Bit-flipping attack
Encyclopedia
A bit-flipping attack is an attack on a cryptographic
cipher
in which the attacker
can change the ciphertext
in such a way as to result in a predictable change of the plaintext
, although the attacker is not able to learn the plaintext itself. Note that this type of attack is not—directly—against the cipher itself (as cryptanalysis
of it would be), but against a particular message or series of messages. In the extreme, this could become a Denial of service attack against all messages on a particular channel using that cipher.
The attack is especially dangerous when the attacker knows the format of the message. In such a situation, the attacker can turn it into a similar message but one in which some important information is altered. For example, a change in the destination address might alter the message route in a way that will force re-encryption with a weaker cipher, thus possibly making it easier for an attacker to decipher the message.
When applied to digital signature
s, the attacker might be able to change a promissory note
stating "I owe you $10.00" into one stating "I owe you $10000".
Stream cipher
s, such as RC4, are vulnerable to a bit-flipping attack, as are some block cipher
modes of operation. See stream cipher attack
. A keyed message authentication code
, digital signature
, or other authentication mechanism allows the recipient to detect if any bits were flipped in transit.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
in which the attacker
Attacker
In some sports, an attacker is a specific type of player, usually one whose role involves aggressive play. Heavy attackers are usually placed up front so they can score some points for the team.In football, attackers are also referred to as strikers....
can change the ciphertext
Ciphertext
In cryptography, ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher...
in such a way as to result in a predictable change of the plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....
, although the attacker is not able to learn the plaintext itself. Note that this type of attack is not—directly—against the cipher itself (as cryptanalysis
Cryptanalysis
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
of it would be), but against a particular message or series of messages. In the extreme, this could become a Denial of service attack against all messages on a particular channel using that cipher.
The attack is especially dangerous when the attacker knows the format of the message. In such a situation, the attacker can turn it into a similar message but one in which some important information is altered. For example, a change in the destination address might alter the message route in a way that will force re-encryption with a weaker cipher, thus possibly making it easier for an attacker to decipher the message.
When applied to digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
s, the attacker might be able to change a promissory note
Promissory note
A promissory note is a negotiable instrument, wherein one party makes an unconditional promise in writing to pay a determinate sum of money to the other , either at a fixed or determinable future time or on demand of the payee, under specific terms.Referred to as a note payable in accounting, or...
stating "I owe you $10.00" into one stating "I owe you $10000".
Stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
s, such as RC4, are vulnerable to a bit-flipping attack, as are some block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
modes of operation. See stream cipher attack
Stream cipher attack
Stream ciphers, where plaintext bits are combined with a cipher bit stream by an exclusive-or operation , can be very secure if used properly. However they are vulnerable to attack if certain precautions are not followed:*keys must never be used twice...
. A keyed message authentication code
Message authentication code
In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
, digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
, or other authentication mechanism allows the recipient to detect if any bits were flipped in transit.