A simple related-key attack on the full SHACAL-1

Eli Biham, Orr Dunkelman, Nathan Keller

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations


SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions. In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.

Original languageEnglish
Title of host publicationTopics in Cryptology
Subtitle of host publicationCT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings
EditorsMasayuki Abe
PublisherSpringer Verlag
Number of pages11
ISBN (Print)9783540693277
StatePublished - 2007
Externally publishedYes
EventCryptographers Track at the RSA Conference, CT-RSA 2007 - San Francisco, United States
Duration: 5 Feb 20079 Feb 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4377 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceCryptographers Track at the RSA Conference, CT-RSA 2007
Country/TerritoryUnited States
CitySan Francisco

Bibliographical note

Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2007.


★ This work was supported in part by the Israel MOD Research and Technology Unit. ★★ The author was supported by the Adams fellowship.

FundersFunder number
Israel MOD Research and Technology Unit


    Dive into the research topics of 'A simple related-key attack on the full SHACAL-1'. Together they form a unique fingerprint.

    Cite this