What is Brute Force Search?

In computer science, brute-force search or exhaustive search, also known as generate and test, is a very general problem-solvingtechnique and algorithmic paradigm that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's statement.

A brute-force algorithm to find the divisors of a natural number n would enumerate all integers from 1 to n, and check whether each of them divides n without remainder. A brute-force approach for the eight queens puzzlewould examine all possible arrangements of 8 pieces on the 64-square chessboard, and, for each arrangement, check whether each (queen) piece can attack any other.

While a brute-force search is simple to implement, and will always find a solution if it exists, its cost is proportional to the number of candidate solutions – which in many practical problems tends to grow very quickly as the size of the problem increases (combinatorial explosion).^[1] Therefore, brute-force search is typically used when the problem size is limited, or when there are problem-specific heuristics that can be used to reduce the set of candidate solutions to a manageable size. The method is also used when the simplicity of implementation is more important than speed.

This is the case, for example, in critical applications where any errors in the algorithmwould have very serious consequences; or when using a computer to prove a mathematical theorem. Brute-force search is also useful as a baseline method when benchmarking other algorithms or metaheuristics. Indeed, brute-force search can be viewed as the simplest metaheuristic. Brute force search should not be confused with backtracking, where large sets of solutions can be discarded without being explicitly enumerated (as in the textbook computer solution to the eight queens problem above). The brute-force method for finding an item in a table – namely, check all entries of the latter, sequentially – is called linear search.

What is Dictionary Attack?

In cryptanalysis and computer security, a dictionary attack is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.

What is Information-theoretic security?

Information-theoretic security is a cryptosystem whose security derives purely from information theory; the system cannot be broken even if the adversary has unlimited computing power. The cryptosystem is considered cryptanalytically unbreakable if the adversary does not have enough information to break the encryption.

An encryption protocol with information-theoretic security does not depend for its effectiveness on unproven assumptions about computational hardness. Such a protocol is not vulnerable to future developments in computer power such as quantum computing. An example of an information-theoretically secure cryptosystem is the one-time pad. The concept of information-theoretically secure communication was introduced in 1949 by American mathematician Claude Shannon, the inventor of information theory, who used it to prove that the one-time pad system was secure.^[1] Information-theoretically secure cryptosystems have been used for the most sensitive governmental communications, such as diplomatic cables and high-level military communications, because of the great efforts enemy governments expend toward breaking them.

Perfect security is a special case. For an encryption algorithm, if there is ciphertextproduced that uses it, no information about the plaintext is provided without knowledge of the key. If E is a perfectly secure encryption function, for any fixed message m, there must be, for each ciphertext c, at least one key ksuch that ${\displaystyle c=E_{k}(m)}$. It has been proved that any cipher with the perfect secrecy property must use keys with effectively the same requirements as one-time pad keys.^[1]

It is common for a cryptosystem to leak some information but nevertheless maintain its security properties even against an adversary that has unlimited computational resources. Such a cryptosystem would have information theoretic but not perfect security. The exact definition of security would depend on the cryptosystem in question.

There are a variety of cryptographic tasks for which information-theoretic security is a meaningful and useful requirement. A few of these are:

1. Secret sharing schemes such as Shamir's are information-theoretically secure (and also perfectly secure) in that having less than the requisite number of shares of the secret provides no information about the secret.
2. More generally, secure multiparty computation protocols often have information-theoretic security.
3. Private information retrieval with multiple databases can be achieved with information-theoretic privacy for the user's query.
4. Reductions between cryptographic primitives or tasks can often be achieved information-theoretically. Such reductions are important from a theoretical perspective because they establish that primitive ${\displaystyle \Pi }$ can be realized if primitive ${\displaystyle \Pi '}$ can be realized.
5. Symmetric encryption can be constructed under an information-theoretic notion of security called entropic security, which assumes that the adversary knows almost nothing about the message being sent. The goal here is to hide all functions of the plaintext rather than all information about it.
6. Quantum cryptography is largely part of information-theoretic cryptography.