct.
user2357 avatar
us flag
I meant to say that the known-plaintext attack should be entitled to work with whatever known-plaintext the attacker, is this the case?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.