Meet-in-the-middle attack on digital signature schemes

  • Kazuo Ohta
  • Kenji Koyama
Section 4 Authentication
Part of the Lecture Notes in Computer Science book series (LNCS, volume 453)


The meet-in-the-middle attack can be used for forging signatures on mixed-type digital signature schemes, and takes less time than an exhaustive attack. This paper formulates a meet-in-the-middle attack on mixed-type digital signature schemes, shows the necessary conditions for success, and discusses the relationships between computational and space complexities as well as success probability during the attack. We also analyze an optimal strategy for forgers to apply this attack, pointing out that an intermediate value of 64 bit length is not secure for any mixed-type digital signature scheme. Finally, we show how to design secure mixed-type digital signature schemes.

Key words

Authentication Digital signature Hash function One-way function Meet-in-the-middle attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Diffie, W., and Hellman, M.: “New direction in cryptography”, IEEE Trans. Inf. Theory. IT-22, 6, pp.644–654 (Nov. 1976)Google Scholar
  2. [2]
    Akl, S. G.: “Digital signatures: A tutorial survey”, IEEE Computer, 16, 2, pp.15–24 (Feb. 1983)Google Scholar
  3. [3]
    Denning, D. E.: “Protecting public keys and signature keys”, IEEE Computer, 16, 2, pp.27–35 (Feb. 1983)Google Scholar
  4. [4]
    Davies, D. W.: “Applying the RSA digital signature to electronic mail”, IEEE Computer, 16, 2, pp.55–62 (Feb. 1983)Google Scholar
  5. [5]
    Koyama, K.: “Fast and Secure Digital Signature Using Public-Key Cryptosystems”, Trans. of IECE of Japan, J67-D, 3, pp.305–312 (Mar. 1984)Google Scholar
  6. [6]
    Ohta, K., and Koyama, K.: “A meet-in-the-middle attack against digital signature methods”, Trans. of IECE of Japan, J70-D, 2, pp.415–422 (Feb. 1987)Google Scholar
  7. [7]
    Davies, D. W., and Price, W. L.: “The application of digital signatures based on public key cryptosystems”, Proc of ICC, pp.525–530 (Oct. 1980)Google Scholar
  8. [8]
    Diffie, W., and Hellman, M.: “Exhaustive cryptanalysis of the NBS data encryption standard”, IEEE Computer. 10, 6, pp.74–84 (June. 1977)Google Scholar
  9. [9]
    National Bureau of Standards: “Data Encryption Standard”, FIPS PUB 46, NBS (Jan. 1977)Google Scholar
  10. [10]
    Rabin, M. O.: “Digitalized signatures and public-key functions as intractable as factorization”, Tech. Rep. MIT/LCS/TR MIT Lab. Comput. Sci. (1979)Google Scholar
  11. [11]
    International Organization for Standardization: “Modes of operation for a 64bit block cipher algorithm, ISO8372 (1987)Google Scholar
  12. [12]
    Rivest, R. L., Shamir, A., and Adlemen, L.: “A method of obtaining digital signature and public-key cryptosystems”, Commun. ACM, 21, 2, pp.120–126 (Feb. 1978)Google Scholar
  13. [13]
    Winternitz, R. S.: “Producing a one-way hash function from DES”, Advances in Cryptology Proceedings of Crypto 83, Plenum Press, pp.203–207, New York (1984)Google Scholar
  14. [14]
    Akl, S. G.: “On the security of compressed encoding”, Advances in Cryptology Proceedings of Crypto 83, Plenum Press, pp.209–230, New York (1984)Google Scholar
  15. [15]
    Coppersmith, D.: “Another birthday attack (Draft)”, Proceedings of Crypto 85, Lecture Note in Computer Science, 218, Springer-Verlag, pp.14–17 (1986)Google Scholar
  16. [16]
    Merkle, R. C.: “On the Security of Multiple Encryption”, Commun. ACM, 24, 7, pp.465–467 (1981)Google Scholar
  17. [17]
    Even, S., and Goldreich, O.: “On the power of cascade cipher”, Advances in Cryptology Proceedings of Crypto 83, Plenum Press, pp.43–50, New York (1984)Google Scholar
  18. [18]
    Rabin, M. O,: “Digital signatures”, Foundation of Secure Computation, Academic Press (1978)Google Scholar
  19. [19]
    Mueller-Schloer, C.: “DES-generated checksum for electronic signatures”, Cryptologia, pp.257–273 (July 1983)Google Scholar
  20. [20]
    Yuval, G.: “How to swindle Rabin”, Cryptologia, 3, 3, pp.187–190 (July 1979)Google Scholar
  21. [21]
    Girault, M., Cohen, R., and Campana, M.: “A Generalized Birthday Attack”, Proceedings of Eurocrypt 88, Lecture Note in Computer Science, 330, Springer-Verlag, pp.129–156 (1988)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Kazuo Ohta
    • 1
  • Kenji Koyama
    • 1
    • 2
  1. 1.NTT Communications and Information Processing LaboratoriesNippon Telegraph and Telephone CorporationKanagawaJapan
  2. 2.NTT Basic Research LaboratoriesNippon Telegraph and Telephone CorporationTokyoJapan

Personalised recommendations