Also known as: ciphertext-only attack, COA

A ciphertext-only attack (COA) assumes the attacker has only intercepted ciphertext — no matching plaintext and no ability to query the cipher.¹ It is the weakest set of assumptions, so a cipher that falls to it is badly broken; the attack works by exploiting structure the plaintext is known to have even when its exact contents are unknown.

With ciphertext alone, the attacker leans on what the plaintext must look like — character set, length rules, or fixed framing.

How it works

The attacker constrains the unknown plaintext using properties it is guaranteed to have: a restricted character set (e.g. printable ASCII), known field lengths or framing, language statistics, or a checksum that must validate. Each such constraint rules out candidate keys or algorithm parameters; with enough intercepted messages, the surviving candidates collapse to the true one. Classical frequency analysis of a substitution cipher is the textbook example — only ciphertext is needed because letter frequencies are a known property of the language.

Relevance to SDR

Over-the-air interception naturally yields ciphertext-only conditions. In GopherTrunk’s clean-room effort to reverse-engineer the Motorola P25 talker-alias obfuscation (issue #773), a ciphertext-only angle was available because every even-position byte must decode to a 0x00 UTF-16 pad and every alias byte must be printable — constraints derived purely from the captured bytes. It complements the stronger known-plaintext and chosen-plaintext settings.

Sources

1. Ciphertext-only attack — Wikipedia, for the attack model and its reliance on known plaintext structure. ↩

See also

• Known-plaintext attack
• Chosen-plaintext attack
• Brute-force attack (exhaustive key search)
• Scrambling (whitening)
• RC4 (ARC4) cipher