Ciphertext-only attack
A ciphertext-only attack attempts to recover plaintext or keys using only captured ciphertext and observable metadata.
Definition
A ciphertext-only attacker has no confirmed plaintext pairs and cannot choose inputs; the main evidence is one or more ciphertexts plus metadata such as length and timing. The objective is to infer plaintext, key information, or useful properties of the messages.
Available methods
Against classical ciphers, analysts use letter frequencies, repeated patterns, language models, Index of Coincidence, Kasiski examination, and key search. Multiple messages encrypted with related keys or reused nonces can provide far more evidence than a single sample.
Modern security
Modern encryption is expected to make ciphertext computationally indistinguishable from random data apart from unavoidable metadata. Success often depends on weak keys, nonce reuse, protocol leakage, implementation flaws, or predictable plaintext rather than breaking the primitive itself.
Yes when it uses only ciphertext statistics and an expected language profile, without confirmed plaintext.
Yes. Attack models normally assume the algorithm is public; ciphertext-only describes available message data, not ignorance of the design.
Sometimes for weak classical ciphers, but short samples and secure modern schemes may reveal nothing useful beyond metadata.