A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts...

message they encrypt. The property of indistinguishability under chosen plaintext attack is considered a basic requirement for most provably secure public...

under chosen-ciphertext attack. For example, the El Gamal cryptosystem is semantically secure under chosen-plaintext attack, but this semantic security...

Adaptive chosen-ciphertext attack Indifferent chosen-ciphertext attack Related-key attack: similar to a chosen-plaintext attack, except the attacker can obtain...

cryptographic systems resist known plaintext or even chosen plaintext attacks, and so may not be entirely compromised when plaintext is lost or stolen. Older systems...

Known-plaintext: the attacker has a set of ciphertexts to which they know the corresponding plaintext. Chosen-plaintext (chosen-ciphertext): the attacker can...

An adaptive chosen-ciphertext attack (abbreviated as CCA2) is an interactive form of chosen-ciphertext attack in which an attacker first sends a number...

resistant to all chosen-plaintext attacks. Adaptive chosen-plaintext attack (CPA2) - in this attack the analyst can choose a sequence of plaintexts to be encrypted...

users. This is a known limitation of TLS as it is susceptible to chosen-plaintext attack against the application-layer data it was meant to protect. Earlier...

is severely insecure. There is a chosen-plaintext attack, effective for all block sizes, using 338 chosen plaintexts. For 3-byte blocks (typically used...

chosen plaintext attack (IND-CPA). When implemented with certain trapdoor permutations (e.g., RSA), OAEP is also proven to be secure against chosen ciphertext...

chosen-plaintext attack in many cases, since the attacker may be able to manipulate the entire IV–counter pair to cause a collision. Once an attacker...

messages m1 and m2 such that hash(m1) = hash(m2). More generally: Chosen-prefix collision attack Given two different prefixes p1 and p2, find two suffixes s1...

also include known plaintext attacks where both the plaintext and its corresponding ciphertext are known. While active attackers can interact with the...

CVE-2012-4929. The vulnerability exploited is a combination of chosen plaintext attack and inadvertent information leakage through data compression, similar...

compression makes no difference to BREACH, which can still perform a chosen-plaintext attack against the HTTP payload. As a result, clients and servers are...

form of signature is existentially unforgeable, even against a chosen-plaintext attack.[clarification needed] There are several reasons to sign such a...

respective plaintexts. That is, m1em2e ≡ (m1m2)e (mod n). Because of this multiplicative property, a chosen-ciphertext attack is possible. E.g., an attacker who...

also vulnerable to a known plaintext attack. However, a block cipher must not be vulnerable to a chosen plaintext attack to be considered secure. Therefore...

and is able to forward plaintext messages to Alice for encryption (in other words, Eve is capable of a chosen-plaintext attack). Now assume that Alice...

weaknesses in the original Block TEA. XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work. See cryptanalysis below...

This crib-based decryption is an example of a chosen-plaintext attack, because plain text effectively chosen by the British was injected into the ciphertext...

— for related-key attacks, how many related key queries are needed Attacks that lead to disclosure of the key or plaintext. Attacks that allow distinguishing...

definition of security called ciphertext indistinguishability under chosen-plaintext attack. This latter definition is more common than the original definition...

These enhancements are designed to protect against, for example, chosen-plaintext attack cryptanalysis. If the algorithm directive's value is "MD5" or unspecified...

encoding. Compression allows a form of chosen plaintext attack to be performed: if an attacker can inject any chosen content into the page, they can know...

a known-plaintext attack, Eve has access to a ciphertext and its corresponding plaintext (or to many such pairs). In a chosen-plaintext attack, Eve may...

cryptanalysis is usually a chosen plaintext attack, meaning that the attacker must be able to obtain ciphertexts for some set of plaintexts of their choosing....

variable-length plaintext messages often have to be padded (expanded) to be compatible with the underlying cryptographic primitive. The attack relies on having...

cryptanalysis into a single attack. An enhanced version of the attack can break 9-round DES with 215.8 chosen plaintexts and has a 229.2 time complexity...