TY - JOUR

T1 - Attacking 44 rounds of the SHACAL-2 block cipher using related-key rectangle cryptanalysis

AU - Lu, J.

AU - Kim, J.

PY - 2008

Y1 - 2008

N2 - SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. It is a NESSIE selected block cipher algorithm. In this paper, we observe that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, we can check the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, we can discard the quartet immediately. We next exploit a 35-round related-key rectangle distinguisher with probability 2–460 for the first 35 rounds of SHACAL-2, which is built on an existing 24-round related-key differential and a new 10-round differential. Finally, taking advantage of the above observation, we use the distinguisher to mount a related-key rectangle attack on the first 44 rounds of SHACAL-2. The attack requires 2233 related-key chosen plaintexts, and has a time complexity of 2497.2 computations. This is better than any previously published cryptanalytic results on SHACAL-2 in terms of the numbers of attacked rounds.

AB - SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. It is a NESSIE selected block cipher algorithm. In this paper, we observe that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, we can check the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, we can discard the quartet immediately. We next exploit a 35-round related-key rectangle distinguisher with probability 2–460 for the first 35 rounds of SHACAL-2, which is built on an existing 24-round related-key differential and a new 10-round differential. Finally, taking advantage of the above observation, we use the distinguisher to mount a related-key rectangle attack on the first 44 rounds of SHACAL-2. The attack requires 2233 related-key chosen plaintexts, and has a time complexity of 2497.2 computations. This is better than any previously published cryptanalytic results on SHACAL-2 in terms of the numbers of attacked rounds.

U2 - 10.1093/ietfec/e91-a.9.2588

DO - 10.1093/ietfec/e91-a.9.2588

M3 - Article

SN - 0916-8508

VL - E91-A

SP - 2588

EP - 2596

JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

IS - 9

ER -