Cryptanalysis is a technical term that you’ll hear only in the very advanced study of computer security systems, especially when it comes to breaking codes.
Cryptanalysis is a technical term that you’ll hear only in the very advanced study of computer security systems, especially when it comes to breaking codes. In its simplest definition, cryptanalysis refers to the decryption and analysis of ciphers, ciphertexts, codes or encrypted text.
The technique involves the use of mathematical formulas to analyze secure information systems to detect vulnerabilities and shrouded components. The goal of this process is to decrypt data that has been secured via cryptography.
Individuals who become cryptanalysts use a conglomeration of hacker-like abilities and Sherlock-like investigative skills to find hidden facets of a system. In other words, cryptanalysis requires lots of patience, intuitiveness, mathematics loving
skills, inquisitiveness, and a powerful computer.
There is a never-ending tug of war between cryptographers (developers of the algorithms, security systems, and ciphers) and cryptanalysts (individuals to try to break the codes to unveil the hidden meanings). It is this war that drives the career in this field.
However, the work of these professionals is a benefit to the cryptographers. The results they obtain from the analysis can be used by cryptographers to improve, replace and strengthen their algorithms. Career cryptanalysts usually work at in federal level, but corporate groups may also use their services.
Techniques and Attacks of Cryptanalysis
Cryptanalysis attacks and techniques happen in many ways that vary widely based on the amount of information the analyst can get his or her hands on concerning the algorithm being decrypted. The most preferred cryptanalytic techniques include:
1. Ciphertext-Only Analysis (COA)
Here, the attacker enjoys access to single or more encrypted messages but has no idea what the plaintext data, the algorithm for encryption in use of any other data about the cryptographic keys being used. Put another way; the analyst uses ciphertexts or code texts that he or she recognizes.
COA is the method that federal intelligence agencies employ when they want to decipher the plaintext of an encrypted message an enemy has used.
2. Known Plaintext Analysis (KPA)
In known plaintext analysis, the attacker works with the knowledge of a section or even all of the plaintext of codetext. The challenge here is to unravel the algorithm or key that was initially used to secure the data and decrypt the message.
If the attacker succeeds, he or she can use the keys he obtained to decode other messages that used the same encryption keys. A subcategory of KPA referred to as linear cryptanalysis uses a linear approximation to describe a block cipher. A block cipher is a technique of encrypting messages in which the algorithm and cryptogenic keys are applied to a block of data.
KPA depends on the ability of the attacker to guess or uncover a part of the encrypted data or the whole thing. Even the format of the original plaintext can suffice. For instance, if the analyst knows that the encrypted message is addressed to or mentions a particular individual; just the name of that individual may be sufficient known plaintext to use.
3. Chosen Plaintext Analysis (CPA)
This technique is somehow a gamble. The attacker knows the device that was used for the encryption or the algorithm that was employed. He or she then tries to use a codetext that matches a whimsically chosen plaintext through a similar technique of algorithm.
4. Differential Cryptanalysis
A differential cryptanalysis attack can be considered a type of CPA. It describes an attack on block ciphers that analyze pairs of plaintexts instead of one plaintext. The goal of the analysts is to find out how the targeted method of the algorithm will behave with it meets various types of messages.
5. Integral Cryptanalysis Attacks
This method of attack closely resembles differential cryptanalysis. The difference is that it utilizes pairs plaintexts in which a section of plaintext remains constant, but other sections are manipulated. Integral cryptanalysis is handy when used for block ciphers based on what experts refer to as substitution-permutation networks.
6. Man-In-The-Middle (MITM) Analysis
Here, cryptanalysts uncover ways to insert themselves in between a channel of communication between two groups who agree to share their keys and algorithms for secure communication public or asymmetric key infrastructure.
The analysts attack by performing an algorithm exchange with each group as the original groups think they are sharing keys with one another. In the end, the groups will be using a key that the attacker knows.
7. Side-Channel Analysis
This technique of attack uses information obtained from the physical device being used to decrypt or encrypt. It means the attack makes use of data that is neither the plaintext being decoded nor the ciphertext coming from the encryption process. Instead, the message is related to the amount of time the system needs to reply specific queries, the electromagnetic radiations emitted, or the amount of power used by the encrypting method.
