Movatterモバイル変換

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

Abstract

SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. It is a NESSIE selected block cipher algorithm. In this paper, we observe that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, we can check the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, we can discard the quartet immediately. We next exploit a 35-round related-key rectangle distinguisher with probability 2^-460 for the first 35 rounds of SHACAL-2, which is built on an existing 24-round related-key differential and a new 10-round differential. Finally, taking advantage of the above observation, we use the distinguisher to mount a related-key rectangle attack on the first 44 rounds of SHACAL-2. The attack requires 2²³³ related-key chosen plaintexts, and has a time complexity of 2^497.2 computations. This is better than any previously published cryptanalytic results on SHACAL-2 in terms of the numbers of attacked rounds.

References (20)

Related articles (0)

Figures (0)

Supplementary material (0)

Result List ()

Cited by (1)

© 2008 The Institute of Electronics, Information and Communication Engineers

Favorites & Alerts