Cryptosystem Security Assumptions

Explore some attack models along with how encryption algorithms might affect the security of a cryptosystem.

Standard assumptions

In order to assess the security of a cryptosystem, we must first establish exactly what assumptions we are making about potential attackers of the cryptosystem. Identifying assumptions about the capabilities of attackers is standard practice in all areas of information security and forms part of the larger process of risk assessment. If we underestimate an attacker’s capabilities, the resulting security might be inadequate. It thus makes sense to be slightly conservative and take a worst-case view.

In cryptography, there are three standard assumptions that are almost always made concerning an attacker’s ability. We assume that the attacker knows the following:

  1. The fact that all ciphertexts are sent using the cryptosystem: It’s entirely reasonable to assume that an attacker has access to all the ciphertexts sent using the cryptosystem. These are not hidden from public view by the encryption process.

  2. Some corresponding pairs of plaintexts and ciphertexts: At first glance, this might not seem such an obvious assumption to make. However, there are many circumstances where an attacker could have access to corresponding pairs of plaintexts and ciphertexts. Some possible scenarios are as follows:

    1. The receiver has been careless in failing to keep decrypted ciphertexts secret.

    2. The attacker has intelligently guessed some predictable plaintexts. A good example is predictable document headers. For instance, program source code files usually have a license or copyright message at the top which could be the same in all source files of that application and could be publicly known. Also, multimedia files can be easily predictable due to their particular bit pattern.

    3. The attacker has been able to influence the choice of plaintexts encrypted by the sender.

    4. The attacker has (temporary) access to either the encryption or the decryption device. Note this does not imply that the attacker knows the encryption or decryption key. The keys might be embedded in secure hardware and the attacker only has access to the interface of the machine that conducts the encryption (decryption) process. Obviously, we assume that the attacker doesn’t have permanent access to the decryption device—otherwise, they would be in a very strong position!

    5. We are using a public-key cryptosystem in which the encryption key is known to any potential attacker. Because of this, an attacker can generate pairs of corresponding plaintexts and ciphertexts at leisure.

    6. Also, to avoid misuse of television stream from the attacker, the TV logo/watermark should be present in all video frames and should always be in the same spot. Similarly, news channels usually have a strip of the same color at the bottom, which displays the news ticker.

Get hands-on with 1200+ tech skills courses.