We address a class of authentication protocols called “HB” ones and the man-in-the-middle (MIM) attack, reported at the ASIACRYPT conference, called OOV-MIM (Ouafi-Overbeck-Vaudenay MIM). Analysis of the considered attack and its systematic experimental evaluation are given. It is shown that the main component of OOV-MIM, the algorithm for measuring the Hamming weight of noise vectors, outputs incorrect results as a consequence of the employed approximation of the probability distributions. The analysis reveals that, practically, the only scenario in which the OOV-MIM attack is effective is the one in which two incorrect estimations produced by the algorithm for measuring the Hamming weight, when coupled, give the correct result. This paper provides additional insights into the OOV-MIM and corrected claims about the performance/complexity showing that the performances of the considered attack have been overestimated, i.e., that the complexity of the attack has been underestimated. Particularly, the analysis points out the reasons for the incorrect claims and to the components of the attack that do not work as expected.

中文翻译：

---

重新审视针对某些身份验证协议的中间人攻击：对方法和性能重新评估的见解

在ASIACRYPT会议上报道的称为OOV-MIM（Ouafi-Overbeck-Vaudenay MIM）的中间人（MIM）攻击，我们将解决一类称为“ HB”的身份验证协议。给出了考虑的攻击的分析及其系统的实验评估。结果表明，由于采用了近似的概率分布，OOV-MIM的主要组件（用于测量噪声向量的汉明权重的算法）输出不正确的结果。分析表明，实际上，唯一有效的OOV-MIM攻击情形是，耦合测汉明权重的算法产生的两个不正确的估计在结合时给出正确的结果。本文提供了对OOV-MIM的其他见解，并更正了有关性能/复杂性的主张，表明所考虑的攻击的性能已被高估，即，攻击的复杂性已被低估。特别是，分析指出了错误声明的原因以及攻击组件无法按预期运行。