Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192


In this paper we propose a notion of related-key rectangle attack using 4 related keys. It is based on two consecutive related-key differentials which are independent of each other. Using this attack we can break SHACAL-1 with 512-bit keys up to 70 rounds out of 80 rounds and AES with 192-bit keys up to 8 rounds out of 12 rounds, which are faster than exhaustive search.

The first author was supported by the Post-doctoral Fellowship Program of Korea Science & Engineering Foundation (KOSEF). The second and the third authors were supported by the MIC(Ministry of Information and Communication), Korea, supervised by the IITA(Institute of Information Technology Assessment.)