# Talk:Meet-in-the-middle attack

## Query

This doesn't make sense:

... Naively, one might think that this would double the security of the double-encryption scheme.

Merkle and Hellman, however, devised a time-memory tradeoff that could break the scheme in only double the time to break the single-encryption scheme. The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle.

Maybe it should read something like this (I don't know if this is right or not):

... Naively, one might think that this would increase the security of the double-encryption scheme by a factor of 281474976710656 (2112 / 256).

Merkle and Hellman, however, devised a time-memory tradeoff that could break the scheme in only double the time to break the single-encryption scheme. The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle.

RamanGupta 29 June 2005 21:43 (UTC)

The security of cryptographic schemes is usually expressed as a logarithmic measurement, ie. we say that the security of AES is 128 bits. I have tried added a sentence to clarify that we go from 2^56 to 2^112. Rasmus (talk) 30 June 2005 07:28 (UTC)

Are there indices missing for K in the last paragraph ? —Preceding unsigned comment added by 88.68.209.194

No, K stands for all possible keys. K_1 and K_2 are special keys
```(talk) 11:25, 19 November 2007 (UTC)
```

The link to the paper is dead. Zian (talk) 12:37, 21 April 2009 (UTC)

## The MD-MITM part is unreadable

It's impossible to understand the multidimensional MITM part of the article without an example. I've spent more than a day, trying to figure out how it works. It really needs an example, e.g. "suppose the initial text was 101010 and cypher-text is 00000; the number of cyphering steps is 4 and the (unknown) keys for the steps are 111111, 110011, 110000, 000011 and the cyphering process is XOR with the key; then, the attacker makes an assumption, that the intermediate cipher-text, obtained after the application of the first cypher-key is 011111"... A picture or a cartoon with example is needed. — Preceding unsigned comment added by 91.79.13.177 (talk) 13:18, 24 November 2012 (UTC)

## O(1) space?

Is this really correct? Eg. we don't even need to maintain a pointer into the input? 213.161.190.227 (talk) 18:37, 14 March 2011 (UTC)

Yes, of course it's correct. Big-O notation ignores constant overhead, even when that overhead is much larger than normal growth. Since the storage requirements don't grow, the algorithm is O(1).Foxyshadis(talk) 01:43, 28 September 2011 (UTC)

## Looks like Original Research or Synthesis

The main topic of the article is well-established and notable. However some sections appear to be original research. The references regarding multi-dimensional meet-in-the-middle are from a pre-print archive, which I might suggest does not conduct peer-review to the standards set forth by Wikipedia guidelines (the OR tag, to be added presently, will take you to those guidelines). Further, I could not find any reference on Google scholar to a more recent peer reviewed version. So I'm tagging accordingly. Adray1337 (talk) 15:55, 5 May 2013 (UTC)

## No - it doesn't really work

It is possible to find a 112 = 2 x 56 bits key that transforms one 64 bits plaintext block in a given cipher text block. This seems to be the solution, but it is not. since key is larger than the plaintext and cipher blocks. Why not? Beause there are many keys that transform one plaintext block in one chipher block. But, only one key will decrypt the whole message. 109.90.224.162 (talk) 11:05, 3 July 2016 (UTC)

``` — Preceding unsigned comment added by 109.90.224.162 (talk) 10:30, 3 July 2016 (UTC)
```