2. Types of attacks Consider the following types of attacks on a key-dependent crypto-

system. The attacker attempts to recover the key. She

• possesses a sample of cipher-text (cipher-text-only attack);

• has (temporary) access to the decryption function and so can choose cipher-texts and compute matching plain-texts (chosen cipher-text attack);

• somehow obtained a plain-text sample with a matching cipher-text (known plain-

text attack);

• has (temporary) access to the decryption function and so can choose plain-texts and compute matching cipher-texts (chosen plain-text attack).

Which of these attacks are always possible for public-key cryptosystems? Which ones are conceivable?