Meet-in-the-middle attack

Meet-in-the-middle attack
Not to be confused with man-in-the-middle attack.

The meet-in-the-middle attack is a cryptographic attack which, like the birthday attack, makes use of a space-time tradeoff. While the birthday attack attempts to find two values in the domain of a function that map to the same value in its range, the meet-in-the-middle attack attempts to find a value in each of the range and domain of the composition of two functions such that the forward mapping of one through the first function is the same as the inverse image of the other through the second function — quite literally meeting in the middle of the composed function.

Contents

History

It was first developed as an attack on an attempted expansion of a block cipher by Diffie and Hellman in 1977. When trying to improve the security of a block cipher, one might get the idea to simply use two independent keys to encrypt the data twice. Naively, one might think that this would square the security of the double-encryption scheme. Certainly, an exhaustive search of all possible combination of keys would take 22n attempts if each key is n bits long, compared to the 2n attempts required for a single key.

Diffie and Hellman, however, devised a time-memory tradeoff that could break the scheme in only double the time to break the single-encryption scheme.[1] The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle.

Example

Assume the attacker knows a set of plaintext and ciphertext: P and C. That is,

C=E_{K_2}(E_{K_1}(P)) ,

where E is the encryption function (cipher), and K1 and K2 are the two keys.

The attacker can then compute EK(P) for all possible keys K and store the results in memory. Afterwards he can decrypt the ciphertext by computing DK(C) for each K. Any matches between these two resulting sets are likely to reveal the correct keys. (To speed up the comparison, the EK(P) set is stored in an in-memory lookup table, then each DK(C) can be matched against the values in the lookup table to find the candidate keys.)

Once the matches are discovered, they can be verified with a second test-set of plaintext and ciphertext. If the keysize is n, this attack uses only 2n + 1 encryptions (and O(2n) space) in contrast to the naive attack, which needs 22n encryptions (but only O(1) space).

See also

References

  1. ^ Diffie, Whitfield; Hellman, Martin E. (June 1977). "Exhaustive Cryptanalysis of the NBS Data Encryption Standard". Computer 10 (6): 74–84. doi:10.1109/C-M.1977.217750. http://www.computer.org/portal/web/csdl/doi/10.1109/C-M.1977.217750. 
v · d · e Block ciphers (security summary)
Common
algorithms
Less common
algorithms
Camellia · CAST-128 · IDEA · RC2 · RC5 · SEED · Skipjack · TEA · XTEA
Other
algorithms
3-Way · ABC · Akelarre · Anubis · ARIA · BaseKing · BassOmatic · BATON · BEAR and LION · CAST-256 · CIKS-1 · CIPHERUNICORN-A · CIPHERUNICORN-E · CLEFIA · CMEA · Cobra · COCONUT98 · Crab · Cryptomeria/C2 · CRYPTON · CS-Cipher · DEAL · DES-X · DFC · E2 · FEAL · FEA-M · FROG · G-DES · GOST · Grand Cru · Hasty Pudding cipher · Hierocrypt · ICE · IDEA NXT · Intel Cascade Cipher · Iraqi · KASUMI · KeeLoq · KHAZAD · Khufu and Khafre · KN-Cipher · Ladder-DES · Libelle · LOKI97 · LOKI89/91 · Lucifer · M6 · M8 · MacGuffin · Madryga · MAGENTA · MARS · Mercy · MESH · MISTY1 · MMB · MULTI2 · MultiSwap · New Data Seal · NewDES · Nimbus · NOEKEON · NUSH · Q · RC6 · REDOC · Red Pike · S-1 · SAFER · SAVILLE · SC2000 · SHACAL · SHARK · SMS4 · Spectr-H64 · Square · SXAL/MBAL · Threefish · Treyfer · UES · Xenon · xmx · XXTEA · Zodiac
Design
Attack
(cryptanalysis)
Brute force · Linear · Differential (Impossible · Truncated· Integral · Boomerang · Mod n · Related-key · Slide · Rotational · Timing · XSL
Standardization
Misc
v · d · e Cryptography

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Meet in the Middle — This article is about the song. For the cryptographic attack, see Meet in the middle attack. Meet in the Middle Single by Diamond Rio …   Wikipedia

  • Man-in-the-middle attack — Not to be confused with Meet in the middle attack. In cryptography, the man in the middle attack (often abbreviated MITM), bucket brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent …   Wikipedia

  • THE MIDDLE AGES — …   Encyclopedia of Judaism

  • The Heart Attack — Infobox Television episode Title = The Heart Attack Series = Seinfeld Caption = Elaine and Jerry visit George in the hospital. Season = 2 Episode = 13 Airdate = April 25 1991 Production = Writer = Larry Charles Director = Tom Cherones Guests =… …   Wikipedia

  • List of Malcolm in the Middle episodes — Malcolm in the Middle ran for seven seasons from 2000 to 2006 with 151 episodes produced. Contents 1 Series overview 2 Season 1: 2000 3 Season 2: 2000–2001 4 …   Wikipedia

  • Kingdom of Hungary in the Middle Ages — Kingdom of Hungary Magyar Királyság (hu) Regnum Hungariae (la) ← …   Wikipedia

  • Infantry in the Middle Ages — at the Battle of Aljubarrota, 1385] Infantry in the Middle Ages were soldiers who fought on foot during the Middle Ages. They were frequently part of a specialised division such as the pikemen, crossbowmen and longbowmen. Throughout much of the… …   Wikipedia

  • Meet Me Halfway — For Meet Me Half Way by Kenny Loggins, see Meet Me Half Way. Meet Me Halfway Single by The Black Eyed Peas from the album The E.N.D …   Wikipedia

  • The United States of America —     The United States of America     † Catholic Encyclopedia ► The United States of America     BOUNDARIES AND AREA     On the east the boundary is formed by the St. Croix River and an arbitrary line to the St. John, and on the north by the… …   Catholic encyclopedia

  • The Amanda Show — Format Sketch comedy Variety show Created by Dan Schneider Starring Amanda Bynes …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”