A bit-flipping attack is an attack on a cryptographic cipher in which the attacker can change the ciphertext in such a way as to result in a predictable change of the plaintext, although the attacker is not able to learn the plaintext itself. Note that this type of attack is not—directly—against the cipher itself (as cryptanalysis of it would be), but against a particular message or series of messages. In the extreme, this could become a Denial of service attack against all messages on a particular channel using that cipher.
The attack is especially dangerous when the attacker knows the format of the message. In such a situation, the attacker can turn it into a similar message but one in which some important information is altered. For example, a change in the destination address might alter the message route in a way that will force re-encryption with a weaker cipher, thus possibly making it easier for an attacker to decipher the message.
Stream ciphers, such as RC4, are vulnerable to a bit-flipping attack, as are some block cipher modes of operation. See stream cipher attack. A keyed message authentication code, digital signature, or other authentication mechanism allows the recipient to detect if any bits were flipped in transit.
- "7019 - AES Bit-Flipping Attack". Hacking-Lab. Retrieved 4 November 2013.
- "Bit-flipping Attack" (PDF). Archived (PDF) from the original on 2021-11-08.
- Kimberly Graves, Certified Ethical Hacker Study Guide, Sybex 2010, page 6
- JungWoon Lee; DongYeop Hwang; JiHong Park; Ki-Hyung Kim (2017). "Risk analysis and countermeasure for bit-flipping attack in LoRaWAN". 2017 International Conference on Information Networking (ICOIN). pp. 549–551. doi:10.1109/ICOIN.2017.7899554. ISBN 978-1-5090-5124-3. S2CID 8575284.