Improving Implementable MeetintheMiddle Attacks by Orders of Magnitude
 Paul C. van Oorschot,
 Michael J. Wiener
 … show all 2 hide
Abstract
Meetinthemiddle attacks, where problems and the secrets being sought are decomposed into two pieces, have many applications in cryptanalysis. A wellknown such attack on doubleDES requires 2^{56} time and memory; a naive key search would take 2^{112} time. However, when the attacker is limited to a practical amount of memory, the time savings are much less dramatic. For n the cardinality of the space that each half of the secret is chosen from (n=2^{56} for doubleDES), and w the number of words of memory available for an attack, a technique based on parallel collision search is described which requires O \( (\sqrt {n/ w} ) \) times fewer operations and O(n/w) times fewer memory accesses than previous approaches to meetinthemiddle attacks. For the example of doubleDES, an attacker with 16 Gbytes of memory could recover a pair of DES keys in a knownplaintext attack with 570 times fewer encryptions and 3.7×10^{6} times fewer memory accesses compared to previous techniques using the same amount of memory.
 H.R. Amirazizi and M.E. Hellman, “TimeMemoryProcessor TradeOffs”, IEEE Transactions on Information Theory, vol. 34, no. 3, May 1988.
 Burns, J., Mitchell, C.J. (1994) Parameter Selection for ServerAided RSA Computation Schemes. IEEE Transactions on Computers 43: pp. 163174 CrossRef
 “Data Encryption Standard”, National Bureau of Standards (U.S.), Federal Information Processing Standards Publication (FIPS PUB) 46, National Technical Information Service, Springfield, Virginia, 1977.
 D.E. Denning, Cryptography and Data Security, Addison Wesley, 1982.
 Diffie, W., Hellman, M. (1977) Exhaustive cryptanalysis of the NBS Data Encryption Standard. Computer 10: pp. 7484 CrossRef
 S. Even and O. Goldreich, “On the Power of Cascade Ciphers”, ACM Transactions on Computer Systems, vol. 3, no. 2, May 1985.
 Flajolet, P., Odlyzko, A.M. (1989) Random Mapping Statistics. Advances in Cryptology — Eurocrypt’ 89 Proceedings. Springer, Berlin Heidelberg, pp. 329354
 Heiman, R. (1992) A note on discrete logarithms with special structure. Advances in Cryptology — Eurocrypt’ 92. Springer, Berlin Heidelberg, pp. 454457 CrossRef
 Hellman, M.E. (1980) A cryptanalytic timememory tradeoff. IEEE Transactions on Information Theory 6: pp. 401406 CrossRef
 Pfitzmann, B., Waidner, M. (1992) Attacks on Protocols for ServerAided RSA Computation. Advances in Cryptology — Eurocrypt’ 92. Springer, Berlin Heidelberg, pp. 153162 CrossRef
 Pollard, J.M. (1975) A Monte Carlo method for factorization. BIT 15: pp. 331334 CrossRef
 Pollard, J.M. (1978) Monte Carlo Methods for Index Computation (mod p). Mathematics of Computation 32: pp. 918924 CrossRef
 P.C. van Oorschot and M.J. Wiener, “Parallel Collision Search with Application to Hash Functions and Discrete Logarithms”, 2nd ACM Conference on Computer and Communications Security, Fairfax, Virginia, November 1994, pp. 210–218.
 Title
 Improving Implementable MeetintheMiddle Attacks by Orders of Magnitude
 Book Title
 Advances in Cryptology — CRYPTO ’96
 Book Subtitle
 16th Annual International Cryptology Conference Santa Barbara, California, USA August 18–22, 1996 Proceedings
 Book Part
 Cryptanalysis II:
 Pages
 pp 229236
 Copyright
 1996
 DOI
 10.1007/3540686975_18
 Print ISBN
 9783540615125
 Online ISBN
 9783540686972
 Series Title
 Lecture Notes in Computer Science
 Series Volume
 1109
 Series ISSN
 03029743
 Publisher
 Springer Berlin Heidelberg
 Copyright Holder
 SpringerVerlag Berlin Heidelberg
 Additional Links
 Topics
 Keywords

 Meetinthemiddle attack
 parallel collision search
 cryptanalysis
 DES
 low Hamming weight exponents
 Industry Sectors
 eBook Packages
 Editors

 Neal Koblitz ^{(4)}
 Editor Affiliations

 4. Department of Mathematics Seattle, University of Washington
 Authors

 Paul C. van Oorschot ^{(5)}
 Michael J. Wiener ^{(5)}
 Author Affiliations

 5. BellNorthern Research, P.O. Box 3511, Station C, Ottawa, Ontario, K1Y 4H7, Canada
Continue reading...
To view the rest of this content please follow the download PDF link above.