Arithmetic coding is a technique which converts a given probability di
stribution into an optimal code and is commonly used in compression sc
hemes. The use of arithmetic coding as an encryption scheme is conside
red. The simple case of a single binary probability distribution with
a fixed (but unknown) probability is considered. We show that for a ch
osen plaintext attack w+2 symbols is sufficient to uniquely determine
a w-bit probability. For many known plaintexts w+m+O(logm) symbols, wh
ere m is the length of an initial sequence containing just one of (the
two possible) symbols, is sufficient. It is noted that many extension
s to this basic scheme are vulnerable to the same attack provided the
arithmetic coder can be repeatedly reset to its initial state. If it c
annot be reset then their vulnerability remains an open question.