Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
Analysis of SHA-1 in Encryption Mode
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Slide Attacks with a Known-Plaintext Cryptanalysis
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Differential Collisions in SHA-0
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
The Rectangle Attack - Rectangling the Serpent
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Amplified Boomerang Attack against Reduced-Round SHACAL
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
New Results on Boomerang and Rectangle Attacks
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Related-key rectangle attacks on reduced versions of SHACAL-1 and AES-192
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of SHA-0 and reduced SHA-1
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Related-Key boomerang and rectangle attacks
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Improved Related-key Attacks on DESX and DESX+
Cryptologia
Reflection Cryptanalysis of Some Ciphers
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Related-key attacks on the Py-family of ciphers and an approach to repair the weaknesses
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Pseudorandom functions and permutations provably secure against related-key attacks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Notions and relations for RKA-secure permutation and function families
Designs, Codes and Cryptography
| Hi-index | 0.00 |
SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions. In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.