Adversary (cryptography)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
For other uses, see Adversary (disambiguation).

In cryptography, an adversary (rarely opponent, enemy) is a malicious entity whose aim is to prevent the users of the cryptosystem from achieving their goal (primarily privacy, integrity, and availability of data). An adversary's efforts might take the form of attempting to discover secret data, corrupting some of the data in the system, spoofing the identity of a message sender or receiver, or forcing system downtime.

Actual adversaries, as opposed to idealized ones, are referred to as attackers. Not surprisingly, the former term predominates in the cryptographic and the latter in the computer security literature. Eve, Mallory, Oscar and Trudy are all adversarial characters widely used in both types of texts.

This notion of an adversary helps both intuitive and formal reasoning about cryptosystems by casting security analysis of cryptosystems as a 'game' between the users and a centrally co-ordinated enemy. The notion of security of a cryptosystem is meaningful only with respect to particular attacks (usually presumed to be carried out by particular sorts of adversaries).

There are several types of adversaries depending on what capabilities or intentions they are presumed to have. Adversaries may be

  • computationally bounded or unbounded (i.e. in terms of time and storage resources),
  • eavesdropping or Byzantine (i.e. passively listening on or actively corrupting data in the channel),
  • static or adaptive (i.e. having fixed or changing behavior),
  • mobile or non-mobile (e.g. in the context of network security)

and so on. In actual security practice, the attacks assigned to such adversaries are often seen, so such notional analysis is not merely theoretical.

How successful an adversary is at breaking a system is measured by its advantage. An adversary's advantage is the difference between the adversary's probability of breaking the system and the probability that the system can be broken by simply guessing. The advantage is specified as a function of the security parameter.