8. Dictionary Attack
This technique uses the vulnerability of humans. The attack base his arguments on the tendency of people to use passwords based on common words or guessable sequences of numbers and letters. Dictionary analysis is achieved by encrypting all word present in the dictionary. The cryptanalyst then verifies with the hope that the outcome matches encrypted passwords kept in a SAM file format or other frequently used
Other Cryptanalytic Techniques
The techniques mentioned above are the mainstay of cryptanalysts. Other methods also exist.
For example, one involves the attacker convincing persons to reveal their
encryption keys or passwords. Another may include creating Trojan horse
programs designed to steal confidential info including keys from victims’ personal computers and send the information back to the analyst. Some
techniques to further to trick their targets into using infiltrated and weakened cryptosystem.
Tools used in Cryptanalysis
The complexity of cryptanalysis means that better information can only be found in journals and other academic papers. One thing for sure is that the discipline involves a lot of mathematics. Nevertheless, several tools, as well as resources, are at your disposal if you desire to learn this subject. The most common and helpful tools include:
This opens source project gives you the chance to gain skills about cryptanalysis as well as cryptographic algorithms through resourceful e-learning programs.
Cryptol, a tool initially developed for the National Security Agency, is a domain-specific language that specifies cryptographic algorithms. Although developed for the NSA, the program is licensed under open source and therefore available for public use as well.
It gives learners the chance to assess how algorithms work in software programs specifically written to decipher the ciphers or algorithms. Cryptol may be suitable for cryptographic routines and not the whole cryptographic suites.
Ganzúa is Spanish for skeleton or picklock key. It’s another open source cryptanalysis program that useful with monoalphabetic and polyalphabetic ciphers. Ganzúa allows its users to reveal almost entirely whimsical plain alphabets to make possible the correct analysis of the cryptograms gotten from the non-English text. This tool is a Java program that is compatible with Window OS, Mac OS X as well as Linux
This program is useful for analyzing ciphertext developed by many kinds of algorithms. CryptoBench can decrypt or encrypt with up to 29 symmetric keys and algorithms. It can also decrypt, encrypt, sign and verify with six separate public key algorithms. Furthermore, it is capable of generating fourteen different types of cryptographic hashes and two different kinds of checksum.
Some tech-savvy cryptanalysts can develop their programs that they can custom to suit specialty challenges and tasks.
Applications of Cryptanalysis
The duties of cryptanalysts are specific and well cut out. They include coming up with algorithms, security systems, and ciphers with the aim of encrypting confidential and sensitive data and messages. These experts also analyze and decrypt various kinds of hidden information including ciphertexts, encrypted data as well as telecommunications protocols in cryptographic security programs.
Cryptanalysis experts always work for government agencies, but the private sector may also benefit from their services. In either case, these professionals ensure their client’s networks are secured and that the data exchanged via their computer networks is strongly encrypted.
- Protecting sensitive and critical data from being copied, intercepted, deleted or manipulated
- Delineating security programs to ward off attackers and to fix vulnerabilities
- Analyzing, evaluating, and targeting the points of weakness in cryptographic algorithms and security systems
- Assessing computational models of reliability and precision
- Designing statistical and mathematical models to analyze info and solve issues with security
- Searching for points of weakness and vulnerability in correspondence lines
- Assessing, researching and testing newly developed cryptology applications and theories
- Encrypting financial data and making sure accessibility is limited to authorized users only
- Protecting transmitted message or data from hackers or alteration in transit
- Coming up with new techniques to encrypt info and new ways to encode signal to hide sensitive data
- Decrypting messages as well as coding systems for law enforcement personnel, the military, and other federal
Cryptanalysis is a lucrative career, but you have to work extra hard to qualify. It may force you to get a bachelor’s degree in mathematics, computer engineering, computer science, or other related disciplines. A technical degree may not be necessary to get a job as a cryptanalyst because many organizations prefer a candidate with extensive training and previous work experience in this field.
Alternatively, you can go for a Master Degree in Science unless you already have a bachelor’s degree in computer science or mathematics. You will have the strongest prospects if you have a doctorate in computer science or mathematics with a specialty on cryptography.
Subscribe to our newsletter to receive news & updates.