Home

Chosenplaintext

Chosen-plaintext attack (CPA) is a cryptanalytic model in which an attacker can obtain ciphertexts for plaintexts of their choosing in order to learn information about the secret data or the encryption key. The goal is typically to distinguish between the encryptions of two chosen messages or to recover aspects of the plaintext distribution, rather than directly to recover the key. CPA is a foundational notion for assessing confidentiality in encryption schemes.

There are two common variants: non-adaptive CPA and adaptive CPA. In the non-adaptive setting, the attacker submits

CPA is closely related to, but weaker than, indistinguishability under chosen-plaintext attacks (IND-CPA). An encryption scheme

a
set
of
plaintexts
to
be
encrypted
before
the
challenge
phase.
In
adaptive
CPA,
the
attacker
can
use
the
results
of
previously
obtained
ciphertexts
to
craft
new
plaintexts
for
subsequent
encryptions.
In
the
standard
CPA
game,
the
attacker
chooses
two
equal-length
messages
m0
and
m1,
a
challenger
selects
a
random
bit
b
and
returns
the
ciphertext
of
m_b
under
a
secret
key.
The
attacker
wins
if
they
can
guess
b
with
non-negligible
advantage
over
1/2.
If
a
scheme
remains
secure
under
this
game,
it
is
said
to
be
CPA-secure.
that
is
IND-CPA
secure
is
also
CPA
secure,
and
IND-CPA
is
a
formalization
of
the
intuition
that
ciphertexts
should
reveal
no
information
about
the
chosen
plaintext.
CPA
security
is
a
key
objective
in
the
design
of
modern
symmetric
and
public-key
encryption
schemes,
serving
as
a
baseline
confidentiality
guarantee
alongside
stronger
models
such
as
chosen-ciphertext
security
(CCA).