# Re: Chosen plaintext attacks

*From*: "Joseph Ashwood" <ashwood@xxxxxxx>*Date*: Sat, 18 Sep 2010 06:39:29 -0700

"JT" <jonas.thornvall@xxxxxxxxxxx> wrote in message news:3cff2629-abd4-4631-b3a5-b316843bb5d4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On 15 Sep, 11:55, "Joseph Ashwood" <ashw...@xxxxxxx> wrote:

The first thing i would start with if i tried to break my

cipher would be to analyse how many possible combinations of (XOR)

A^B^D = D that can produce a specific D.

So the first thing you would do is ignore everything I said, and make the worst possible mistake.

That is an indication of how hard the cipher will be to break, if the

number of combinations is *bigger then the keysize*, that would mean

trouble.

It is trivial to prove that your approach will fail completely. If there is more data available than length(key)/2 then you immediately determine that there is trouble. The opposite is true, read up a bit on the unicity distance, by the unicity distance you'll need slightly over length(key) data to make it possible to attack the key.

A chosen plaintext attack on this cipher would just not make sense,

So you didn't read anything I wrote. I'll explain it again more briefly this time.

what i try to figure out here is the strength of the pseudo random

permutation stream the CSPRNG.

No, all you're doing is not understanding anything.

So we go direct on the CSPRNG skip the

salt

No, the salt is the critical point to the attack.

and so on just analyse our pseudorandom XOR stream.

Wrong, you don't analyze the stream, you analyze the cipher.

So we check if there is any mathematical way to describe the relations

between the output of the CSPRNG blocks,

This is a trivial step, the way to describe the relationship is given by the cipher, this is why the attack is on the cipher, not on the stream.

and since this is not a PRF

but a PRP.

That statement is absolutely and completely false. Every PRP is a PRF. As usual you are ignoring everything I said, and ignoring every bit of reality.

There seem to be no single mathematical formula or function

that can describe the relation between the blocks.

Actually it is exactly describable, the simple fact that it has been computed reveals that there is a formula.

It is just an PRP

algorithm that do not express itself as a mathematical function.

The only thing a computer does is math, so you have effectively claimed that a computer can't do the encryption.

So what is left is to look for weaknesses in the keysetup, when the

permutation buffers is created from the key.

No, what is left is to do anything that might resemble cryptanalysis.

Now to explain again.

Every XOR combined stream cipher can be expressed as

Output[I] = Input[I]^F(Key, I)

I have deliberately avoided the terms ciphertext and plaintext because that is part of your problem, you don't understand what the plaintext is. When attacking F() THE PLAINTEXT IS I. Now since the attacker very often has the ability to choose the beginning I there is the ability to mount a chosen plaintext attack.

So, if you actually pay attention to what has been written, you will see that every single statement you made is completely incorrect.

Joe

.

**Follow-Ups**:**Re: Chosen plaintext attacks***From:*JT

**References**:**Chosen plaintext attacks***From:*JT

**Re: Chosen plaintext attacks***From:*Joseph Ashwood

**Re: Chosen plaintext attacks***From:*JT

- Prev by Date:
**Re: Bi-directional certificate authentication [vs. passwords]** - Next by Date:
**Re: High-bandwidth Digital Content Protection (HDCP)** - Previous by thread:
**Re: Chosen plaintext attacks** - Next by thread:
**Re: Chosen plaintext attacks** - Index(es):