Editing Adversary (cryptography)

{{Short description|In cryptography, a malicious entity}}
{{one source |date=April 2024}}
In [[cryptography]], an '''adversary''' (rarely '''opponent''', '''enemy''') is an entity whose aim is to prevent the users of the [[cryptosystem]] from achieving their goal (primarily [[privacy]], integrity, and availability of data), often with malicious intent. An adversary's efforts might take the form of attempting to discover secret data, corrupting some of the data in the system, [[Spoofing attack|spoof]]ing the identity of a message sender or receiver, or forcing system downtime.

Actual adversaries, as opposed to idealized ones, are referred to as ''attackers''. The former term predominates in the cryptographic and the latter in the [[computer security]] literature. [[Alice and Bob|Eavesdropper Eve, malicious attacker Mallory, opponent Oscar, and intruder Trudy]] are all adversarial characters widely used in both types of texts.

This notion of an adversary helps both intuitive and formal reasoning about cryptosystems by casting security analysis of cryptosystems as a 'game' between the users and a ''centrally co-ordinated'' enemy. The notion of security of a cryptosystem is meaningful only with respect to particular attacks (usually presumed to be carried out by particular sorts of adversaries).

Adversaries can be divided into two main categories based on how they behave within [[Cryptographic protocol|protocols:]] ''passive'' and ''active''. <ref>{{Cite journal |last=Aumann |first=Yonatan |last2=Lindell |first2=Yehuda |date=2010-04-01 |title=Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries |url=https://link.springer.com/article/10.1007/s00145-009-9040-7 |journal=Journal of Cryptology |language=en |volume=23 |issue=2 |pages=281–343 |doi=10.1007/s00145-009-9040-7 |issn=1432-1378}}</ref><ref>{{Cite journal |last=Do |first=Quang |last2=Martini |first2=Ben |last3=Choo |first3=Kim-Kwang Raymond |date=2019-03-01 |title=The role of the adversary model in applied security research |url=https://www.sciencedirect.com/science/article/abs/pii/S0167404818306369 |journal=Computers & Security |volume=81 |pages=156–181 |doi=10.1016/j.cose.2018.12.002 |issn=0167-4048|url-access=subscription }}</ref> Passive adversaries (also known as semi-honest or honest-but-curious) are static adversaries that  faithfully follow the protocol, but try to infer from the data they receive to gather more information than intended. Active adversaries (also known as malicious) are adversaries that may arbitrarily deviate from the protocol, often trying to disrupt its execution, steal data, inject false data, or cause damage.

There are several types of adversaries depending on what capabilities or intentions they are presumed to have. Adversaries may be<ref>[https://www.cs.cmu.edu/~jblocki/adversaryAttacks.htm 'Adversary Attacks']</ref>
*[[Computationally bounded adversary|computationally bounded]] or unbounded (i.e. in terms of time and storage resources),
*eavesdropping or Byzantine (i.e. passively listening on or actively corrupting data in the channel),
*static or adaptive (i.e. having fixed or changing behavior),
*'''mobile''' or non-mobile (e.g. in the context of [[network security]])
and so on. In actual security practice, the attacks assigned to such adversaries are often seen, so such notional analysis is not merely theoretical.

How successful an adversary is at breaking a system is measured by its ''advantage''. An adversary's advantage is the difference between the adversary's probability of breaking the system and the probability that the system can be broken by simply guessing. The advantage is specified as a function of the [[security parameter]].

==See also==
*[[Threat model]]
*[[Operations security]]
*[[Concrete security]]

==References==
{{Reflist}}

[[Category:Cryptographic attacks]]


{{crypto-stub}}