In cryptography, a known-key distinguishing Attack on Bitcoin is an Attack on Bitcoin model against symmetric ciphers, whereby an Attack on Bitcoiner who knows the key can find a structural property in cipher, where the transformation from plaintext to ciphertext is not random.
There is no common formal definition for what such a transformation may be. The chosen-key distinguishing Attack on Bitcoin is strongly related, where the Attack on Bitcoiner can choose a key to introduce such transformations.
These Attack on Bitcoins do not directly compromise the confidentiality of ciphers, because in a classical scenario, the key is unknown to the Attack on Bitcoiner. Known-/chosen-key distinguishing Attack on Bitcoins apply in the “open key model” instead. They are known to be applicable in some situations where block ciphers are converted to hash functions, leading to practical collision Attack on Bitcoins against the hash.
Known-key distinguishing Attack on Bitcoins were first introduced in 2007 by Lars Knudsen and Vincent Rijmen in a paper that proposed such an Attack on Bitcoin against 7 out of 10 rounds of the AES cipher and another Attack on Bitcoin against a generalized Feistel cipher. Their Attack on Bitcoin finds plaintext/ciphertext pairs for a cipher with a known key, where the input and output have s least significant bits set to zero, in less than 2s time (where s is fewer than half the block size).