Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [meet-in-the-middle-attack]

The meet-in-the-middle attack is an optimized brute-force attack that significantly reduces the number of keys the attacker needs to try by utilizing a time-space trade-off. Work is done from the beginning and from the end of the scheme, and the results are combined linearly rather than exponentially.

The meet-in-the-middle attack is an optimized brute-force attack that significantly reduces the number of keys the attacker needs to try by utilizing a time-space trade-off.

The attack splits the encryption step of the brute-force into two halves and performs brute-force work on both halves separately, saving all of the results. The work can then be combined linearly (whereas naive brute-force would have to combine them exponentially) by comparing the saved results to find which entries on both sides match. The attack can sometimes be scaled to more than just two sides.

Meet-in-the-middle is classically used to attack multiple layers of symmetric encryption with different keys, but same idea can be used in other areas, such as against some cases of RSA.

79 questions
8
votes
1 answer

Can cycle finding techniques reduce the memory usage of the MitM attack against 2DES and 3DES?

A 2DES like cipher $c=E^{(2)}_{K_2}(E^{(1)}_{K_1}(p))$ where both halves have an $n$ bit key is vulnerable to a meet-in-the-middle attack. Meet-in-the-middle using a big table Create a table containing $E^{(1)}_{K_1}(p)$ for all possible $K_1$ and…
CodesInChaos
  • 24,841
  • 2
  • 89
  • 128
1
vote
1 answer

Meet in the middle attack: Why would it be easier to get elements of one of the 2 sets?

This is from Bruce Schneier's Book Cryptography Engineering. In his description of Meet-in-the-Middle attack, he writes (Chap 2, Page 35) A meet-in-the-middle attack is more flexible than a birthday attack. Let’s look at it in a more abstract way.…
user93353
  • 2,191
  • 3
  • 23
  • 43
1
vote
1 answer

Multidimensional meet-in-the-middle attack on AES

Is an MD-MITM attack possible for AES? As I know, we can break 2 rounds of AES. So we could apply the MD-MITM attack 5 times. This should significantly reduce the security of AES. What stops us from these kinds of attacks? Why GOST was broken with…
Tom
  • 1,221
  • 6
  • 16
1
vote
1 answer

Meet in the Middle Attack on x=2^n + x'

I encountered today the following equation: $x = 2^n + x'$, where $0 \le x' < 2^k < 2^n$, $2|k$ and $n, k$ is known. There seems to be a meet in the middle attack for this, with runtime $O(2^{\frac{k}{2}})$ but I don't see it. $x$ is known and we…
Donut
  • 395
  • 3
  • 13
1
vote
1 answer

What's the point of a Meet In The Middle attack using i.e. double AES with throw-away keys?

What's the point of a Meet In The Middle attack while using, for example, a double AES encryption and using one time keys? You can recover the keys for a secret message already known and you can't use those keys to retrieve other secret messages. So…
maincodebase
  • 13
  • 3
1
vote
1 answer

If meet in the middle is a known plaintext attack, and i already have both plaintext and ciphertext, why would i need to find the key?

since I already have plaintext and ciphertext why would I need the key for? what purpose would that serve?
user110859