cryptanalysis

What is cryptanalysis?

Cryptanalysis is the study of ciphertext, ciphers and cryptosystems to understand how they work and to find and improve techniques for defeating or weakening them. For example, cryptanalysts seek to decrypt ciphertexts without knowledge of the plaintext source, encryption key or the algorithm used to encrypt it. Cryptanalysts also target secure hashing, digital signatures and other cryptographic algorithms.

How does cryptanalysis work?

While the objective of cryptanalysis is to find weaknesses in or otherwise defeat cryptographic algorithms, cryptanalysts' research results are used by cryptographers to improve and strengthen or replace flawed algorithms. Both cryptanalysis, which focuses on deciphering encrypted data, and cryptography, which focuses on creating and improving encryption ciphers and other algorithms, are aspects of cryptology, the mathematical study of codes, ciphers and related algorithms.

Cryptanalysts might discover methods of attack that completely break an encryption algorithm, which means that ciphertext encrypted with that algorithm can be decrypted trivially without access to the encryption key. More often, cryptanalytic results uncover weaknesses in the design or implementation of the algorithm, which can reduce the number of keys that need to be tried on the target ciphertext.

For example, a cipher with a 128-bit encryption key can have 2¹²⁸ (or 340,282,366,920,938,463,463,374,607,431,768,211,456) unique keys. On average, a brute-force attack against that cipher will succeed only after trying half of those unique keys. If cryptanalysis of the cipher reveals an attack that can reduce the number of trials needed to 2⁴⁰ (or just 1,099,511,627,776) different keys, then the algorithm has been weakened significantly, to the point that a brute-force attack would be practical with commercial off-the-shelf systems.

Who uses cryptanalysis?

Cryptanalysis is practiced by a broad range of organizations and individuals, including the following:

• Governments aiming to decipher other nations' confidential communications.
• Companies developing security products that employ cryptanalysts to test their security features.
• Hackers, computer crackers, independent researchers and academicians who search for weaknesses in cryptographic protocols and algorithms.

The constant battle between cryptographers trying to secure information and cryptanalysts trying to break cryptosystems moves the entire body of cryptology knowledge forward.

Cryptanalysis techniques and attacks

There are many different types of cryptanalysis attacks and techniques, which vary depending on how much information the analyst has about the ciphertext being analyzed. Cryptanalytic methods include the following:

• Ciphertext-only attacks occur when the attacker only has access to one or more encrypted messages but knows nothing about the plaintext data, the encryption algorithm being used or any data about the cryptographic key being used. This is the type of challenge that intelligence agencies often face when they have intercepted encrypted communications from an opponent.
• Known plaintext attacks are when the analyst has access to some or all of the plaintext of the ciphertext. The analyst's goal is to discover the key used to encrypt and decrypt the message. Once the key is discovered, an attacker can decrypt all encrypted messages using that key. Linear cryptanalysis is a type of known plaintext attack that uses a linear approximation to describe a block cipher. Known plaintext attacks depend on the attacker being able to discover or guess some or all of an encrypted message, or even the format of the original plaintext. For example, if the attacker is aware that a particular message is addressed to or about a particular person, that person's name could be a suitable known plaintext.
• Chosen plaintext attacks occur when the analyst either knows the encryption algorithm or has access to the device used to do the encryption. The analyst can encrypt the chosen plaintext with the targeted algorithm to derive information about the key.
• Differential cryptanalysis attacks are a type of chosen plaintext attack on block ciphers that analyze pairs of plaintexts rather than single plaintexts, so the analyst can determine how the targeted algorithm works when it encounters different types of data.
• Integral cryptanalysis attacks are similar to differential cryptanalysis attacks, but instead of pairs of plaintexts, they use sets of plaintexts in which part of the plaintext is kept constant but the rest of the plaintext is modified. This attack can be especially useful when applied to block ciphers based on substitution-permutation networks.
• Side-channel attacks depend on information collected from the physical system used to encrypt or decrypt. Successful side-channel attacks use data that is neither the ciphertext resulting from the encryption process nor the plaintext to be encrypted, but rather it could be related to the amount of time it takes for a system to respond to specific queries, the amount of power consumed by the encrypting system or electromagnetic radiation emitted by the encrypting system.
• Dictionary attacks are used against password files and exploit the human tendency to use passwords based on natural words or easily guessed sequences of letters or numbers. Dictionary attacks work by encrypting all the words in a dictionary and then checking whether the resulting hash matches an encrypted password stored in the SAM file format or other password file.
• Man-in-the-middle attacks occur when cryptanalysts find ways to insert themselves into the communication channel between two parties who wish to exchange their keys for secure communication via asymmetric or public key infrastructure. Attackers perform a key exchange with each party, with the original parties believing they are exchanging keys with each other. The two parties then end up using keys that are known to the attacker.

