Talk:Cryptanalysis

From Wikipedia, the free encyclopedia

This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.

It is intended that this article be included in WikiReader Cryptography, a WikiReader on the topic of cryptography. Help and comments for improving this article would be especially welcome. A tool for coordinating the editing and review of these articles is the daily article box.

To-do list for Cryptanalysis:	edit · history · watch · refresh
Here are some tasks you can do:

	This article is within the scope of the Military history WikiProject. If you would like to participate, please visit the project page, where you can join the project and see lists of open tasks and regional and topical task forces. To use this banner, please see the full instructions.
Start	This article has been rated as Start-Class on the quality scale.
Additional information and associated task forces: This article has been checked against the following criteria for B-Class status: Referencing and citation: criterion not met Coverage and accuracy: criterion met Structure: criterion met Grammar: criterion met Supporting materials: criterion met Associated task forces (general topics): Military technology and engineering task force

Contents 1 Article needs work 2 What do do about cryptanalysis assumptions? 3 Shannon link 4 History of cryptanalysis 5 animal behavorial cryptanalysis 6 Characterisation of attacks (deduction vs induction)

[edit] Article needs work

This article seems a bit incoherent. whats this "two-key" stuff? You mean public key / asymmetric cryptography, or what? And "one-key" means what? Symmetric cryptography?

Also, chosen ciphertext and chosen plaintext attacks are different for symmetric crypto. For symmetric crypto, attacks are: ciphertext-only, known-plaintext, chosen-plaintext and chosen-ciphertext (in order of increasing strength.) For assymetric, the three main attacks are: known-plaintext, chosen-ciphertext and adaptive chosen-ciphertext.

This page needs to be rewritten by someone who knows what they are talking about (I know enough to know this page is awful, but I'll leave fixing it to those more knowledgeable than I...) -- SJK

[edit] What do do about cryptanalysis assumptions?

There's some short stub-esque pages on the various types of cryptanalysis attacks: known-plaintext attack, chosen plaintext attack, ciphertext-only attack, chosen ciphertext attack, adaptive chosen ciphertext attack. They are all quite short and similar, and its unlikely they'll every expand into longer articles. Some options:

1. Keep the short pages. If this was the case, you'd want to add things like "adaptive chosen plaintext attack" and "related-key attack" and (believe it or not) "related-cipher attack".
2. Merge them all into a Scenarios for cryptanalysis article.
3. Merge them all into cryptanalysis.

I'd favour doing 2., seeing how long the article is, and then deciding whether to do 3.

Matt 02:59, 13 Mar 2004 (UTC)

Matt, I think keeping (and adding to) the stubesque pages makes some sense, when combined with 2. The problem is that no _real_ sense of the operation of cryptanalytic technique can be anything less than detailed -- probably far too detailed for a WP article, even a technical one. But any attempt to do so, which I would nevertheless encourage (it might be possible for one or another technique), should be kept quarantined. More or less the way the mathematics or physics people have done in some cases.

Nevertheless, an overview of cryptanalysis (how to think about it, how to consider choosing an attack technique, what informatio is needed to decide, ...) would be useful. Both to the somewhat curious reader (more ambitious than the average) and to the serious reader. It's hard to keep the abstraction levels straight when thinking about crypto generally and abotu cryptoanalysis in particular, so whatever illumination is possible would be well, even for the serious reader.

Comments?

ww 16:09, 15 Mar 2004 (UTC)

The modern treatment of this stuff is in terms of the random oracle model. There should definitely be an article explaining terms like IND-CPA and IND-CCA security (CPA=chosen plaintext attack, CCA=chosen ciphertext attack, etc). But it shouldn't be in the main cryptanalysis article. I've been wanting for a while to write something on those topics but I'm too busy right now. Rogaway and Bellare have an excellent downloadable textbook that I'll try to add a link to. Phr 08:41, 16 February 2006 (UTC)

Presumably this is the text-book http://www.cs.ucsd.edu/~mihir/cse207/classnotes.html --AWZ (talk) 19:16, 3 February 2008 (UTC)

[edit] Shannon link

Can somebody check the link on "Shannon Information" (the Shannon part)? It used to point to a disambiguation page. I've changed it to what I think is the right person, but I'm not completely sure... Ealex292 02:12, 10 Apr 2005 (UTC)

I've never heard the term "Shannon Information" before, but from context it just means the cryptanalyst has gained information that lowers the effective Shannon entropy of the (unknown) plaintext. For example, suppose you have a ciphertext and you know that the plaintext was written in either English or French, but you don't know which, and you consider both equally likely. If you have a statistical method that doesn't yield any plaintext, but can determine from the ciphertext that the plaintext is 65% likely to be English, that would be an information deduction attack. In general, perfect security means that for a given ciphertext, all plaintexts are equally likely. Any algorithm that discloses that some plaintexts are more likely than others is an attack. Phr 08:38, 16 February 2006 (UTC)

[edit] History of cryptanalysis

I see that a large chunk of the article was just removed. For what reason? — DAGwyn 19:01, 6 April 2007 (UTC)

[edit] animal behavorial cryptanalysis

I removed a tag pointing to other species signs and signals. This is so wide a divergence in the sense of cryptanalysis as to be out of context entirely. Linguistically embedded mehaphor being not entirely rational, I'd futher observe that this meaning of the term is entirely unknown to me. ww 11:13, 26 May 2007 (UTC)

Thanks. You don't actually have to justify the reversion in the Talk page; Wikipedia editors constantly revert "random" additions that make no sense (in addition to obvious instances of vandalism). Usually just a brief reason in the "Edit summary" box will suffice. — DAGwyn 05:45, 27 May 2007 (UTC)

Actually, I realize that, but I've never bothered to figure out how to add an edit summary to a 'rollback' action. Usually I don't bother, as I did in this case, to explain further, but there is/was an actual point to the tag, just more than a little off any sensible target. Thus... ww 10:50, 27 May 2007 (UTC)

[edit] Characterisation of attacks (deduction vs induction)

I hope I'm not being to picky, but I question the use of the word "deduce" in the context of cryptanalysis. It is my experience this is primarily an inductive process based on guesses and experimentation. There can be very little information at the begining of an attack; certainly not enough to solve the system in the way deduction demands. The analyst usually looks for possible known algorithms or mathematically simple methods, which is really more of inductive process. I'd like to see the wording changed so this is more clearly reflected. I'm not going to change it myself, because I don't feel it is my place. I just wanted to throw this out to wp community. —The preceding unsigned comment was added by Mbset (talk • contribs).

There are elements of both induction and deduction involved, also plain guesswork (confirmed by results). — DAGwyn 16:20, 21 August 2007 (UTC)

"Deduce" is correct. One has to distinguish between finding an attack against a cryptosystem (i.e., developing an algorithm) and performing the attack (i.e. running the algorithm). While finding the algorithm might be an inductive process, running it is not. The article talks about what the result of the attack is (e.g. key, plaintext etc.). Hence the article is describing what the output of running an algorithm is. 169.231.5.121 07:42, 22 August 2007 (UTC)

If we were to accept that strange model of cryptanalysis, then the "deductive" part would be of little interest anyway. — DAGwyn (talk) 17:37, 14 March 2008 (UTC)