Stream Ciphers: Security and Key Length

Questions and Answers

Which attack technique/model is stronger than just knowing ciphertext?

• Known-plaintext attack (correct)
• Symmetric key cryptography
• Chosen plaintext attack
• Known ciphertext-attack

In which attack technique/model is the attacker given access to an encryption oracle (Blackbox)?

• Known-plaintext attack
• Symmetric key cryptography
• Chosen plaintext attack (correct)
• Known ciphertext-attack

Which type of cryptography involves an attacker being able to generate the plaintext/ciphertext pairs that they want?

• Chosen plaintext attack (correct)
• Known-plaintext attack
• Symmetric key cryptography
• Public key cryptography

Which cipher type should have a key length much smaller than the message length?

Stream cipher (D)

Which attack technique/model involves an attacker trying to find the key or at least the plaintext for a given ciphertext?

Known-plaintext attack (B)

Explain the difference between a known-ciphertext attack and a known-plaintext attack.

A known-ciphertext attack has little information and tries to find corresponding plaintext, while a known-plaintext attack involves the attacker being given a list of plaintext/ciphertext pairs and then trying to find the key or at least the plaintext for a given ciphertext.

What is a chosen-plaintext attack and how does it differ from a known-plaintext attack?

A chosen-plaintext attack involves the attacker being given access to an encryption oracle (Blackbox) and the goal is to find the key or just to decrypt the message. This attack is stronger than a known-plaintext attack because in the former, the attacker is given plaintext/ciphertext pairs, but in the chosen-plaintext attack, the attacker can generate the plaintext/ciphertext pairs that they want.

Provide an example of a chosen-plaintext attack in the context of public key cryptography.

In the context of public key cryptography, an example of a chosen-plaintext attack is when an attacker can send queries to a Blackbox (any plaintext) and the box can give out the encryption of this message. This is stronger than a known-plaintext attack because in the former, the attacker is given plaintext/ciphertext pairs, but in this black box situation the attacker can generate the plaintext/ciphertext pairs that they want.

What are the security requirements for a practical cipher with respect to key length and message length?

A practical cipher should have a key length much smaller than the message length in order to provide security against known attack techniques.

Why is a chosen-plaintext attack stronger than a known-plaintext attack?

A chosen-plaintext attack is stronger than a known-plaintext attack because in the former, the attacker can generate the plaintext/ciphertext pairs that they want, whereas in the latter, the attacker is given plaintext/ciphertext pairs.