Abstract
Meet-in-the-middle attacks, where problems and the secrets being sought are decomposed into two pieces, have many applications in cryptanalysis. A well-known such attack on double-DES requires 256 time and memory; a naive key search would take 2112 time. However, when the attacker is limited to a practical amount of memory, the time savings are much less dramatic. For n the cardinality of the space that each half of the secret is chosen from (n=256 for double-DES), and w the number of words of memory available for an attack, a technique based on parallel collision search is described which requires O \( (\sqrt {n/ w} ) \) times fewer operations and O(n/w) times fewer memory accesses than previous approaches to meet-in-the-middle attacks. For the example of double-DES, an attacker with 16 Gbytes of memory could recover a pair of DES keys in a known-plaintext attack with 570 times fewer encryptions and 3.7×106 times fewer memory accesses compared to previous techniques using the same amount of memory.
1996 May 22
Chapter PDF
Similar content being viewed by others
Key words
References
H.R. Amirazizi and M.E. Hellman, “Time-Memory-Processor Trade-Offs”, IEEE Transactions on Information Theory, vol. 34, no. 3, May 1988.
J. Burns and C.J. Mitchell, “Parameter Selection for Server-Aided RSA Computation Schemes”, IEEE Transactions on Computers, vol. 43, no. 2, Feb. 1994, pp. 163–174.
“Data Encryption Standard”, National Bureau of Standards (U.S.), Federal Information Processing Standards Publication (FIPS PUB) 46, National Technical Information Service, Springfield, Virginia, 1977.
D.E. Denning, Cryptography and Data Security, Addison Wesley, 1982.
W. Diffie and M. Hellman, “Exhaustive cryptanalysis of the NBS Data Encryption Standard”, Computer vol. 10 no.6 (June 1977) pp. 74–84.
S. Even and O. Goldreich, “On the Power of Cascade Ciphers”, ACM Transactions on Computer Systems, vol. 3, no. 2, May 1985.
P. Flajolet and A.M. Odlyzko, “Random Mapping Statistics”, Lecture Notes in Computer Science 434: Advances in Cryptology — Eurocrypt’ 89 Proceedings, Springer-Verlag, pp. 329–354.
R. Heiman, “A note on discrete logarithms with special structure”, Lecture Notes in Computer Science 658: Advances in Cryptology — Eurocrypt’ 92, Springer-Verlag, pp. 454–457.
M.E. Hellman, “A cryptanalytic time-memory trade-off”, IEEE Transactions on Information Theory, vol.6 (1980), pp. 401–406.
B. Pfitzmann and M. Waidner, “Attacks on Protocols for Server-Aided RSA Computation”, Lecture Notes in Computer Science 658: Advances in Cryptology — Eurocrypt’ 92, Springer-Verlag, pp. 153–162.
J.M. Pollard, “A Monte Carlo method for factorization”, BIT, vol. 15 (1975), pp. 331–334.
J.M. Pollard, “Monte Carlo Methods for Index Computation (mod p)”, Mathematics of Computation, vol. 32, no. 143, July 1978, pp. 918–924.
P.C. van Oorschot and M.J. Wiener, “Parallel Collision Search with Application to Hash Functions and Discrete Logarithms”, 2nd ACM Conference on Computer and Communications Security, Fairfax, Virginia, November 1994, pp. 210–218.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
van Oorschot, P.C., Wiener, M.J. (1996). Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude. In: Koblitz, N. (eds) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, vol 1109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68697-5_18
Download citation
DOI: https://doi.org/10.1007/3-540-68697-5_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61512-5
Online ISBN: 978-3-540-68697-2
eBook Packages: Springer Book Archive