Let's continue our discussion in the attacker's perspective and define the term cryptanalysis. While cryptography originated from the art and the technique of making secret codes, cryptanalysis corresponds to studying and analyzing the cryptosystem with the goal of effectively deciphering the coded message, and doing so without the possession of the cryptographic key. Because the subject of cryptanalysis, or cryptanalyst, lacks the cryptographic key, it does not have the authorization to access the message. A secret cryptosystem design prevents such access and retains the message confidentiality against the cryptanalyst. In contrast to attacking via brute force, if the attacker has information about which keys are more likely than others and use such information to try and learn the key, then such attack becomes cryptanalysis. The non-uniform distribution and the bias in choosing the key option to explore yields reduced entropy of the cryptosystem and the attacker can more quickly and efficiently find a key than brute force. Any probabilistic information about the plaintext or the key would give the attacker an advantage over brute forcing, resulting in entropy reduction before the attacker begins to exploit the key options. In general, if an attacker is attacking the cryptosystem so that the security of the cryptosystem is weaker than advertised, then the attacker is conducting a cryptanalytic attack. We find such cases for entropy reduction in a non-crypto context. An example of such attack is card counting in blackjack. A card counting player uses the fact that the card distribution of the remaining deck is uneven and uses the information about the remaining deck to control the bet size, increasing the bet when the remaining deck is favorable to the player and decreasing the bet when it's unfavorable. While the casino house has the edge without card counting, much like the other casino games that the house offers, the card counting shifts the edge to the player. When Edward Thorp, a mathematician and an academic, first invented card counting, the casinos did not know how card counting works and how he was able to get such information advantage. The random card game was not as random as the casino thought. Back to cryptography. Cryptanalysis can be modeled into different classification of attacks depending on the information available to the cryptanalyst. First type is ciphertext-only attack which is actually the baseline in cryptography cryptanalysis and is often assumed when designing the cryptosystem. In practice, ciphertext-only attack requires the attacker to have access to the ciphertext and their computer security mechanisms to make such access difficult. However, in designing cryptographic schemes, we do assume the worst case and consider the attackers who have already compromised the access to the ciphertext. So, the ciphertext-only attack is the baseline attack when designing cryptosystem. Another type of cryptanalysis which is more sophisticated than ciphertext-only attack is the known-plaintext attack. The attacker knows some plaintext ciphertext pairs where the pair is the input and the corresponding output of the target encryption cipher. The attacker wants to learn the key or the plaintext from the other ciphertext by using the information from the known pairs. For example, during World War II, when the Allies broke Enigma, Enigma operators reporting weather information provided such known plaintext pairs. Also, an operator making regular transmission, which corresponded to the plaintext of nothing to report, produce such known plaintext ciphertext pairs and help with cracking the Enigma cipher. Another type is a chosen-plaintext attack where the attacker can obtain the plaintext from arbitrarily chosen ciphertext. The difference from the known-plaintext attack is that the attackers are the ones choosing the plaintext. Going back to the example with Enigma in World War II, the Allies were able to construct such pairs and practice chosen ciphertext attack by staging activities in particular locations and having that location name appear in the plaintext.