@inbook{89c9d6813b084042b2bd5658dddba44f,
title = "A Simple Related-Key Attack on the Full SHACAL-1",
abstract = "SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions. In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.",
author = "Eli Biham and Orr Dunkelman and N. Keller",
year = "2007",
language = "American English",
volume = "4377",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "20--30",
editor = "Masayuki Abe",
booktitle = "Topics in Cryptology – CT-RSA 2007",
}