01-02.html

Wiley - Applied Cryptography, Protocols, Algorthms, and Source Code in C

			<option value="/reference/dir.security1.html">Security	
			<!-- <option value="/reference/dir.ewtraining1.html">Training Guides -->
			<option value="/reference/dir.userinterfaces.html">UI
			<option value="/reference/dir.webservices.html">Web Services
			<option value="/reference/dir.webmasterskills1.html">Webmaster
			<option value="/reference/dir.y2k1.html">Y2K
			<option value="">-----------
			<option value="/reference/whatsnew.html">New Titles
			<option value="">-----------
			<option value="/reference/dir.archive1.html">Free Archive		
			</SELECT>
			</font></td>
	</tr>
	</table>
	</form>
<!-- LEFT NAV SEARCH END -->

		</td>
		
<!-- PUB PARTNERS END -->
<!-- END LEFT NAV -->

<td rowspan="8" align="right" valign="top"><img src="/images/iswbls.gif" width=1 height=400 alt="" border="0"></td>
<td><img src="/images/white.gif" width="5" height="1" alt="" border="0"></td>
<!-- end of ITK left NAV -->

<!-- begin main content -->
<td width="100%" valign="top" align="left">


<!-- END SUB HEADER -->

<!--Begin Content Column -->

<FONT FACE="Arial,Helvetica" SIZE="-1">
To access the contents, click the chapter and section titles.
</FONT>
<P>
<B>Applied Cryptography, Second Edition: Protocols,  Algorthms, and Source Code in C (cloth)</B>
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Bruce Schneier
<BR>
ISBN: 0471128457
<BR>
Publication Date: 01/01/96
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">

<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">

<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE="">&nbsp;<input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471128457/">

