Talk:Meet-in-the-middle attack

Latest comment: 4 years ago by 65.94.231.235 in topic Use of "MITM"

Use of "MITM"

edit

This article should be scraped of the "MITM" acronym, which is generally used for MAN-in-the-Middle and not MEET-in-the-Middle. — Preceding unsigned comment added by 65.94.231.235 (talk) 15:58, 4 April 2020 (UTC)Reply

Query

edit

This doesn't make sense:

... Naively, one might think that this would double the security of the double-encryption scheme.

Merkle and Hellman, however, devised a time-memory tradeoff that could break the scheme in only double the time to break the single-encryption scheme. The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle.

Maybe it should read something like this (I don't know if this is right or not):

... Naively, one might think that this would increase the security of the double-encryption scheme by a factor of 281474976710656 (2112 / 256).

Merkle and Hellman, however, devised a time-memory tradeoff that could break the scheme in only double the time to break the single-encryption scheme. The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle.

RamanGupta 29 June 2005 21:43 (UTC)

The security of cryptographic schemes is usually expressed as a logarithmic measurement, ie. we say that the security of AES is 128 bits. I have tried added a sentence to clarify that we go from 2^56 to 2^112. Rasmus (talk) 30 June 2005 07:28 (UTC)

Are there indices missing for K in the last paragraph ? —Preceding unsigned comment added by 88.68.209.194

No, K stands for all possible keys. K_1 and K_2 are special keys
(talk) 11:25, 19 November 2007 (UTC)Reply 

The link to the paper is dead. Zian (talk) 12:37, 21 April 2009 (UTC)Reply

The MD-MITM part is unreadable

edit

It's impossible to understand the multidimensional MITM part of the article without an example. I've spent more than a day, trying to figure out how it works. It really needs an example, e.g. "suppose the initial text was 101010 and cypher-text is 00000; the number of cyphering steps is 4 and the (unknown) keys for the steps are 111111, 110011, 110000, 000011 and the cyphering process is XOR with the key; then, the attacker makes an assumption, that the intermediate cipher-text, obtained after the application of the first cypher-key is 011111"... A picture or a cartoon with example is needed. — Preceding unsigned comment added by 91.79.13.177 (talk) 13:18, 24 November 2012 (UTC)Reply

3DES: 2^113 or 2^112 operations?

edit

"Triple DES uses a "triple length" (168-bit) key and is also vulnerable to a meet-in-the-middle attack in 2^56 space and 2^112 operations, but is considered secure due to the size of its keyspace." I think it should be 2^(2m+1), so 2^113, right ? — Preceding unsigned comment added by 134.102.207.140 (talk) 12:29, 17 October 2018 (UTC)Reply

O(1) space?

edit

Is this really correct? Eg. we don't even need to maintain a pointer into the input? 213.161.190.227 (talk) 18:37, 14 March 2011 (UTC)Reply

Yes, of course it's correct. Big-O notation ignores constant overhead, even when that overhead is much larger than normal growth. Since the storage requirements don't grow, the algorithm is O(1).Foxyshadis(talk) 01:43, 28 September 2011 (UTC)Reply

Looks like Original Research or Synthesis

edit

The main topic of the article is well-established and notable. However some sections appear to be original research. The references regarding multi-dimensional meet-in-the-middle are from a pre-print archive, which I might suggest does not conduct peer-review to the standards set forth by Wikipedia guidelines (the OR tag, to be added presently, will take you to those guidelines). Further, I could not find any reference on Google scholar to a more recent peer reviewed version. So I'm tagging accordingly. Adray1337 (talk) 15:55, 5 May 2013 (UTC)Reply

No - it doesn't really work

edit

It is possible to find a 112 = 2 x 56 bits key that transforms one 64 bits plaintext block in a given cipher text block. This seems to be the solution, but it is not. since key is larger than the plaintext and cipher blocks. Why not? Beause there are many keys that transform one plaintext block in one chipher block. But, only one key will decrypt the whole message. 109.90.224.162 (talk) 11:05, 3 July 2016 (UTC)Reply

 — Preceding unsigned comment added by 109.90.224.162 (talk) 10:30, 3 July 2016 (UTC)Reply 

Can we get a new acronym for this?

edit

The article abbreviates meet-in-the-midddle as MITM. However, in the security world, MITM is well-known to stand for man-in-the-middle attack, which is a different concept. Maybe we could change it to MeetITM? MeITM? I can't think of a good substitute.

IlliterateSage (talk) 23:44, 28 February 2019 (UTC)Reply