How many ciphertexts should attacker intercepts if he only knows the first 3 bytes of plaintext of each one?

Allexj

6/4/24, 5:11 PM

Consider a system in which DES is used to encrypt messages in which the first three plaintext Bytes are known by the attacker. How many encrypted messages is it necessary to intercept in order to be reasonably sure of identifying the key used for encryption?

I thought about this, but I am not sure:

The probability that plaintext starts with the 3 known bytes is favorable cases/total cases so:

$64$ total block bits - $24$ fixed bits ($3$ bytes) $= 40$... so $2^{40} / 2^{64} = 2^{-24}$ is the probability

If I multiply this probability by the number of keys, I get the expected value of the number of keys which gives me the first 3 bytes known, so the false positives.

$$2^{56} * 2^{-24} = 2^{32}$$

So the attacker, when he tries to decrypt, he'll find 2^32 different plaintexts with the 3 known bytes.

The attacker intercepts a second packet and redoes the multiplication:

$2^{32} * 2^{-24} = 2^8$

Another time and he'll find the key!

Is this right?

0 + 2

des

cryptanalysis

known-plaintext-attack

kelalaka

6/5/24, 7:25 AM

To be honest, your question is not answerable since _reasonably sure_ is not a metric. Once you define this, then one can talk about the necessary number of ciphertext. Your question is a badly written HW, as it seems.

fgrieu

6/5/24, 7:31 AM

The proposed solution is mostly correct, and yes 3 intercepts is enough to be _reasonably sure_. But you didn't quantify that. For best mark, evaluate the residual probability that more than one key would match; and state hypothesis made. One such hypothesis is: DES is assimilated to an ideal cipher with 56-bit key and 64-bit block; but there's another hypothesis that you silently make; it's less standard, and not certain given the problem statement (hint: that hypothesis could well be wrong if the IV was constant, or if ECB mode was used).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How many ciphertexts should attacker intercepts if he only knows the first 3 bytes of plaintext of each one?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.