0

I say that if a professional code breaker has a bunch of data, the encoded version of said data and the encoding method he can figure out the encoding key. It is just a matter of having enough data. Is this true?

How much data or how many characters (with matching coded characters) would a professional need in order to come up with the code key?

David
  • 15,814
  • 3
  • 48
  • 73
user39566
  • 9
  • 1
  • It has come to my mind that you MAY be talking about simple encryption systems like "caesar" or "substitution". Then a plaintext attack will success against the encryption method. Modern cryptography is way more complicated than that and can't be broken in the same way. – kiBytes Feb 06 '14 at 06:53
  • By the way you've worded the question, it sounds like you're thinking that there will be some kind of pattern in the encrypted data that the codebreaker could use to discover the key. However, you haven't place any constraints on the key. What if the key is randomly generated data that is the same length (or longer than) the original data? (I think the answer is No.) – jdigital Feb 06 '14 at 04:59
  • WOW. OK, yes you are right I am thinking that there would be some kind of pattern. I assumed that the pattern is so huge that it would take way too long to figure it out. Yes, that's why I was asking how much data and encoded data it would take to show the pattern. – user39566 Feb 06 '14 at 05:22

2 Answers2

10

I assume you mean encryption when you say "encoding".

This model of attack is known as the known-plaintext attack. It is a situation where an attacker has samples of both the encrypted ciphertext and the corresponding plaintext. All commonly used encryption schemes thought to be secure are resistant against this form of attack (resistant meaning there is no better method than a naive bruteforce attack on the key).

In fact, most modern symmetric ciphers are secure against a much stronger model of attack, the chosen-plaintext attack where an attacker has the ability to encrypt arbitrary amounts of plaintext data and obtain the corresponding ciphertext.

So the answer to this is no, you are very wrong, at least when referring to encryption schemes that you should be using in real world situations.

0

1) Yes. This is called a known-plaintext attack, and is probably the simplest form of cryptanalysis.

2) Not much. Codebreakers working to defeat the Enigma cypher could figure out what the day's settings were with as few as four letters; for modern block cyphers, a single encryption block (eg. 128 bits of data for AES-128) is enough.

What you haven't asked is how long it would take. Most modern cyphers are highly resistant against known-plaintext attacks, such that the only one that works is brute force (ie. trying all possible encryption keys until you find the right one). For a cypher such as AES-128, the time needed for a brute-force attack is longer than the remaining life of the universe, even if the entire universe were turned into a codebreaking computer.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • If it takes longer than the remaining life of the universe, I'd say that the answer is No. In fact, if it takes longer than the lifetime of the codebreaker, the answer is No. – jdigital Feb 06 '14 at 05:02
  • Lets talk about number 2. I know history. I was thinking of the Blechley park group. Along those lines. How much Data would one need with the matching encoding in order to come up with a key? 10,000 characters? 100,000 characters? Remember there is no other data to worry about. You already have the info you need. I guess i was just wondering if one came up with a key and then tried to encode the same 10,000 characters. Would the key encode the same data the same way? – user39566 Feb 06 '14 at 05:19
  • It's funny that there are two answers here, one that says Yes, and one that says No, and both point to the same Wikipedia article. If you read to the end of the [Wikipedia article](https://en.wikipedia.org/wiki/Known-plaintext_attack), you'll see the answer: > Modern ciphers such as Advanced Encryption Standard are not currently > known to be susceptible to known-plaintext attacks. – jdigital Feb 06 '14 at 05:13
  • So you are saying that there is no amount of characters and their corresponding encoded output that one can figure out the encoding key? – user39566 Feb 06 '14 at 05:39
  • That's the way I interpret the Wikipedia article. Now that you know what to search for ("known-plaintext attack"), you can do more research if you'd like to dig deeper. – jdigital Feb 06 '14 at 05:41
  • It's a disagreement over the meaning of the words "yes" and "no", and whether a task that cannot be completed before the heat death of the universe can be said to be possible to complete. – Mark Feb 06 '14 at 07:25