Distinguishing attack

In cryptography, a distinguishing attack is any form of cryptanalysis on data encrypted by a cipher that allows an attacker to distinguish the encrypted data from random data.^[1] Modern symmetric-key ciphers are specifically designed to be immune to such an attack.^[2] In other words, modern encryption schemes are pseudorandom permutations and are designed to have ciphertext indistinguishability. If an algorithm is found that can distinguish the output from random faster than a brute force search, then that is considered a break of the cipher.

A similar concept is the known-key distinguishing attack, whereby an attacker knows the key and can find a structural property in the cipher, where the transformation from plaintext to ciphertext is not random.^[3]

^ Meier, Willi; Kunzli, Simon (2005). "Distinguishing Attack on MAG" (PDF). ENCRYPT Stream Cipher Project. eSTREAM. Retrieved 8 February 2013.
^ Leonid Reyzin (2004). "Symmetric Cryptography" (PDF). Lecture Notes for Boston University CAS CS 538: Fundamentals of Cryptography.
^ Elena Andreeva; Andrey Bogdanov; Bart Mennink (8 July 2014). Towards Understanding the Known-Key Security of Block Ciphers. FSE 2014.

[MAG-1] Meier, Willi; Kunzli, Simon (2005). "Distinguishing Attack on MAG" (PDF). ENCRYPT Stream Cipher Project. eSTREAM. Retrieved 8 February 2013.

[cs-538-2] Leonid Reyzin (2004). "Symmetric Cryptography" (PDF). Lecture Notes for Boston University CAS CS 538: Fundamentals of Cryptography.

[3] Elena Andreeva; Andrey Bogdanov; Bart Mennink (8 July 2014). Towards Understanding the Known-Key Security of Block Ciphers. FSE 2014.

[1]

[2]

[3]