What is cryptanalysis?

What is cryptanalysis?

Cryptanalysis is the art of deciphering coded messages without being told the key. To do this, hackers must break into cryptographic security systems to gain access to encrypted messages.

Typically, cryptanalysis is only useful for hackers to obtain information illicitly. However, for certain cryptographers, it can be useful to employ cryptanalysis experts to figure out vulnerabilities in algorithms to improve them.

Cryptanalysis could also be used to study or analyse information systems to discover hidden bugs, amongst other uses.

To understand cryptanalysis, we will begin by discussing the origins of public and private key encryption.

Pretty Good Privacy (PGP)

The concept of Pretty Good Privacy (PGP) was devised by former special director of Computer Professionals for Social Responsibility (CPRS) Philip Zimmerman. He devised it as a method for promoting the relevance of privacy in a digitised world.

PGP is used to generate the encryption keys that cryptanalysis aims to subvert. A key is a string of alphanumeric text generated by the PGP system. This is achieved through special encryption algorithms.

Two keys are created: one to encrypt the message and one to decrypt it.

The point of encryption is so that the message can only be deciphered by you, or someone who has the other key. Functionally, there isn’t a great deal of difference between the two other than encrypting and decrypting.

The key thing to remember is that the private key is fundamentally a password and should never be shared.

Cryptography

PGP is not necessarily dated, but there are far superior methods of privacy today.

SHA-256 is a perfect example of this. SHA-256 is the encryption algorithm currently used in Bitcoin. Bitcoin actually relies less on encryption and focuses more on cryptographic hash functions.

Cryptographic hash functions are designed to be infeasible to invert, meaning they only function one-way. SHA-256 converts text of any given length into an alphanumeric string of 256 bits. As you might well guess from having 256 bits, it is incredibly difficult to decrypt.

Furthermore, if a single part of the input data were to be altered, the output would consequently be changed so drastically that the hash values would appear completely unrelated, adding an extra layer of security.

Cryptanalysis

Cryptanalysis is, functionally, the decryption and analysis of any code, cipher, or encrypted text. It uses mathematical formulas to search for any vulnerabilities within a given algorithm.

While it is important to note that the aim of cryptanaylsis is to find a weakness in a cryptographic algorithm, the research from cryptanalyst work is useful to cryptographers to learn how to improve flawed algorithms.

Key terms

Here is a quick glossary of key terms relating to cryptanalysis:

• Plaintext: This is text that has not been computationally tagged, formatted, or written in code.
• Ciphertext: This is the end result of encryption being applied to plaintext. The plaintext becomes ciphertext.
• Chosen Plaintext: This is a model for cryptanalysis that assumes the attacker can choose random plaintexts to be encrypted and ultimately obtain the relevant ciphertexts.
• Known Plaintext: This is another model for cryptanalysis where the attacker has access to both the plaintext and its encrypted counterpart (ciphertext).

Types of cryptanalysis attacks

Below is a list of different types of cryptanalysis attacks. The list of attacks is categorised based on what information the attacker has available to them.

• Known-Plaintext Analysis (KPA): In this type of attack, the perpetrator decrypts ciphertexts with partially known plaintexts.
• Chosen-Plaintext Analysis (CPA): In this method, the attacker utilises ciphertext that matches arbitrarily selected plaintext through the same algorithm technique.
• Ciphertext-Only Analysis (COA):  This is when an attacker incorporates known ciphertext collections to the attack.
• Man-in-the-Middle (MITM): This attack occurs when two parties are using a message/key for sharing communication on a channel they believe to be secure. In reality, the channel has been compromised and the attacker uses a MITM attack to intercept the message that is passing through the communication.
• Adaptive Chosen-Plaintext Attack (ACPA): This method resembles a CPA attack in that it uses chosen plaintext and ciphertext based on data acquired from a previous encryption.

Interested in learning more about public and private keys? Discover more on what exactly a Bitcoin private key is here on Coin Rivet.