A simple related-key attack on the full SHACAL-1

Eli Biham; Orr Dunkelman; Nathan Keller

doi:10.1007/11967668_2

A simple related-key attack on the full SHACAL-1

Eli Biham, Orr Dunkelman, Nathan Keller

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2⁴²⁰ encryptions. In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 2⁶². When all eight related-keys are used, the attack requires 2^101.3 related-key chosen plaintexts and has a running time of 2^101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.

Original language	English
Title of host publication	Topics in Cryptology
Subtitle of host publication	CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings
Editors	Masayuki Abe
Publisher	Springer Verlag
Pages	20-30
Number of pages	11
ISBN (Print)	9783540693277
DOIs	https://doi.org/10.1007/11967668_2
State	Published - 2007
Externally published	Yes
Event	Cryptographers Track at the RSA Conference, CT-RSA 2007 - San Francisco, United States Duration: 5 Feb 2007 → 9 Feb 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4377 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Cryptographers Track at the RSA Conference, CT-RSA 2007
Country/Territory	United States
City	San Francisco
Period	5/02/07 → 9/02/07

Bibliographical note

Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2007.

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/11967668_2

Cite this

Biham, E., Dunkelman, O., & Keller, N. (2007). A simple related-key attack on the full SHACAL-1. In M. Abe (Ed.), Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings (pp. 20-30). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4377 LNCS). Springer Verlag. https://doi.org/10.1007/11967668_2

Biham, Eli ; Dunkelman, Orr ; Keller, Nathan. / A simple related-key attack on the full SHACAL-1. Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. editor / Masayuki Abe. Springer Verlag, 2007. pp. 20-30 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b1c25a73c98d4b0a9535ca0e0094d45d,

title = "A simple related-key attack on the full SHACAL-1",

abstract = "SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions. In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.",

author = "Eli Biham and Orr Dunkelman and Nathan Keller",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 2007.; Cryptographers Track at the RSA Conference, CT-RSA 2007 ; Conference date: 05-02-2007 Through 09-02-2007",

year = "2007",

doi = "10.1007/11967668\_2",

language = "English",

isbn = "9783540693277",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "20--30",

editor = "Masayuki Abe",

booktitle = "Topics in Cryptology",

address = "Germany",

}

Biham, E, Dunkelman, O & Keller, N 2007, A simple related-key attack on the full SHACAL-1. in M Abe (ed.), Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4377 LNCS, Springer Verlag, pp. 20-30, Cryptographers Track at the RSA Conference, CT-RSA 2007, San Francisco, United States, 5/02/07. https://doi.org/10.1007/11967668_2

A simple related-key attack on the full SHACAL-1. / Biham, Eli; Dunkelman, Orr; Keller, Nathan.
Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. ed. / Masayuki Abe. Springer Verlag, 2007. p. 20-30 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4377 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A simple related-key attack on the full SHACAL-1

AU - Biham, Eli

AU - Dunkelman, Orr

AU - Keller, Nathan

PY - 2007

Y1 - 2007

N2 - SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions. In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.

AB - SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of evaluation. Since its introduction, SHACAL-1 withstood extensive cryptanalytic efforts. The best known key recovery attack on the full cipher up to this paper has a time complexity of about 2420 encryptions. In this paper we use an observation due to Saarinen to present an elegant related-key attack on SHACAL-1. The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 262. When all eight related-keys are used, the attack requires 2101.3 related-key chosen plaintexts and has a running time of 2101.3 encryptions. This is the first successful related-key key recovery attack on a cipher with varying round constants.

UR - https://www.scopus.com/pages/publications/84897580639

U2 - 10.1007/11967668_2

DO - 10.1007/11967668_2

M3 - Conference contribution

AN - SCOPUS:84897580639

SN - 9783540693277

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 20

EP - 30

BT - Topics in Cryptology

A2 - Abe, Masayuki

PB - Springer Verlag

T2 - Cryptographers Track at the RSA Conference, CT-RSA 2007

Y2 - 5 February 2007 through 9 February 2007

ER -

Biham E, Dunkelman O, Keller N. A simple related-key attack on the full SHACAL-1. In Abe M, editor, Topics in Cryptology: CT-RSA 2007 - The Cryptographers Track at the RSA Conference 2007, Proceedings. Springer Verlag. 2007. p. 20-30. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11967668_2

A simple related-key attack on the full SHACAL-1

Abstract

Publication series

Conference

Bibliographical note

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this