A chosenplaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. The goal of the attack is to gain some further information which reduces the security of the encryption scheme. In the worst case, a chosenplaintext attack could reveal the scheme's secret key.
This appears, at first glance, to be an unrealistic model; it would certainly be unlikely that an attacker could persuade a human cryptographer to encrypt large amounts of plaintexts of the attacker's choosing. Modern cryptography, on the other hand, is implemented in software or hardware and is used for a diverse range of applications; for many cases, a chosenplaintext attack is often very feasible. Chosenplaintext attacks become extremely important in the context of public key cryptography, where the encryption key is public and attackers can encrypt any plaintext they choose.
Any cipher that can prevent chosenplaintext attacks is then also guaranteed to be secure against knownplaintext and ciphertextonly attacks; this is a conservative approach to security.
Two forms of chosenplaintext attack can be distinguished:
Nonrandomized (deterministic) public key encryption algorithms are vulnerable to simple "dictionary"type attacks, where the attacker builds a table of likely messages and their corresponding ciphertexts. To find the decryption of some observed ciphertext, the attacker simply looks the ciphertext up in the table. As a result, publickey definitions of security under chosenplaintext attack require probabilistic encryption (i.e., randomized encryption). Conventional symmetric ciphers, in which the same key is used to encrypt and decrypt a text, may also be vulnerable to other forms of chosenplaintext attack, for example, differential cryptanalysis of block ciphers.
A technique termed Gardening was used by Allied codebreakers in World War II who were solving messages encrypted on the Enigma machine. Gardening can be viewed as a chosenplaintext attack.
