Score:0

Do attackers need to know what ciphers are being used when conducting ciphertext-only, known plaintext, chosen plaintext, and chosen ciphertext attack

br flag

I am trying to understand the basic ingredients needed to conduct various types of cryptanalytical attacks.

For instance, I understand that for Ciphertext-Only Attacks (COA) an attacker only has access to ciphertext.

With Known Plaintext Attacks (KPA), attackers have some ciphertext and possess or deduce with reasonable certainty some portion of plaintext.

Chosen Plaintext Attacks (CPA) involve being able to feed plaintext into the encryption system and observing the resulting ciphertext. Chosen Ciphertext Attacks (CCA) are the same but where the attacker has access to the decryption system instead.

I also understand that the ultimate goal of the attacker is to obtain the keys needed to decrypt ciphertext.

My question is: Are these ingredients (ciphertext, plaintext, access to systems) all there is to it? Don't attackers also need to know what ciphers are being used, or do these attacks also allow ciphers to be deduced?

kelalaka avatar
in flag
Welcome to [cryptography.se]. I found your question rather broad. The ultimate goal of the adversary is to decrypt the plaintext and accessing the key is bonus. Read [kerchhoff principles](https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle) to understand that the only secret is the key.
Score:1
my flag

I also understand that the ultimate goal of the attacker is to obtain the keys needed to decrypt ciphertext.

Actually, the attacker's goal is to gain some information (that he didn't already have) about the plaintext; if he can recover the key, that's fine - if he can recover some other information about the plaintext (even if he still doesn't know what the key is), he wins as well. Consider the Sweet32 attack, which yields absolutely no information about the key, however it does obtain information about the plaintext.

Are these ingredients (ciphertext, plaintext, access to systems) all there is to it? Don't attackers also need to know what ciphers are being used, or do these attacks also allow ciphers to be deduced?

It is generally assumed that the attacker already knows what cipher is being used; as kelalaka mentioned in a comment, Kerchhoff's principle is that the only information that can be considered secret is information that is easy to change, for example, the key. Switching from, say, AES to ChaCha20 is a much larger change which is difficult to do on the fly.

jp flag
That is an interesting way to phrase Auguste Kerckhoff's Principle(s). It's obvious that this is the reason behind it, but I have never seen it spelled out that clearly. Thanks for enlightening me!
Leviel avatar
br flag
Yup, that did it for me. Thanks for the help poncho! :-)
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.