Abstract. SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1. It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of the evaluation. In this paper we present rectangle attacks on 49 rounds out of the 80 rounds of SHACAL-1. The attacks require 2 151.9 chosen plaintexts or ciphertexts and have time complexity of 2 508.5 49round SHACAL-1 encryptions. These are the best known attacks against SHACAL-1. In this paper we also identify and fix some flaws in previous attacks on SHACAL-1.
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.