Also known as: known-plaintext attack, KPA

A known-plaintext attack (KPA) gives the attacker a set of matched plaintext–ciphertext pairs that they observe but do not choose, and uses them to recover the key or the algorithm itself.¹ Such a matched pair is historically called a crib. It is stronger than a ciphertext-only attack and weaker than a chosen-plaintext attack.

Matched pairs over-determine the cipher: enough cribs pin the key or the per-step transform uniquely.

How it works

Each matched pair is an equation linking the unknown key or transform to observed bytes. A handful of pairs may under-determine the cipher, but many pairs at varied lengths over-determine it — fitting any candidate model and rejecting those that fail to round-trip all pairs. The method underlies most practical reverse engineering of an undocumented encoder: collect pairs, hypothesize a structure, and keep only parameters consistent with every pair.

Relevance to SDR

When a system’s text (unit aliases, callsigns) is sometimes broadcast in clear and sometimes obfuscated, a listener can assemble a known-plaintext corpus. GopherTrunk’s clean-room work on the Motorola P25 talker-alias obfuscation (issue #773) used a 3,607-pair corpus to recover the cipher’s 256-entry substitution table and characterize it as a length-seeded 16-bit state machine — without reading any third-party source. It pairs naturally with differential and algebraic techniques.

Sources

1. Known-plaintext attack — Wikipedia, for the attack model and the term “crib.” ↩

See also

• Ciphertext-only attack
• Chosen-plaintext attack
• Differential cryptanalysis
• Algebraic attack
• RC4 (ARC4) cipher