</form>


<!-- Empty Reference Subhead -->

<!--ISBN=0471128457//-->
<!--TITLE=APPLIED CRYPTOGRAPHY, SECOND EDITION: Protocols, Algorithms, and Source Code in C//-->
<!--AUTHOR=Bruce Schneier//-->
<!--PUBLISHER=Wiley Computer Publishing//-->
<!--CHAPTER=01//-->
<!--PAGES=004-006//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="01-01.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="01-03.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>Symmetric algorithms can be divided into two categories. Some operate on the plaintext a single bit (or sometimes byte) at a time; these are called <B>stream algorithms</B> or <B>stream ciphers</B>. Others operate on the plaintext in groups of bits. The groups of bits are called <B>blocks</B>, and the algorithms are called <B>block algorithms</B> or <B>block ciphers</B>. For modern computer algorithms, a typical block size is 64 bits&#151;large enough to preclude analysis and small enough to be workable. (Before computers, algorithms generally operated on plaintext one character at a time. You can think of this as a stream algorithm operating on a stream of characters.)</P>
<P><FONT SIZE="+1"><B><I>Public-Key Algorithms</I></B></FONT></P>
<P><B>Public-key algorithms</B> (also called asymmetric algorithms) are designed so that the key used for encryption is different from the key used for decryption. Furthermore, the decryption key cannot (at least in any reasonable amount of time) be calculated from the encryption key. The algorithms are called &#147;public-key&#148; because the encryption key can be made public: A complete stranger can use the encryption key to encrypt a message, but only a specific person with the corresponding decryption key can decrypt the message. In these systems, the encryption key is often called the <B>public key</B>, and the decryption key is often called the <B>private key</B>. The private key is sometimes also called the secret key, but to avoid confusion with symmetric algorithms, that tag won&#146;t be used here.</P>
<P>Encryption using public key <I>K</I> is denoted by:</P>
<DL>
<DD><I>E</I><SUB>K</SUB>(<I>M</I>) = <I>C</I>
</DL>
<P>Even though the public key and private key are different, decryption with the corresponding private key is denoted by:
</P>
<DL>
<DD><I>D</I><SUB>K</SUB>(<I>C</I>) = <I>M</I>
</DL>
<P>Sometimes, messages will be encrypted with the private key and decrypted with the public key; this is used in digital signatures (see Section 2.6). Despite the possible confusion, these operations are denoted by, respectively:
</P>
<DL>
<DD><I>E</I><SUB>K</SUB>(<I>M</I>) = <I>C</I>
<DD><I>D</I><SUB>K</SUB>(<I>C</I>) = <I>M</I>
</DL>
<P><FONT SIZE="+1"><B><I>Cryptanalysis</I></B></FONT></P>
<P>The whole point of cryptography is to keep the plaintext (or the key, or both) secret from eavesdroppers (also called adversaries, attackers, interceptors, interlopers, intruders, opponents, or simply the enemy). Eavesdroppers are assumed to have complete access to the communications between the sender and receiver.
</P>
<P>Cryptanalysis is the science of recovering the plaintext of a message without access to the key. Successful cryptanalysis may recover the plaintext or the key. It also may find weaknesses in a cryptosystem that eventually lead to the previous results. (The loss of a key through noncryptanalytic means is called a <B>compromise</B>.)</P>
<P>An attempted cryptanalysis is called an <B>attack</B>. A fundamental assumption in cryptanalysis, first enunciated by the Dutchman A. Kerckhoffs in the nineteenth century, is that the secrecy must reside entirely in the key [794]. Kerckhoffs assumes that the cryptanalyst has complete details of the cryptographic algorithm and implementation. (Of course, one would assume that the CIA does not make a habit of telling Mossad about its cryptographic algorithms, but Mossad probably finds out anyway.) While real-world cryptanalysts don&#146;t always have such detailed information, it&#146;s a good assumption to make. If others can&#146;t break an algorithm, even with knowledge of how it works, then they certainly won&#146;t be able to break it without that knowledge.</P>
<P>There are four general types of cryptanalytic attacks. Of course, each of them assumes that the cryptanalyst has complete knowledge of the encryption algorithm used:</P>
<DL>
<DD><B>1.</B>&nbsp;&nbsp;<B>Ciphertext-only attack</B>. The cryptanalyst has the ciphertext of several messages, all of which have been encrypted using the same encryption algorithm. The cryptanalyst&#146;s job is to recover the plaintext of as many messages as possible, or better yet to deduce the key (or keys) used to encrypt the messages, in order to decrypt other messages encrypted with the same keys.
<DL>
<DD>Given: <I>C</I><SUB>1</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>1</SUB>), <I>C</I><SUB>2</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>2</SUB>),...<I>C<SUB>i</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>i</SUB>)
<DD>Deduce: Either <I>P</I><SUB>1</SUB>, <I>P</I><SUB>2</SUB>,...<I>P</I><SUB>i</SUB>; <I>k</I>; or an algorithm to infer <I>P</I><SUB>i&#43;1</SUB> from <I>C</I><SUB>i&#43;1</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>i&#43;1</SUB>)
</DL>
<DD><B>2.</B>&nbsp;&nbsp;<B>Known-plaintext attack</B>. The cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages. His job is to deduce the key (or keys) used to encrypt the messages or an algorithm to decrypt any new messages encrypted with the same key (or keys).
<DL>
<DD>Given: <I>P</I><SUB>1</SUB>, <I>C</I><SUB>1</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>1</SUB>), <I>P</I><SUB>2</SUB>, <I>C</I><SUB>2</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>2</SUB>),...<I>P</I><SUB>i</SUB>, <I>C</I><SUB>i</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>i</SUB>)
<DD>Deduce: Either <I>k</I>, or an algorithm to infer <I>P</I><SUB>i&#43;1</SUB> from <I>C</I><SUB>i&#43;1</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>i&#43;1</SUB>)
</DL>
<DD><B>3.</B>&nbsp;&nbsp;<B>Chosen-plaintext attack</B>. The cryptanalyst not only has access to the ciphertext and associated plaintext for several messages, but he also chooses the plaintext that gets encrypted. This is more powerful than a known-plaintext attack, because the cryptanalyst can choose specific plaintext blocks to encrypt, ones that might yield more information about the key. His job is to deduce the key (or keys) used to encrypt the messages or an algorithm to decrypt any new messages encrypted with the same key (or keys).
<DL>
<DD>Given: <I>P</I><SUB>1</SUB>, <I>C</I><SUB>1</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>1</SUB>), <I>P</I><SUB>2</SUB>, <I>C</I><SUB>2</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>2</SUB>),...<I>P</I><SUB>i</SUB>, <I>C</I><SUB>i</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>i</SUB>), where the cryptanalyst gets to choose <I>P</I><SUB>1</SUB>, <I>P</I><SUB>2</SUB>,...<I>P</I><SUB>i</SUB>
<DD>Deduce: Either <I>k</I>, or an algorithm to infer <I>P</I><SUB>i&#43;1</SUB> from <I>C</I><SUB>i</I>&#43;1</SUB> = <I>E</I><SUB>k</SUB>(<I>P</I><SUB>i&#43;1</SUB>)
</DL>
<DD><B>4.</B>&nbsp;&nbsp;<B>Adaptive-chosen-plaintext attack</B>. This is a special case of a chosen-plaintext attack. Not only can the cryptanalyst choose the plaintext that is encrypted, but he can also modify his choice based on the results of previous encryption. In a chosen-plaintext attack, a cryptanalyst might just be able to choose one large block of plaintext to be encrypted; in an adaptive-chosen-plaintext attack he can choose a smaller block of plaintext and then choose another based on the results of the first, and so forth.
</DL>
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="01-01.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="01-03.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>

[an error occurred while processing this directive]
<!-- all of the reference materials (books) have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- BEGIN SUB FOOTER -->
		<br><br>
		</TD>
    </TR>
	</TABLE>

		
	<table width="640" border=0 cellpadding=0 cellspacing=0>
		<tr>
		<td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td>
		
		
<!-- END SUB FOOTER -->

<!-- all of the books have the footer and subfoot reveresed -->
<!-- reference_subfoot = footer -->
<!-- reference_footer = subfoot -->

<!-- FOOTER -->
			
		<td width="515" align="left" bgcolor="#FFFFFF">
<font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a>&nbsp;|&nbsp; <a href="/contactus.html"><font color="#006666">Contact Us</font></a>&nbsp;|&nbsp; <a href="/aboutus.html"><font color="#006666">About Us</font></a>&nbsp;|&nbsp; <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> &nbsp;|&nbsp; <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> &nbsp;|&nbsp; <a href="/"><font color="#006666">Home</font></a></b>
		<br><br>
		
		Use of this site is subject to certain <a href="/agreement.html">Terms &amp; Conditions</a>, <a href="/copyright.html">Copyright &copy; 1996-1999 EarthWeb Inc.</a><br> 
All rights reserved.  Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p>
</td>
		</tr>
</table>
</BODY>
</HTML>

<!-- END FOOTER -->