A cryptographer's ideal encryption scheme is an operation on a message which renders the message fully meaningless to anyone who does not possess a decryption key, yet in no way degrades the meaning extractable by anyone who does possess the key. An ideal practical code is in addition fast on both encryption and decryption, uses a key of manageable size, and produces no expansion of the data upon encryption.
A provable ideal practical encryption method in this sense in not yet known. For the state of the art see [5]. What we will need to extract from the cryptographic literature for use here is only some general sense of the methods used by cryptanalysts to study and potentially break cryptographic systems. To break a cryptosystem means to discover the meaning of messages encrypted by the system without being handed the secret key. It is generally assumed in academic cryptology that the mechanism of encryption in all its detail is known to the cryptanalyst, the only information lacking being the secret key. Typically breaking a cryptosystem means reconstructing the key through observations of the cryptosystem in operation. The type of observations on and manipulations of the cryptosystem which are allowed the cryptanalyst determine the mode of attack. The first kind of attack is passive attack, in which the cryptanalyst can only make observations on the cryptosystem as it performs. In a ciphertext-only attack, the cryptanalyst has access only to a stream of ciphertext coming from a cryptosystem loaded with its secret key. The cryptanalysts attempts to find statistical regularities in the stream of ciphertext, departures from randomness which might reveal the nature of the key. All but the most naive cryptosystems produce ciphertext with a high degree of randomness, so that a cryptosystem which falls prey to this kind of attack is considered very weak. A stronger passive attack allows the cryptanalyst observations both of a stream of ciphertext and the corresponding message stream which produced it. This is called a known-plaintext attack. Again, cryptology has progressed to the point where cryptosystems susceptible to a known-plaintext attack hold little interest.
More important are the active attacks. Here cryptanalysts can opt to have plaintext of their choosing encrypted and see the ciphertext which results (a chosen-plaintext attack). Similarly, a chosen-ciphertext attack permits ciphertext of the cryptanalyst's design to be compared with the corresponding plaintext. By current cryptographic standards, a good cryptosystem must resist attacks which permit both plaintext and ciphertext to be chosen, and according to any strategy preferred by the cryptanalyst.
The reader unfamiliar with these concepts should take a moment to consider the cryptanalysis of the so-called Caesar cipher, reputed to have been used by Caesar to communicate with his troops. It consists of a pair of concentric rings. On each ring the letters of the alphabet are written in order. The key of the system is the displacement of the outer ring with respect to the inner ring. To send an encrypted message, the sender emits in sequence the letters on the inner ring which correspond to the letters on the outer ring contained in the message. The receiver reverses the process, reading off from the outer ring letters which correspond to the letters on the inner ring received. While a fair amount of ciphertext might be required in a passive ciphertext-only attack before the key is guessed, a ciphertext-plaintext pair for a single letter reveals the key in any other attack.
The area of activity in modern cryptology closest to dynamical systems theory concerns so-called iterated cryptosystems. An iterated cryptosystem is one in which a cryptographically weak transformation is applied repeatedly to a message, so that the composed transformation is strong. The most well-known and well-used cryptosystem as of this writing is an iterated cryptosystem. It is known as the Data Encryption Standard, or DES. The DES encryption/decryption algorithm consists of 16 rounds of a transformation designed to fully mix message information together with random key information. The security of the DES has recently been seriously challenged using a technique known as differential cryptanalysis (see section 5).