**Cryptography:** Cryptographic systems are generically classified along three independent dimensions:

**The type of operations used for transforming plaintext to cipher text:**All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which elements in the plain text are rearranged. The fundamental requirement is that no information be lost (that is, that all operations be reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions.**The number of keys used.**If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver each use a different key, the system is referred to as asymmetric, two-key, or public-key encryption.**The way in which the plaintext is processed. A block cipher**processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.

**Cryptanalysis:** The process of attempting to discover the plaintext or key is known as **cryptanalysis**. The strategy used by the cryptanalyst depends on the nature of the encryption scheme and the information available to the cryptanalyst. The various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst. The most difficult problem is presented when all that is available is the cipher text only. In some cases, not even the encryption algorithm is known, but in general, we can assume that the opponent does know the algorithm used for encryption. One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the cipher text itself, generally applying various statistical tests to it. To use this approach, the opponent must have some general idea of the type of plaintext that is concealed, such as English or French text, an EXE file, a Java source listing, an accounting file, and so on. The cipher text-only attack is the easiest to defend against because the opponent has the least amount of information to work with. In many cases, however, the analyst has more information. The analyst may be able to capture one or more plaintext messages as well as their encryptions. Or the analyst may know that certain plaintext patterns will appear in a message. For example, a file that is encoded in the Postscript format always begins with the same pattern, or there may be a standardized header or banner to an electronic funds transfer message, and so on. All of these are examples of known plain text. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Closely related to the known-plaintext attack is what might be referred to as a probable-word attack. If the opponent is working with the encryption of some general

**Type of Attack Known to Cryptanalyst:**

**Cipher text only**- Encryption algorithm
- Cipher text to be decoded

**Known plaintext**- Encryption algorithm
- Cipher text to be decoded
- One or more plaintext–cipher text pairs formed with the secret key

**Chosen plaintext**- Encryption algorithm
- Cipher text to be decoded
- Plaintext message chosen by cryptanalyst, together with its corresponding cipher text generated with the secret key

**Chosen cipher text**- Encryption algorithm
- Cipher text to be decoded
- Purported cipher text chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

**Chosen text**- Encryption algorithm
- Cipher text to be decoded
- Plaintext message chosen by cryptanalyst, together with its corresponding cipher text generated with the secret key
- Purported cipher text chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key.

**1. Symmetric Key Cryptography:** Prose message, he or she may have little knowledge of what is in the message. However, if the opponent is after some very specific information, then parts of the message may be known. For example, if an entire accounting file is being transmitted, the opponent may know the placement of certain key words in the header of the file. As another example, the source code for a program developed by a corporation might include a copyright statement in some standardized position. If the analyst is able somehow to get the source system to insert into the system a message chosen by the analyst, then a chosen-plaintext attack is possible. In general, if the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key.

Table lists two other types of attack: chosen cipher text and chosen text. These are less commonly employed as cryptanalytic techniques but are nevertheless possible avenues of attack. Only relatively weak algorithms fail to withstand a cipher text-only attack. Generally, an encryption algorithm is designed to withstand a known-plaintext attack. An encryption scheme is computationally secure if the cipher text generated by the scheme meets one or both of the following criteria:

- The cost of breaking the cipher exceeds the value of the encrypted information.
- The time required to break the cipher exceeds the useful lifetime of the information.

**2. Asymmetric Key Cryptography:** Unfortunately, it is very difficult to estimate the amount of effort required to cryptanalyze cipher text successfully. However, assuming there is no inherent

mathematical weaknesses in the algorithm, then a brute-force approach is indicated, and here we can make some reasonable estimates about costs and time. A brute-force approach involves trying every possible key until an intelligible translation of the cipher text into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. The 56-bit key size is used with the DES (Data Encryption Standard) algorithm. For each key size, the results are shown assuming that it takes 1 μs to perform a single decryption, which is a reasonable order of magnitude for today’s machines. With the use of massively parallel organizations of microprocessors, it may be possible to achieve processing rates many orders of magnitude greater. As you can see, at this performance level, DES no longer can be considered computationally secure.