Glossary

Chosen-plaintext attack

CPAencryption-oracle attack

A chosen-plaintext attack lets an attacker obtain ciphertexts for plaintexts they select and use the results to test the encryption scheme.

Definition

In a chosen-plaintext attack, an attacker can submit selected plaintexts to an encryption oracle and observe the ciphertexts. The goal may be key recovery, learning relationships, or distinguishing the scheme from ideal randomized encryption.

Adaptive and non-adaptive access

A non-adaptive attacker chooses all queries in advance. An adaptive attacker selects each new plaintext after seeing earlier results. Real APIs, devices, and protocols can unintentionally provide such an oracle.

CPA security

Modern probabilistic encryption should hide which of two chosen messages was encrypted, provided the allowed conditions are met. Fresh nonces or randomness are essential; deterministic pattern leakage or nonce reuse can violate this goal.

Frequently asked questions

Yes. The attacker controls test inputs instead of merely observing existing pairs.

Not for a CPA-secure scheme, but weak classical ciphers and flawed modes may leak useful structure.

No, but its protocol must remain secure even when users can submit chosen data.

See also