- SHACAL
Infobox block cipher
name = SHACAL
caption =
designers =Helena Handschuh ,David Naccache
publish date =
derived from = SHA-1, SHA-256
derived to =
related to = Crab
certification =NESSIE (SHACAL-2)
key size = 128 to 512 bits
block size = 160 bits (SHACAL-1), 256 bits (SHACAL-2)
structure =Cryptographic hash function
rounds = 80
cryptanalysis =In
cryptography , SHACAL-1 and SHACAL-2 areblock cipher s based oncryptographic hash function s from the SHA family. They were designed byHelena Handschuh andDavid Naccache of thesmart card manufacturerGemplus .SHACAL-1 (originally simply SHACAL) is a 160-bit block cipher based on SHA-1, and supports keys from 128-bit to 512-bit. SHACAL-2 is a 256-bit block cipher based upon the larger hash function
SHA-256 .Both SHACAL-1 and SHACAL-2 were selected for the second phase of the
NESSIE project. However, in 2003, SHACAL-1 was not recommended for the NESSIE portfolio because of concerns about its key schedule, while SHACAL-2 was finally selected as one of the 17 NESSIE finalists.Design
SHACAL-1 is based on the following observation of SHA-1:
The hash function SHA-1 is designed around a compression function. This function takes as input a 160-bit state and a 512-bit data word and outputs a new 160-bit state after 80 rounds. The hash function works by repeatedly calling this compression function with successive 512-bit data blocks and each time updating the state accordingly. This compression function is easily invertible if the data block is known, i.e. given the data block on which it acted and the output of the compression function, one can compute that state that went in.
SHACAL-1 turns the SHA-1 compression function into a block cipher by using the state input as the data block and using the data input as the key input. In other words SHACAL-1 views the SHA-1 compression function as an 80-round, 160-bit block cipher with a 512-bit key. Keys shorter than 512 bits are supported by padding them with zero up to 512. SHACAL-1 is not intended to be used with keys shorter than 128-bit.
Security of SHACAL-1
In the paper "Related-key rectangle attack on the full SHACAL-1", 2006, Orr Dunkelman, Nathan Keller and Jongsung Kim presented a related-key rectangle attack on the full 80 rounds of SHACAL-1.
In the paper "Differential and Rectangle Attacks on Reduced-Round SHACAL-1", Jiqiang Lu, Jongsung Kim, Nathan Keller and Orr Dunkelman presented rectangle attacks on the first 51 rounds and a series of 52 inner rounds of SHACAL-1 and presented differential attacks on the first 49 rounds and a series of 55 inner rounds of SHACAL-1. These are the best currently known cryptanalytic results on SHACAL-1 in a single key attack scenario.
Security of SHACAL-2
In the paper "Related-Key Rectangle Attack on 42-Round SHACAL-2", Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman presented a related-key rectangle attack on 42-round SHACAL-2. This is the best currently known cryptanalytic result on SHACAL-2.
External links
[http://www.ma.huji.ac.il/~nkeller Nathan Keller's homepage]
References
* cite conference
author =Eli Biham ,Orr Dunkelman , Nathan Keller
title = Rectangle Attacks on 49-Round SHACAL-1
booktitle = 10th International Workshop onFast Software Encryption (FSE '03)
pages = pp.22–35
publisher =Springer-Verlag
date = 2003-02
location =Lund
url = http://vipe.technion.ac.il/~orrd/crypt/shacal.pdf
format =PDF
accessdate = 2007-07-02
* cite conference
author = Helena Handschuh,Lars R. Knudsen ,Matthew J. B. Robshaw
title = Analysis of SHA-1 in Encryption Mode
booktitle = CT-RSA 2001, The Cryptographer's Track at RSA Conference 2001
pages = pp.70–83
publisher = Springer-Verlag
date = 2001-04
location =San Francisco, California
url = http://citeseer.ist.psu.edu/693913.html
format = PDF/PostScript
accessdate = 2007-07-02
* cite conference
author = Seokhie Hong, Jongsung Kim, Guil Kim, Jaechul Sung, Changhoon Lee, Sangjin Lee
title = Impossible Differential Attack on 30-Round SHACAL-2
booktitle = 4th International Conference on Cryptology in India (INDOCRYPT 2003)
pages = pp.97–106
publisher = Springer-Verlag
date = 2003-12
location =New Delhi
* cite conference
author = Jongsung Kim, Guil Kim, Sangjin Lee, Jongin Lim, Junghwan Song
title = Related-Key Attacks on Reduced Rounds of SHACAL-2
booktitle = INDOCRYPT 2004
pages = pp.175–190
publisher = Springer-Verlag
date = 2004-12
location =Chennai
* cite conference
author = Jongsung Kim, Guil Kim, Seokhie Hong, Sangjin Lee, Dowon Hong
title = The Related-Key Rectangle Attack — Application to SHACAL-1
booktitle = 9th Australasian Conference on Information Security and Privacy (ACISP 2004)
pages= pp.123–136
publisher = Springer-Verlag
date = 2004-07
location =Sydney
* cite conference
author = Jongsung Kim, Dukjae Moon, Wonil Lee, Seokhie Hong, Sangjin Lee, Seokwon Jung
title = Amplified Boomerang Attack against Reduced-Round SHACAL
booktitle =ASIACRYPT 2002
pages = pp.243–253
publisher = Springer-Verlag
date = 2002-12
location =Queenstown, New Zealand
* cite conference
author = Markku-Juhani Olavi Saarinen
title = Cryptanalysis of Block Ciphers Based on SHA-1 and MD5
booktitle = FSE '03
pages = pp.36–44
publisher = Springer-Verlag
date = 2003-02
location = Lund
url = http://www.m-js.com/doc/saarinen_sha_md5.pdf
format = PDF
accessdate = 2007-07-02
* cite conference
author = YongSup Shin, Jongsung Kim, Guil Kim, Seokhie Hong, Sangjin Lee
title = Differential-Linear Type Attacks on Reduced Rounds of SHACAL-2
booktitle = ACISP 2004
pages = pp.110–122
publisher = Springer-Verlag
date = 2004-07
location = Sydney
* cite conference
author = Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman
title = Related-Key Rectangle Attack on 42-Round SHACAL-2
booktitle = Information Security, 9th International Conference (ISC 2006)
pages = pp.85–100
publisher = Springer-Verlag
date = 2006
location =Samos Island
url = http://www.isg.rhul.ac.uk/~jiqiang/Papers/ISC2006.pdf
format = PDF
accessdate = 2007-07-02
* cite conference
author = Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman
title = Differential and Rectangle Attacks on Reduced-Round SHACAL-1
booktitle = INDOCRYPT 2006
pages = pp.17–31
publisher = Springer-Verlag
date = 2006-12
location =Kolkata
url = http://homes.esat.kuleuven.be/~kjongsun/papers/indocrypt2006.pdf
format = PDF
accessdate = 2007-07-02
* cite conference
author = O. Dunkelman, N. Keller, J. Kim
title = Related-key rectangle attack on the full SHACAL-1
booktitle =Selected Areas in Cryptography (SAC 2006), to appear
pages = 16 pages
publisher = Springer-Verlag
date = 2006-08
location =Montreal
url = http://www.cosic.esat.kuleuven.be/publications/article-852.ps
format = PostScript
accessdate = 2007-07-02
Wikimedia Foundation. 2010.
