Let's continue our discussion in

the attacker's perspective and define the term cryptanalysis.

While cryptography originated from the art and the technique of making secret codes,

cryptanalysis corresponds to studying and analyzing

the cryptosystem with the goal of effectively deciphering the coded message,

and doing so without the possession of the cryptographic key.

Because the subject of cryptanalysis, or cryptanalyst,

lacks the cryptographic key,

it does not have the authorization to access the message.

A secret cryptosystem design prevents

such access and retains the message confidentiality against the cryptanalyst.

In contrast to attacking via brute force,

if the attacker has information about which keys are more likely than

others and use such information to try and learn the key,

then such attack becomes cryptanalysis.

The non-uniform distribution and the bias in choosing the key option to explore yields

reduced entropy of the cryptosystem and

the attacker can more quickly and efficiently find a key than brute force.

Any probabilistic information about the plaintext or

the key would give the attacker an advantage over brute forcing,

resulting in entropy reduction before the attacker begins to exploit the key options.

In general, if an attacker is attacking

the cryptosystem so that the security of the cryptosystem is weaker than advertised,

then the attacker is conducting a cryptanalytic attack.

We find such cases for entropy reduction in a non-crypto context.

An example of such attack is card counting in blackjack.

A card counting player uses the fact that the card distribution of the remaining deck is

uneven and uses the information about the remaining deck to control the bet size,

increasing the bet when the remaining deck is favorable to

the player and decreasing the bet when it's unfavorable.

While the casino house has the edge without card counting,

much like the other casino games that the house offers,

the card counting shifts the edge to the player.

When Edward Thorp, a mathematician and an academic,

first invented card counting,

the casinos did not know how card counting

works and how he was able to get such information advantage.

The random card game was not as random as the casino thought.

Back to cryptography.

Cryptanalysis can be modeled into different classification of

attacks depending on the information available to the cryptanalyst.

First type is ciphertext-only attack which is actually

the baseline in cryptography cryptanalysis and

is often assumed when designing the cryptosystem.

In practice, ciphertext-only attack requires the attacker to have access to

the ciphertext and their computer security mechanisms to make such access difficult.

However, in designing cryptographic schemes,

we do assume the worst case and consider

the attackers who have already compromised the access to the ciphertext.

So, the ciphertext-only attack is the baseline attack when designing cryptosystem.

Another type of cryptanalysis which

is more sophisticated than ciphertext-only attack is the known-plaintext attack.

The attacker knows some plaintext ciphertext pairs where

the pair is the input and the corresponding output of the target encryption cipher.

The attacker wants to learn the key or the plaintext from

the other ciphertext by using the information from the known pairs.

For example, during World War II,

when the Allies broke Enigma,

Enigma operators reporting weather information provided such known plaintext pairs.

Also, an operator making regular transmission,

which corresponded to the plaintext of nothing to report,

produce such known plaintext ciphertext pairs and help with cracking the Enigma cipher.

Another type is a chosen-plaintext attack where

the attacker can obtain the plaintext from arbitrarily chosen ciphertext.

The difference from the known-plaintext attack is that

the attackers are the ones choosing the plaintext.

Going back to the example with Enigma in World War II,

the Allies were able to construct such pairs and practice chosen ciphertext attack

by staging activities in

particular locations and having that location name appear in the plaintext.