A Simple Related-Key Attack on the Full SHACAL-1

  • Eli Biham
  • Orr Dunkelman
  • Nathan Keller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4377)

Abstract

SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions.

In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. Journal of Cryptology 7(4), 229–246 (1994)MATHCrossRefGoogle Scholar
  2. 2.
    Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Dunkelman, O., Keller, N.: The Rectangle Attack – Rectangling the Serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Dunkelman, O., Keller, N.: New Results on Boomerang and Rectangle Attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Dunkelman, O., Keller, N.: Rectangle Attacks on 49-Round SHACAL-1. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 22–35. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507–525. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Biham, E., Dunkelman, O., Keller, N.: Improved Slide Attacks. Private communicationGoogle Scholar
  9. 9.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)MATHGoogle Scholar
  10. 10.
    Biryukov, A., Wagner, D.: Slide Attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Biryukov, A., Wagner, D.: Advanced Slide Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 586–606. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)Google Scholar
  13. 13.
    Dunkelman, O., Keller, N., Kim, J.: Related-Key Rectangle Attack on the Full SHACAL-1. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Furuya, S.: Slide Attacks with a Known-Plaintext Cryptanalysis. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 214–225. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Handschuh, H., Knudsen, L.R., Robshaw, M.J.: Analysis of SHA-1 in Encryption Mode. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 70–83. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Handschuh, H., Naccache, D.: SHACAL. In: Preproceedings of NESSIE first workshop, Leuven (2000)Google Scholar
  17. 17.
    Hong, S., Kim, J., Kim, G., Lee, S., Preneel, B.: Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 368–383. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Kelsey, J., Kohno, T., Schneier, B.: Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Kim, J., Kim, G., Hong, S., Lee, S., Hong, D.: The Related-Key Rectangle Attack — Application to SHACAL-1. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 123–136. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Kim, J., Moon, D., Lee, W., Hong, S., Lee, S., Jung, S.: Amplified Boomerang Attack against Reduced-Round SHACAL. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 243–253. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Knudsen, L.R.: Cryptanalysis of LOKI91. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 196–208. Springer, Heidelberg (1993)Google Scholar
  23. 23.
    Saarinen, M.-J.O.: Cryptanalysis of Block Ciphers Based on SHA-1 and MD5. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 36–44. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    NESSIE – New European Schemes for Signatures, Integrity and Encryption, http://www.nessie.eu.org/nessie
  25. 25.
    NESSIE, Portfolio of recommended cryptographic primitivesGoogle Scholar
  26. 26.
    NESSIE, Performance of Optimized Implementations of the NESSIE Primitives, NES/DOC/TEC/WP6/D21/2Google Scholar
  27. 27.
    US National Bureau of Standards, Secure Hash Standard, Federal Information Processing Standards Publications No. 180-2 (2002)Google Scholar
  28. 28.
    Van Den Bogeart, E., Rijmen, V.: Differential Analysis of SHACAL, NESSIE internal report NES/DOC/KUL/WP3/009/a (2001)Google Scholar
  29. 29.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  30. 30.
    Wang, X., Yao, A.C., Yao, F.: Cryptanalysis on SHA-1. In: Cryptographic Hash Workshop, NIST, Gaithersburg (2005)Google Scholar
  31. 31.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  33. 33.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  34. 34.
    Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Eli Biham
    • 1
  • Orr Dunkelman
    • 1
    • 2
  • Nathan Keller
    • 3
  1. 1.Computer Science DepartmentTechnionHaifaIsrael
  2. 2.Katholieke Universiteit Leuven, ESAT/SCD-COSICLeuven-HeverleeBelgium
  3. 3.Einstein Institute of MathematicsHebrew UniversityJerusalemIsrael

Personalised recommendations