Security Encyclopedia

Meet-in-the-Middle (MitM) Attack

A Meet-in-the-Middle (MitM) Attack is a kind of cryptanalytic attack where the attacker uses some kind of space or time tradeoff to aid the attack.

Specifically, MitMs attempt to reduce the amount of difficulty required to carry out the assault in its original state. MitMs can take the form of dividing the target communication into two so that each piece can be addressed individually. It could mean transforming an attack requiring X amount of time into one requiring Y time and Z space. The aim is to significantly reduce the effort needed to perform a brute-force attack.

Meet-in-the-middle and man-in-the-middle (MitMs, both) are often conflated. The difference between the two is that the “man” variant is where the attacker places themselves between the two users, eavesdropping or altering the conversation to carry out an attack. The “meet” variant is not interactive, and indeed the term “meet” refers to “let’s meet in the middle” or find middle ground by halving, for example, the perceived time that is required to crack encryption when the problem is first encountered.

Example:

“Meet-in-the-Middle adversaries try to reconcile the difficulty involved in a large cryptanalytic attack by ‘meeting in the middle’, or halving the portion of what they are analyzing to make the effort feasible or reasonable in their view.”