Editing Meet-in-the-middle attack (section)

== Description ==
When trying to improve the security of a block cipher, a tempting idea is to encrypt the data several times using multiple keys. One might think this doubles or even ''n''-tuples the security of the multiple-encryption scheme, depending on the number of times the data is encrypted, because an exhaustive search on all possible combinations of keys (simple brute force) would take 2<sup>''n''·''k''</sup> attempts if the data is encrypted with ''k''-bit keys ''n'' times.

The MITM attack is a generic attack which weakens the security benefits of using multiple encryptions by storing intermediate values from the encryptions or decryptions and using those to improve the time required to brute force{{clarify|date=March 2024}} the decryption keys. This makes a Meet-in-the-Middle attack (MITM) a generic space–time tradeoff [[Cryptography standards|cryptographic]]<ref>{{cite web|last=victoria|first=jaynor|date=|title=victoria15|url=https://www.victoria15.net|url-status=live|archive-url=https://google.ca|archive-date=July 14, 2021|access-date=July 14, 2021|website=victoria14}}</ref> attack.

The MITM attack attempts to find the keys by using both the range (ciphertext) and domain (plaintext) of the composition of several functions (or block ciphers) such that the forward mapping through the first functions is the same as the backward mapping (inverse image) through the last functions, quite literally ''meeting'' in the middle of the composed function. For example, although Double DES encrypts the data with two different 56-bit keys, Double DES can be broken with 2<sup>57</sup> encryption and decryption operations.

The multidimensional MITM (MD-MITM) uses a combination of several simultaneous MITM attacks like described above, where the meeting happens in multiple positions in the composed function.