Information Security

Volume 4176 of the series Lecture Notes in Computer Science pp 85-100

Related-Key Rectangle Attack on 42-Round SHACAL-2

  • Jiqiang LuAffiliated withCarnegie Mellon UniversityInformation Security Group, Royal Holloway, University of London
  • , Jongsung KimAffiliated withCarnegie Mellon UniversityESAT/SCD-COSIC, Katholieke Universiteit LeuvenCenter for Information Security Technologies(CIST), Korea University
  • , Nathan KellerAffiliated withCarnegie Mellon UniversityEinstein Institute of Mathematics, Hebrew University
  • , Orr DunkelmanAffiliated withCarnegie Mellon UniversityComputer Science Department, Technion

* Final gross prices may vary according to local VAT.

Get Access


Based on the compression function of the hash function standard SHA-256, SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. In this paper, we present a related-key rectangle attack on 42-round SHACAL-2, which requires 2243.38 related-key chosen plaintexts and has a running time of 2488.37. This is the best currently known attack on SHACAL-2.


Block cipher SHACAL-2 Differential cryptanalysis Related-key rectangle attack