SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of the evaluation.
In this paper we devise the first known attack on the full 80-round SHACAL-1 faster than exhaustive key search. The related-key differentials used in the attack are based on transformation of the collision-producing differentials of SHA-1 presented by Wang et al.
|Title of host publication
|Selected Areas in Cryptography
|Eli Biham, Amr M. Youssef
|Place of Publication
|Published - 2007
|Lecture Notes in Computer Science