Meet-in-the-middle attack

A meet-in-the-middle attack is a time-memory tradeoff cryptanalytic technique that reduces the effective key space of a multiple-encryption scheme by searching from both ends simultaneously. First described by Diffie and Hellman in 1977, the attack applies to ciphers that use multiple independent keys — such as Double-DES or Triple-DES — by encrypting the plaintext with all possible values of the first key and storing the results, then decrypting the ciphertext with all possible values of the second key and looking for a match. The attack reduces the time complexity from 2^(2n) to 2^(n+1) for a two-key scheme, rendering Double-DES no more secure than single DES and forcing Triple-DES to use three keys rather than two.

The attack is a classic example of how composition does not always multiply security. Encrypting with two independent keys might seem to square the key space, but the meet-in-the-middle attack reveals that the composition has a structural weakness: the intermediate value can be reached from both directions. This is a systems-level insight that applies beyond cryptography. In any layered security architecture, the security of the whole is not the product of the security of the parts if the layers can be decoupled and attacked independently. The meet-in-the-middle attack is the cryptographic embodiment of this principle: the interface between the two encryption layers is the weakest point, and the attacker exploits it by meeting in the middle.