As previously noted, cryptanalysis is all about the methods for breaking cryptosystems. Of course, since modern cryptography uses much mathematics that is not particularly well understood yet, the rules for what it means for a cryptanalytic attack to be successful are relaxed a fair bit. In academic cryptography, a successful attack doesn't necessary mean that it is a practical method of recovering the plaintext or the secret key from the ciphertext. To be considered successful, it is merely necessary for an attack to find a weakness in the structure of the cipher that can be exploited to attack the cipher with effort less than brute force. Never mind if a brute force attack would require 2256 (1077) encryptions; if an attack requiring 2224 (1064) encryptions is found it would be considered a "successful" attack, as it shows that the cipher does not work exactly as advertised. Of course, both types of attacks are equally infeasible even if every sub-atomic particle making up the entire Virgo supercluster of galaxies were a computer capable of doing a billion encryptions a second.

Other types of cryptanalytic attacks, specifically on iterated block ciphers, attack reduced-round variants of the cipher, e.g. Counterpane published a successful break of six rounds of Rijndael, while that algorithm recommends at least ten rounds of the cipher. Again, it shows that there might be a structural weakness in the mathematics of the cipher that can be exploited. Such attacks may later be extended to the full cipher. Other cryptanalytic results require unrealistic amounts of known or chosen plaintext: the linear cryptanalysis method against DES requires 247 known plaintexts to recover the key for instance (gee, that's 2048 terabytes of known plaintext!).

These types of attacks, however, could conceivably be extended into actual, practical attacks that can decipher arbitrary ciphertext using only realistic resources if gaps in mathematical knowledge can be filled (or perhaps given something already known to the National Security Agency)...

Modern and (practical) cryptanalysis also involves such diverse techniques which might once have been considered "cheating" by cryptanalysts of old, such as side-channel attacks that take advantage of weaknesses in the physical impelementation of a cryptosystem, perhaps even rubber-hose cryptanalysis :).


Mitsuru Matsui, "Linear Cryptanalysis Method for the DES Cipher", EUROCRYPT '93.

Bruce Schneier, "A Self-Study Course in Block Cipher Cryptanalysis",

Bruce Schneier, Applied Cryptography

N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner, and D. Whiting, "Improved Cryptanalysis of Rijndael",