Attacking 44 rounds of the SHACAL-2 block cipher using related-key rectangle cryptanalysis

J. Lu, J. Kim

Research output: Contribution to journalArticleAcademicpeer-review

14 Citations (Scopus)


SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. It is a NESSIE selected block cipher algorithm. In this paper, we observe that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, we can check the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, we can discard the quartet immediately. We next exploit a 35-round related-key rectangle distinguisher with probability 2–460 for the first 35 rounds of SHACAL-2, which is built on an existing 24-round related-key differential and a new 10-round differential. Finally, taking advantage of the above observation, we use the distinguisher to mount a related-key rectangle attack on the first 44 rounds of SHACAL-2. The attack requires 2233 related-key chosen plaintexts, and has a time complexity of 2497.2 computations. This is better than any previously published cryptanalytic results on SHACAL-2 in terms of the numbers of attacked rounds.
Original languageEnglish
Pages (from-to)2588-2596
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Issue number9
Publication statusPublished - 2008


Dive into the research topics of 'Attacking 44 rounds of the SHACAL-2 block cipher using related-key rectangle cryptanalysis'. Together they form a unique fingerprint.

Cite this