A Simple Related-Key Attack on the Full SHACAL-1

Eli Biham, Orr Dunkelman, N. Keller

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

Abstract

SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions. In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.
Original languageAmerican English
Title of host publicationTopics in Cryptology – CT-RSA 2007
EditorsMasayuki Abe
Place of PublicationBerlin Heidelberg
PublisherSpringer
Pages20-30
Volume4377
StatePublished - 2007

Publication series

NameLecture Notes in Computer Science

Fingerprint

Dive into the research topics of 'A Simple Related-Key Attack on the Full SHACAL-1'. Together they form a unique fingerprint.

Cite this