# Re: Chosen plaintext attacks

• From: "Joseph Ashwood" <ashwood@xxxxxxx>
• Date: Sat, 18 Sep 2010 06:39:29 -0700

"JT" <jonas.thornvall@xxxxxxxxxxx> wrote in message news:3cff2629-abd4-4631-b3a5-b316843bb5d4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 15 Sep, 11:55, "Joseph Ashwood" <ashw...@xxxxxxx> wrote:

The first thing i would start with if i tried to break my
cipher would be to analyse how many possible combinations of (XOR)
A^B^D = D that can produce a specific D.

So the first thing you would do is ignore everything I said, and make the worst possible mistake.

That is an indication of how hard the cipher will be to break, if the
number of combinations is *bigger then the keysize*, that would mean
trouble.

It is trivial to prove that your approach will fail completely. If there is more data available than length(key)/2 then you immediately determine that there is trouble. The opposite is true, read up a bit on the unicity distance, by the unicity distance you'll need slightly over length(key) data to make it possible to attack the key.

A chosen plaintext attack on this cipher would just not make sense,

So you didn't read anything I wrote. I'll explain it again more briefly this time.

what i try to figure out here is the strength of the pseudo random
permutation stream the CSPRNG.

No, all you're doing is not understanding anything.

So we go direct on the CSPRNG skip the
salt

No, the salt is the critical point to the attack.

and so on just analyse our pseudorandom XOR stream.

Wrong, you don't analyze the stream, you analyze the cipher.

So we check if there is any mathematical way to describe the relations
between the output of the CSPRNG blocks,

This is a trivial step, the way to describe the relationship is given by the cipher, this is why the attack is on the cipher, not on the stream.

and since this is not a PRF
but a PRP.

That statement is absolutely and completely false. Every PRP is a PRF. As usual you are ignoring everything I said, and ignoring every bit of reality.

There seem to be no single mathematical formula or function
that can describe the relation between the blocks.

Actually it is exactly describable, the simple fact that it has been computed reveals that there is a formula.

It is just an PRP
algorithm that do not express itself as a mathematical function.

The only thing a computer does is math, so you have effectively claimed that a computer can't do the encryption.

So what is left is to look for weaknesses in the keysetup, when the
permutation buffers is created from the key.

No, what is left is to do anything that might resemble cryptanalysis.

Now to explain again.

Every XOR combined stream cipher can be expressed as
Output[I] = Input[I]^F(Key, I)

I have deliberately avoided the terms ciphertext and plaintext because that is part of your problem, you don't understand what the plaintext is. When attacking F() THE PLAINTEXT IS I. Now since the attacker very often has the ability to choose the beginning I there is the ability to mount a chosen plaintext attack.

So, if you actually pay attention to what has been written, you will see that every single statement you made is completely incorrect.
Joe

.