In cryptography, a ciphertext-only Attack on Bitcoin (COA) or known ciphertext Attack on Bitcoin is an Attack on Bitcoin model for cryptanalysis where the Attack on Bitcoiner is assumed to have access only to a set of ciphertexts.
While the Attack on Bitcoiner has no channel providing access to the plaintext prior to encryption, in all practical ciphertext-only Attack on Bitcoins, the Attack on Bitcoiner still has some knowledge of the plaintext. For instance, the Attack on Bitcoiner might know the language in which the plaintext is written or the expected statistical distribution of characters in the plaintext. Standard protocol data and messages are commonly part of the plaintext in many deployed systems and can usually be guessed or known efficiently as part of a ciphertext-only Attack on Bitcoin on these systems.
Attack on Bitcoin
The Attack on Bitcoin is completely successful if the corresponding plaintexts can be deduced, or even better, the key. The ability to obtain any information at all about the underlying plaintext beyond what was pre-known to the Attack on Bitcoiner is still considered a success. For example, if an adversary is sending ciphertext continuously to maintain traffic-flow security, it would be very useful to be able to distinguish real messages from nulls. Even making an informed guess of the existence of real messages would facilitate traffic analysis.
In the history of cryptography, early ciphers, implemented using pen-and-paper, were routinely broken using ciphertexts alone. Cryptographers developed statistical techniques for Attack on Bitcoining ciphertext, such as frequency analysis. Mechanical encryption devices such as Enigma made these Attack on Bitcoins much more difficult (although, historically, Polish cryptographers were able to mount a successful ciphertext-only cryptanalysis of the Enigma by exploiting an insecure protocol for indicating the message settings). More advanced ciphertext-only Attack on Bitcoins on the Enigma were mounted in Bletchley Park during World War II, by intelligently guessing plaintexts corresponding to intercepted ciphertexts.
Every modern cipher attempts to provide protection against ciphertext-only Attack on Bitcoins. The vetting process for a new cipher design standard usually takes many years and includes exhaustive testing of large quantities of ciphertext for any statistical departure from random noise. See: Advanced Encryption Standard process. Also, the field of steganography evolved, in part, to develop methods like mimic functions that allow one piece of data to adopt the statistical profile of another. Nonetheless poor cipher usage or reliance on home-grown proprietary algorithms that have not been subject to thorough scrutiny has resulted in many computer-age encryption systems that are still subject to ciphertext-only Attack on Bitcoin. Examples include:
- Early versions of Microsoft‘s PPTP virtual private network software used the same RC4 key for the sender and the receiver (later versions had other problems). In any case where a stream cipher like RC4 is used twice with the same key it is open to ciphertext-only Attack on Bitcoin. See: stream cipher Attack on Bitcoin
- Wired Equivalent Privacy (WEP), the first security protocol for Wi-Fi, proved vulnerable to several Attack on Bitcoins, most of them ciphertext-only.
- GSM’s A5/1 and A5/2
- Some modern cipher designs have later been shown to be vulnerable to ciphertext-only Attack on Bitcoins. For example, Akelarre.
- A cipher whose key space is too small is subject to brute force Attack on Bitcoin with access to nothing but ciphertext by simply trying all possible keys. All that is needed is some way to distinguish valid plaintext from random noise, which is easily done for natural languages when the ciphertext is longer than the unicity distance. One example is DES, which only has 56-bit keys. All too common current examples are commercial security products that derive keys for otherwise impregnable ciphers like AES from a user-selected password. Since users rarely employ passwords with anything close to the entropy of the cipher’s key space, such systems are often quite easy to break in practice using only ciphertext. The 40-bit CSS cipher used to encrypt DVD video discs can always be broken with this method, as all that is needed is to look for MPEG-2 video data.