The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
SHACAL-2 est un chiffrement par bloc de 64 tours avec une taille de bloc de 256 bits et une clé de longueur variable allant jusqu'à 512 bits. Il s'agit d'un algorithme de chiffrement par blocs sélectionné par NESSIE. Dans cet article, nous observons que, en vérifiant si un quatuor candidat est utile dans une attaque de rectangle (à clé liée), nous pouvons vérifier les deux paires du quatuor l'une après l'autre, au lieu de les vérifier simultanément ; si la première paire ne remplit pas les conditions attendues, nous pouvons immédiatement éliminer le quatuor. Nous exploitons ensuite un distingueur rectangulaire à clé associée de 35 tours avec une probabilité de 2.- 460 pour les 35 premiers tours de SHACAL-2, qui est construit sur un différentiel à clé connexe existant de 24 tours et un nouveau différentiel de 10 tours. Enfin, profitant de l'observation ci-dessus, nous utilisons le distingueur pour monter une attaque rectangulaire à touches associées sur les 44 premiers tours de SHACAL-2. L'attaque nécessite 2233 textes clairs choisis avec des clés associées, et a une complexité temporelle de 2497.2 calculs. C’est mieux que tous les résultats cryptanalytiques publiés précédemment sur SHACAL-2 en termes de nombre de tours attaqués.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Jiqiang LU, Jongsung KIM, "Attacking 44 Rounds of the SHACAL-2 Block Cipher Using Related-Key Rectangle Cryptanalysis" in IEICE TRANSACTIONS on Fundamentals,
vol. E91-A, no. 9, pp. 2588-2596, September 2008, doi: 10.1093/ietfec/e91-a.9.2588.
Abstract: SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. It is a NESSIE selected block cipher algorithm. In this paper, we observe that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, we can check the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, we can discard the quartet immediately. We next exploit a 35-round related-key rectangle distinguisher with probability 2-460 for the first 35 rounds of SHACAL-2, which is built on an existing 24-round related-key differential and a new 10-round differential. Finally, taking advantage of the above observation, we use the distinguisher to mount a related-key rectangle attack on the first 44 rounds of SHACAL-2 . The attack requires 2233 related-key chosen plaintexts, and has a time complexity of 2497.2 computations. This is better than any previously published cryptanalytic results on SHACAL-2 in terms of the numbers of attacked rounds.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1093/ietfec/e91-a.9.2588/_p
Copier
@ARTICLE{e91-a_9_2588,
author={Jiqiang LU, Jongsung KIM, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Attacking 44 Rounds of the SHACAL-2 Block Cipher Using Related-Key Rectangle Cryptanalysis},
year={2008},
volume={E91-A},
number={9},
pages={2588-2596},
abstract={SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. It is a NESSIE selected block cipher algorithm. In this paper, we observe that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, we can check the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, we can discard the quartet immediately. We next exploit a 35-round related-key rectangle distinguisher with probability 2-460 for the first 35 rounds of SHACAL-2, which is built on an existing 24-round related-key differential and a new 10-round differential. Finally, taking advantage of the above observation, we use the distinguisher to mount a related-key rectangle attack on the first 44 rounds of SHACAL-2 . The attack requires 2233 related-key chosen plaintexts, and has a time complexity of 2497.2 computations. This is better than any previously published cryptanalytic results on SHACAL-2 in terms of the numbers of attacked rounds.},
keywords={},
doi={10.1093/ietfec/e91-a.9.2588},
ISSN={1745-1337},
month={September},}
Copier
TY - JOUR
TI - Attacking 44 Rounds of the SHACAL-2 Block Cipher Using Related-Key Rectangle Cryptanalysis
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 2588
EP - 2596
AU - Jiqiang LU
AU - Jongsung KIM
PY - 2008
DO - 10.1093/ietfec/e91-a.9.2588
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E91-A
IS - 9
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - September 2008
AB - SHACAL-2 is a 64-round block cipher with a 256-bit block size and a variable length key of up to 512 bits. It is a NESSIE selected block cipher algorithm. In this paper, we observe that, when checking whether a candidate quartet is useful in a (related-key) rectangle attack, we can check the two pairs from the quartet one after the other, instead of checking them simultaneously; if the first pair does not meet the expected conditions, we can discard the quartet immediately. We next exploit a 35-round related-key rectangle distinguisher with probability 2-460 for the first 35 rounds of SHACAL-2, which is built on an existing 24-round related-key differential and a new 10-round differential. Finally, taking advantage of the above observation, we use the distinguisher to mount a related-key rectangle attack on the first 44 rounds of SHACAL-2 . The attack requires 2233 related-key chosen plaintexts, and has a time complexity of 2497.2 computations. This is better than any previously published cryptanalytic results on SHACAL-2 in terms of the numbers of attacked rounds.
ER -