Questions tagged [meet-in-the-middle-attack]

The meet-in-the-middle attack is an optimized brute-force attack that significantly reduces the number of keys the attacker needs to try by utilizing a time-space trade-off. Work is done from the beginning and from the end of the scheme, and the results are combined linearly rather than exponentially.

The meet-in-the-middle attack is an optimized brute-force attack that significantly reduces the number of keys the attacker needs to try by utilizing a time-space trade-off.

The attack splits the encryption step of the brute-force into two halves and performs brute-force work on both halves separately, saving all of the results. The work can then be combined linearly (whereas naive brute-force would have to combine them exponentially) by comparing the saved results to find which entries on both sides match. The attack can sometimes be scaled to more than just two sides.

Meet-in-the-middle is classically used to attack multiple layers of symmetric encryption with different keys, but same idea can be used in other areas, such as against some cases of RSA.

83 questions

votes

1 answer

Why is triple-DES using three different keys vulnerable to a meet-in-the-middle-attack?

Among other sources, this Wikipedia entry states that triple-DES using three separate keys $(k_1, k_2, k_3)$ is vulnerable to meet-in-the-middle-attacks, while triple-DES using only two keys $(k_1, k_2, k_1)$ is not. Why is this attack possible if…

des 3des meet-in-the-middle-attack

asked Feb 14 '13 at 13:43

malexmave

1,461
2
14
26

votes

1 answer

Duration for attacking Two-Key Triple-DES Encryption using all RAM ever built?

I am considering attacks on Two-Key Triple-DES Encryption assuming $2^{32}$ known plaintext/ciphertext pairs (that's a mere 32GiB of ciphertext) by the method devised by Paul C. van Oorschot and Michael J. Wiener: A Known-Plaintext Attack on Two-Key…

cryptanalysis des meet-in-the-middle-attack

asked Apr 26 '12 at 11:49

fgrieu

149,326
13
324
622

votes

1 answer

Triple AES-128 encryption with 2 keys

We have a system where two devices communicate. Due to restrictions on one of them, we can only use AES-128 (so no AES-256) for encrypting the communication. However, new requirements on these kinds of systems have recently come up where > 200 bits…

aes meet-in-the-middle-attack

asked Feb 22 '21 at 13:20

poppe

votes

2 answers

Is it possible to perform a meet-in-the-middle within a block cipher?

Standard meet-in-the-middle explanations show that you can perform a meet-in-the-middle attack on a repeated block cipher such as double-DES (performing DES twice in a row). However, block ciphers themselves commonly consist of a number of rounds…

block-cipher 3des meet-in-the-middle-attack

asked Jun 27 '19 at 12:25

Maarten Bodewes

96,351
14
169
323

votes

1 answer

What is difference between meet in the middle attack and man in the middle attack?

From my understanding man-in-the middle attack works as follow: Alice and Bob agreed to use Diffie-Hellman using $a$ and $q$. Alice sends $Y_A$. Before it reaches Bob, Charlie intercepts it and sends $Y_{C1}$ instead. Bob …

diffie-hellman man-in-the-middle meet-in-the-middle-attack

asked Jan 13 '16 at 08:41

James

votes

1 answer

Can cycle finding techniques reduce the memory usage of the MitM attack against 2DES and 3DES?

A 2DES like cipher $c=E^{(2)}_{K_2}(E^{(1)}_{K_1}(p))$ where both halves have an $n$ bit key is vulnerable to a meet-in-the-middle attack. Meet-in-the-middle using a big table Create a table containing $E^{(1)}_{K_1}(p)$ for all possible $K_1$ and…

meet-in-the-middle-attack

asked Apr 26 '15 at 12:34

CodesInChaos

25,121
2
90
129

votes

2 answers

Can Grover's Algorithm be combined with a meet-in-the-middle attack?

We all know and love the meet-in-the-middle attack, which basically makes double encryption pointless using a time-memory trade-off. Now, the NSA recently recommended to use double encryption to adequately protect sensitive data from quantum…

cryptanalysis post-quantum-cryptography multiple-encryption meet-in-the-middle-attack grovers-algorithm

asked Oct 24 '15 at 18:03

SEJPM

46,697
9
103
214

votes

2 answers

Encrypting 8 times with 8-bit key beneficial?

I was trying to understand cryptography from the book Information Security by Mark Stamp and I am confused by something. Suppose that Alice has a secure block cipher, but the cipher only uses an 8-bit key. To make this cipher "more secure," Alice…

encryption known-plaintext-attack meet-in-the-middle-attack

asked Sep 18 '13 at 05:19

chettyharish

votes

2 answers

Meet-in-the-middle with checking complexity

In regards to meet in the middle type attacks, I have been considering the amount of operations in order to successfully find a key given two sets of plaintext / ciphertext pairs. All of the sources I have checked have stated that the maximum number…

des complexity meet-in-the-middle-attack

asked Aug 30 '13 at 04:47

tbs

votes

1 answer

Can a nested block cipher avoid the meet in the middle attack by using a secret initialization vector for the inner encryption?

It seems to be believed that encrypting twice with a block cipher using an independent key each time is not as secure as you might expect because of the "meet in the middle" attack. This is an attack with known plaintext. The theory is that the…

cryptanalysis block-cipher known-plaintext-attack meet-in-the-middle-attack

asked Dec 24 '12 at 20:12

David Stein

votes

2 answers

FIPS 202/SHAKE: insecure 3DES key derivation example

I'm trying to understand the following passage from FIPS 202 (the SHA-3 standard), discussing the SHAKE functions' correlated outputs for different output lengths and the risks they induce in some protocols. The example they give is this (appendix…

key-derivation sha-3 meet-in-the-middle-attack xof

asked Jan 04 '17 at 02:13

Luis Casillas

14,703
2
33
53

votes

1 answer

Is XTS basically the cheapest form of (secure) double-encryption?

XTS, as given by the below equation, is a mode of operation primarily targeting full-disk encryption scenarios. By the way it works it also doubles the keylength although a meet-in-the-middle attack applies (by enumerating all the whitening values).…

meet-in-the-middle-attack xts

asked Oct 31 '15 at 17:48

SEJPM

46,697
9
103
214

votes

1 answer

Why does applying 56-bit DES twice only give 57 bits of security?

Given two 56-bit keys, $k_1$ and $k_2$, why does $E_{k_1}(E_{k_2}(M))$ only give 57 bits of security? So basically I'm unsure why it only gives 57 bits of security; I understand that one key will provide 56 bits. Only thing I can think of is that…

encryption symmetric des complexity meet-in-the-middle-attack

asked Apr 18 '15 at 13:06

user3411002

votes

2 answers

Meet-in-the-Middle attack on 3DES

How can I apply the Meet-in-the-Middle attack to the 3DES algorithm, and why does the literature say that 3DES is more secure than DES?

3des meet-in-the-middle-attack

asked May 13 '15 at 17:53

hadil da'na

votes

2 answers

Is Meet-in-the-Middle attack normally abbreviated MITM?

The Meet-in-the-middle attack article on Wikipedia gives MITM as the abbreviation for Meet-in-the-middle attack. I'm seriously hoping this is just Wikipedia being weird, and isn't actually common usage, because MITM is also used for the…

terminology meet-in-the-middle-attack

asked Jun 13 '25 at 18:28

SamB

2 3 4 5 6 Next