Cryptographic Attacks

No cryptographic system exists in isolation. Even mathematically strong algorithms can be vulnerable to implementation flaws, side-channel leakage, protocol weaknesses, and human error. Understanding how cryptographic systems are attacked is essential for building secure implementations.

---

Categories of Cryptographic Attacks

Category	Target	Examples
Brute force	The key space	Exhaustive key search
Mathematical	The algorithm itself	Factorisation, discrete log
Side channel	Physical implementation	Timing, power analysis, cache
Implementation	Software bugs	Padding oracle, nonce reuse
Protocol	The way crypto is used	Downgrade, replay, MITM
Social / operational	Key management and people	Stolen keys, weak passwords

---

Brute Force Attacks

A brute force attack tries every possible key until the correct one is found:

Key Size	Possible Keys	Time to Brute Force
56 bits (DES)	7.2 × 10^16	Hours (specialised hardware)
128 bits (AES-128)	3.4 × 10^38	Billions of years (current technology)
256 bits (AES-256)	1.2 × 10^77	Physically impossible (exceeds energy of the sun)

Key takeaway: Use a key size of 128 bits or more for symmetric encryption. AES-256 provides a massive security margin.

---

Frequency Analysis

As covered in the Classical Ciphers lesson, frequency analysis exploits the statistical properties of language to break substitution ciphers:

• Count letter frequencies in ciphertext
• Map to known language frequency distributions
• Effective against monoalphabetic and weak polyalphabetic ciphers
• Not effective against modern ciphers (AES, ChaCha20) because they eliminate statistical patterns

---

Birthday Attack

The birthday attack exploits the birthday paradox to find hash collisions:

• In a group of 23 people, there is a ~50% chance that two share a birthday
• For a hash function with n-bit output, a collision can be found in approximately 2^(n/2) operations (not 2^n)

Hash Output	Collision Resistance	Pre-image Resistance
128 bits (MD5)	2^64 (broken)	2^128
160 bits (SHA-1)	2^80 (broken)	2^160
256 bits (SHA-256)	2^128 (secure)	2^256

Practical impact: This is why hash output sizes must be at least twice the desired security level.

---

Side-Channel Attacks

Side-channel attacks extract secret information from the physical implementation of a cryptographic system, rather than the algorithm itself.

Timing Attacks

• Measure the time taken by cryptographic operations
• Variations in execution time can reveal information about the key
• Example: If a password comparison exits early on the first wrong character, the attacker can determine the password character by character

Mitigation: Use constant-time comparison functions.

Power Analysis

• Simple Power Analysis (SPA): observe power consumption patterns during a single operation
• Differential Power Analysis (DPA): statistically analyse power consumption across many operations
• Used to extract keys from smart cards, hardware tokens, and embedded devices

Mitigation: Implement power-balancing techniques; use hardware countermeasures.

Cache Timing Attacks

• Exploit CPU cache behaviour to determine which memory locations were accessed
• Flush+Reload, Prime+Probe — can extract AES keys from shared-tenancy cloud environments
• Spectre/Meltdown (2018) — CPU speculation-based side channels

Mitigation: Use constant-time algorithms; implement cache-line isolation.

Electromagnetic (EM) Emanation

• Capture electromagnetic radiation emitted by a device during cryptographic operations
• Similar to power analysis but can be performed at a distance

---

Padding Oracle Attacks

A padding oracle attack exploits error messages that reveal whether decrypted data has valid padding:

How It Works