Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude [chapter]

Paul C. van Oorschot, Michael J. Wiener
1996 Lecture Notes in Computer Science  
Meet-in-the-middle aaacks, where problems and the secrets being sought are decomposed into two pieces, have many applications in cryptanalysis. A well-known such attack on double-DES requires 256 time and memory; a naive key search would take 211' time. However, when the attacker is limited to a practical amount of memory, the time savings are much less dramatic. For n the cardinality of the space that each half of the secret is chosen from (n=256 for double-DES), and w the number of words of
more » ... mory available for an attack, a technique based on parallel collision search is described which requires o ( m w ) times fewer operations and O ( n / w ) times fewer memory accexses than previous approaches to meet-in-the-middle attacks. For the example of double-DES, an attacker with 16 Gbytes of memory could recover a pair of DES keys in a knownplaintext attack with 570 times fewer encryptions and 3.7~106 times fewer memory accesses compared to previous techniques using the same amount of memory.
doi:10.1007/3-540-68697-5_18 fatcat:myzu5vfpwbfdhc3saexjnycx2m