Other types of cryptanalytic attacks include techniques for convincing individuals to reveal their passwords or encryption keys, developing Trojan horse programs that steal secret keys from victims' computers and send them back to the cryptanalyst, or tricking a victim into using a weakened cryptosystem.

Side-channel attacks have also been known as timing or differential power analysis. These attacks came to wide notice in the late 1990s when cryptographer Paul Kocher was publishing results of his research into timing attacks and differential power analysis attacks on Diffie-Hellman, Rivest-Shamir-Adleman, Digital Signature Standard and other cryptosystems, especially against implementations on smart cards.

Cryptanalysis tools

Because cryptanalysis is primarily a mathematical subject, the tools for doing cryptanalysis are in many cases described in academic research papers. There are many tools and other resources available for those interested in learning more about doing cryptanalysis, including the following:

• CrypTool is an open source project that produces e-learning programs and a web portal for learning about cryptanalysis and cryptographic algorithms.
• Cryptol is a domain-specific language originally designed for use by the National Security Agency specifying cryptographic algorithms. Cryptol is published under an open source license and available for public use. Cryptol makes it possible for users to monitor how algorithms operate in software programs written to specify the algorithms or ciphers. Cryptol can be used to deal with cryptographic routines rather than with entire cryptographic suites.
• CryptoBench is a program that can be used to do cryptanalysis of ciphertext generated with many common algorithms. It can encrypt or decrypt with 29 different symmetric encryption algorithms; encrypt, decrypt, sign and verify with six different public key algorithms; and generate 14 different kinds of cryptographic hashes, as well as two different types of checksum.
• Ganzúa (meaning picklock or skeleton key in Spanish) is an open source cryptanalysis tool used for classical polyalphabetic and monoalphabetic ciphers. Ganzúa lets users define almost completely arbitrary cipher and plain alphabets, enabling the proper cryptanalysis of cryptograms obtained from non-English text. Ganzúa is a Java application and runs on Windows, macOS X or Linux.

Cryptanalysts also commonly use many other data security tools, including network sniffers and password cracking software. Cryptanalytic researchers also often create their own custom tools for specific tasks and challenges.

Requirements and responsibilities for cryptanalysts

A cryptanalyst's duties might include developing algorithms, ciphers and security systems to encrypt sensitive information and data, as well as analyzing and decrypting different types of hidden information, including encrypted data, cipher texts and telecommunications protocols, in cryptographic security systems.

Government agencies and private sector companies hire cryptanalysts to ensure their networks are secure and sensitive data transmitted through their computer networks is encrypted.

Cryptanalysts might also be responsible for the following duties:

• Protecting critical information from being intercepted copied, modified or deleted.
• Evaluating, analyzing and targeting weaknesses in cryptographic security systems and algorithms.
• Designing security systems to prevent vulnerabilities.
• Developing mathematical and statistical models to analyze data and solve security problems.
• Testing computational models for accuracy and reliability.
• Investigating, researching and testing new cryptology theories and applications.
• Searching for weaknesses in communication lines.
• Ensuring financial data is encrypted and accessible only to authorized users.
• Ensuring message transmission data isn't hacked or altered in transit.
• Decoding cryptic messages and coding systems for military, law enforcement and other government agencies.
• Developing new methods to encrypt data and new methods to encode messages to conceal sensitive data.

Individuals planning to pursue a career in cryptanalysis are advised to obtain a bachelor's degree in computer science, computer engineering, mathematics or a related field. Some organizations consider hiring individuals without a technical degree if they have extensive training and prior work experience in the field.

A Master of Science degree is strongly recommended unless the candidate has a bachelor's degree in mathematics and computer science. The strongest candidates have a doctoral degree in mathematics or computer science with a focus on cryptography.

Editor's note: TechTarget editors revised this definition in 2024 to improve the reader experience.