Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
New types of cryptanalytic attacks using related keys
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Related-key rectangle attack on 43-round SHACAL-2
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Related-key rectangle attack on 42-round SHACAL-2
ISC'06 Proceedings of the 9th international conference on Information Security
Related-key rectangle attacks on reduced versions of SHACAL-1 and AES-192
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Related-Key boomerang and rectangle attacks
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Related-Key attacks on reduced rounds of SHACAL-2
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Memoryless Related-Key Boomerang Attack on 39-Round SHACAL-2
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
The (related-key) impossible boomerang attack and its application to the AES block cipher
Designs, Codes and Cryptography
Second-Order differential collisions for reduced SHA-256
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. It is a NESSIE selected block cipher algorithm. In this paper, we observe that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, we can check the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, we can discard the quartet immediately. We next exploit a 35-round related-key rectangle distinguisher with probability 2-460 for the first 35 rounds of SHACAL-2, which is built on an existing 24-round related-key differential and a new 10-round differential. Finally, taking advantage of the above observation, we use the distinguisher to mount a related-key rectangle attack on the first 44 rounds of SHACAL-2. The attack requires 2233 related-key chosen plaintexts, and has a time complexity of 2497.2 computations. This is better than any previously published cryptanalytic results on SHACAL-2 in terms of the numbers of attacked rounds.