Cryptography/Meet In The Middle Attack

From Wikibooks, the open-content textbooks collection

Current revision (unreviewed)

An extremely specialized attack, meet in the middle is a known plaintext attack that only affects a specific class of encryption methods - those which achieve increased security by using one or more "rounds" of an otherwise normal symmetrical encryption algorithm. An example of such a compound system is 3DES.

However, to explain this attack let us begin with a simpler system defined as follows: Two cryptographic systems denoted $e n c r y p t α$ and $e n c r y p t β$ (with inverse functions $d e c r y p t α$ and $d e c r y p t β$ respectively) are combined simply (by applying one then the other) to give a composite cryptosystem. each accepts a 64 bit key (for values from 0 to 18446744073709551615) which we can call $k e y α$ or $k e y β$ as appropriate.

So for a given plaintext, we can calculate a cryptotext as

$c r y p t o t e x t = e n c r y p t β (k e y β, e n c r y p t α (k e y α, p l a i n t e x t))$

and correspondingly

$p l a i n t e x t = d e c r y p t α (k e y α, d e c r y p t β (k e y β, c r y p t o t e x t))$

Now, given that each has a 64 bit key, the amount of key needed to encrypt or decrypt is 128 bits, so a simple analysis would assume this is the same as a 128 bit cypher.

However, given sufficient storage, you can reduce the effective key strength of this to a few bits larger than the largest of the two keys employed, as follows.

Given a plaintext/cyphertext pair, apply $e n c r y p t α$ to the plaintext with each possible key in turn, generating $264$ intermediate cryptotexts $c r y p t o t e x t 1$ $\rightarrow$ $c r y p t o t e x t n$ where $n = 2 64$
Store each of the $n$ cryptotexts in a hash table so that each can be referenced by its cryptotext, and give the key used to generate that cryptotext
Apply $d e c r y p t β$ to the ciphertext for each possible key in turn, comparing the intermediate plaintext to the hash table calculated earlier. this gives a pair of keys (one for each of the two algorithms employed, $α$ and $β$ )
Taking the two keys from stage 3, test each against a second plaintext/cryptotext pair. if this also matches, odds are extremely high you have a valid keypair for the message - not in $2128$ operations, but a "mere" $2 x 264$ operations (which nonetheless are significantly longer due to the hash table operations, but not so much as to add more than a couple of extra bits worth of time to the complexity of the task)

The downside to this approach is storage. Assuming you have a 64 bit key, then you will need at least $264$ units of storage - where each unit is the amount of space used by a single hash record. Even given a minimal implementation (say, 64 bits for the key plus four bits hash collision overhead), if you implemented such a system using 160GB hard drives, you would need close to one billion of them to store the hash table alone.

Cryptography/Meet In The Middle Attack

From Wikibooks, the open-content textbooks collection

Views

Personal tools

Navigation

Search

community

Print/export

Toolbox