A Simple Related-Key Attack on the Full SHACAL-1

  • Eli Biham
  • Orr Dunkelman
  • Nathan Keller
Conference paper

DOI: 10.1007/11967668_2

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4377)
Cite this paper as:
Biham E., Dunkelman O., Keller N. (2006) A Simple Related-Key Attack on the Full SHACAL-1. In: Abe M. (eds) Topics in Cryptology – CT-RSA 2007. CT-RSA 2007. Lecture Notes in Computer Science, vol 4377. Springer, Berlin, Heidelberg

Abstract

SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions.

In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Eli Biham
    • 1
  • Orr Dunkelman
    • 1
    • 2
  • Nathan Keller
    • 3
  1. 1.Computer Science DepartmentTechnionHaifaIsrael
  2. 2.Katholieke Universiteit Leuven, ESAT/SCD-COSICLeuven-HeverleeBelgium
  3. 3.Einstein Institute of MathematicsHebrew UniversityJerusalemIsrael

Personalised recommendations