Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [known-plaintext-attack]

The attacker knows at least one sample of both the plain text and the cipher text.

The attacker knows at least one sample of both the plain and the cipher text.

In most cases this is recorded real communication.

If XOR cipher is used for example, this will reveal the key as plaintext xor ciphertext.

204 questions
63
votes
6 answers

Why is AES resistant to known-plaintext attacks?

At least it's my understanding that AES isn't affected by known-plaintext. Is it immune to such an attack, or just resistant? Does this vary for chosen-plaintext?
Jeff Ferland
  • 835
  • 2
  • 7
  • 10
34
votes
1 answer

What do the signature security abbreviations like EUF-CMA mean?

From time to time, one stumbles across formal security definitions. This includes security definitions for signature schemes. The most common ones are the *UF-* ones, advertising security against specific classes of attackers. Now these notions may…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
33
votes
4 answers

What is the difference between known-plaintext attack and chosen-plaintext attack?

I am very confused between the concept of known-plaintext attack and chosen-plaintext attack. It seems to me that these two are the same thing, but it definitely is not. Can anyone explain to me how these two differ?
Tom Fabregas
18
votes
2 answers

Is it possible to obtain AES-128 key from a known ciphertext-plaintext pair?

I have a file, which was encrypted with AES-128 in ECB mode. I know the format of the original file and know that all files in this format have the same headers. So, I have an encrypted block and the original block. Can I get the encryption key,…
Denis Bezrukov
  • 183
  • 1
  • 1
  • 4
17
votes
1 answer

The difference between these 4 breaking Cipher techniques?

I'm trying to understand the difference between the following and what they actually mean : Known plaintext attack Known ciphertext attack Chosen ciphertext attack Chosen plaintext attack Any clarification is much appreciated…
Scarl
  • 445
  • 1
  • 6
  • 15
14
votes
4 answers

Why is a known-plaintext attack considered a complete break?

I read somewhere that if a cipher has a known-plaintext attack, then it is considered completely broken. Say there is a cipher that someone uses where the algorithm is understood and a known-plaintext attack is trivial to perform, however a…
Danegraphics
  • 251
  • 2
  • 6
12
votes
1 answer

Sending KCV (key check value) with cipher text

I was wondering why it is not more common to send the KCV of a secret key together with the cipher text. I see many systems that send cipher text and properly prepend the IV to e.g. a CBC mode encryption. Wouldn't it be easier to prepend another…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
11
votes
4 answers

One round of AES-128

Maybe it’s a silly question, I’m interested in the best known/chosen plaintext attack on only one round of AES-128. More specifically, what is the smallest number of known/chosen plaintext/ciphertext pairs which allow us to recover the key with high…
user79425
11
votes
2 answers

KCV and compatibility with block cipher modes of operation

There has been lately a question on KCV (key check value), value provided by many CRYPTOKI (PKCS#11) implementations. I don't particularly like KCV, but I decided to ask about proper use of KCV. This "KCV" (also known as CKA_CHECK_VALUE object…
user4982
  • 5,379
  • 21
  • 33
9
votes
3 answers

Is the ChaCha20 block function reversible using known plaintext?

I've been recently implementing the chacha20 stream cipher with Poly1305. As the core operations which make up the Quarter Round of chacha20 (ARX - Addition Rotation Xor) are indeed reversible, does that make reversing the ChaCha20 possible if an…
Aravind A
  • 1,090
  • 13
  • 22
9
votes
3 answers

Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext?

Assume I have a list of plaintext text and its corresponding ciphertext which was created using a specific key with AES in ECB mode. Can I recover that key? If, how big does the list of plaintext and matching ciphertext have to be to be able to…
Richard Jones
  • 201
  • 1
  • 2
  • 3
9
votes
3 answers

Would adding daily changing nulls in front of their messages have made the Engima harder to crack?

The British decrypted the German enigma because they knew that they would repeat the message key twice at the start of every message. Of course, technology to encrypt enigma without the repetition using cribs was developed later but only after it…
BlueWizard
  • 193
  • 3
9
votes
2 answers

Breaking ZIP 2.0 encryption without password

I have an old sourcecode backup from my DOS days stored in a ZIP 2.0 encrypted archive, but I lost the password. The password was written on a paper slip, but I remember that it consisted of 30+ completely random alphanumeric characters with some…
James Horst
  • 91
  • 1
  • 1
  • 2
9
votes
3 answers

Encrypting files with known headers

If I encrypt a file of a known format that has a lengthy header (e.g. an XML Excel file), does that render the encrypted file susceptible to a "known plain text" attack? In other words, if the first X bytes of the decrypted text are known, does…
Paul Lynch
  • 243
  • 2
  • 5
8
votes
2 answers

DES — Can I recover the key when I have both ciphertext and the plaintext?

Given a message and DES encrypted form of said message, is it possible to efficiently compute the key used to encrypt the data?
GregoryComer
  • 183
  • 1
  • 4
1
2 3
13 14