# Understanding Cryptography by Christof Paar and Jan Pelzl - Chapter 1 Solutions - Ex1.13

- 1 min- Return to index
- Exercise 1.1
- Exercise 1.2
- Exercise 1.3
- Exercise 1.4
- Exercise 1.5
- Exercise 1.6
- Exercise 1.7
- Exercise 1.8
- Exercise 1.9
- Exercise 1.10
- Exercise 1.11
- Exercise 1.12
- Exercise 1.13
- Exercise 1.14

## Exercise 1.13

In an attack scenario, we assume that the attacker Oscar manages somehow to provide Alice with a few pieces of plaintext that she encrypts. Show how Oscar can break the affine cipher by using two pairs of plaintext–ciphertext, and . What is the condition for choosing and ?

Remark: In practice, such an assumption turns out to be valid for certain settings, e.g., encryption by Web servers, etc. This attack scenario is, thus, very important and is denoted as a chosen plaintext attack.

### Solution

*This solution is verified as correct by the official Solutions for Odd-Numbered Questions manual.*

In order to use the chosen plaintext attack, the plaintexts need to be chosen such that , where is the size of the alphabet being encrypted. Another way to put this is that must have multiplicative inverse in .

The following equations can be derived by trying to solve the two chosen plaintext encryptions as a pair of simultaneous equations: