Rectangle attacks on 49-round SHACAL-1

Eli Biham, Orr Dunkelman, Nathan Keller

Research output: Contribution to journalArticlepeer-review


SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of the evaluation. In this paper we present rectangle attacks on 49 rounds out of the 80 rounds of SHACAL-1. The attacks require 2151.9 chosen plaintexts or ciphertexts and have time complexity of 2508.5 49-round SHACAL-1 encryptions. These are the best known attacks against SHACAL-1. In this paper we also identity and fix some flaws in previous attacks on SHACAL-1.

Original languageEnglish
Pages (from-to)22-35
Number of pages14
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
StatePublished - 2003
Externally publishedYes

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Rectangle attacks on 49-round SHACAL-1'. Together they form a unique fingerprint.

Cite this