A class of cryptanalytic methods that gives the analyst pairs of plaintext as well as ciphertext, and attempts to derive the key. As Lars Knudsen's Journal of Craptology calls it: "Faking the ability to break a cipher when one already knows the answer." Compare chosen plaintext attack.

Linear cryptanalysis is an example of an attack that falls into this category.

A known plaintext attack is, simply put, an attack where one attempts to determine a key from analyzing the relationship between a decrypted message and the encrypted output. When it works, it's extremely effective, sometimes recovering the key in a matter of minutes. There isn't supposed to be any apparent causal relationship between the various parts of a crypto system. When there is, though, there can be serious consequences

At first glance, a known plaintext attack seems to be a non-issue. After all, the whole point of cryptography is to make any and all information unreadable to an outside party. On a deeper inspection of the subject, however, it becomes clear that obtaining a known portion of the encrypted message is much easier than it appears.

For example, suppose Alice is sending Bob an encrypted Excel spreadsheet with detailed financial information. Now this information is very valuable to our corporate spy, Mallory, who will attempt to attempt to decode this information so that he can sell it to the highest bidder and move to Tahiti. Now you may be thinking to yourself that Mallory should probably get into another line of work. After all, with a decent key size, the sun will burn out long before Mallory gets even close to cracking it, right? Wrong.

Now it's true that Mallory will cease to be long before the key is cracked if he uses brute force measures; there simply isn't enough computing power in the world to brute force a large key, and won't be for a long while. Mallory, however, has an advantage in that he already knows some of the decrypted results. Excel, like most modern computing programs, has a fixed header it places on all its files so that when the program later goes to open it, it knows for certain that this is an Excel file. Now, Mallory knows this header, so he gets to work finding the key. After some time analyzing the relationship between the the encrypted and the decrypted portion through such methods as linear and differential cryptanalysis, he determines the key, and books a flight to Tahiti. Because the encrypted message was partially known, the entire message was compromised.

Several algorithms have been demolished by known plaintext attacks. After all, if an attacker can manage to get a hold of a trivial amount of the message, such as a header or known portion of the body of the message, it's almost a waste of clock cycles to encrypt the message. The cryptographic system FEAL, for example, is somewhat famous for attracting known-plaintext attacks; several attacks have been performed on the algorithm, some of which have been performed with only knowing a tiny sliver of the full text. Additionally, the venerable DES is vulnerable to known plaintext attacks, which is one of the many reasons why the call for AES went out; DES had just gotten too cryptographically weak. Finally, the Enigma cypher from World War II suffered from a known plaintext vulnerability as well, with Allied decoders able to determine German keys from the fact that reports began with a known callsign, greatly aiding the Allied war effort.

Modern cryptographic algorithms, such as blowfish are designed to thwart known plaintext attacks. A cryptographer will spend much time trying to deconstruct their own algorithm before releasing it; after all, most cryptographers are in the field to make money, and a flawed algorithm isn't worth all that much. Known plaintext attacks are a very serious matter to the art of modern cryptography; algorithms live and die by how well they keep a secret, and an algorithm vulnerable to known plaintext attacks cannot keep a secret.

Log in or register to write something here or to contact authors.