Memoryless Related-Key Boomerang Attack on 39-Round SHACAL-2

  • Ewan Fleischmann
  • Michael Gorski
  • Stefan Lucks
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5451)


SHACAL-2 is a 64-round block cipher based on the compression function of the hash function standard SHA-256. It has a 256-bit block size and a variable length key of up to 512 bits. Up to now, all attacks on more than 37 rounds require at least 2235 bytes of memory. Obviously such attacks will never become of practical interest due to this high amount of space. In this paper we adopt the relate-key boomerang attack and present the first memoryless attack on 39-round SHACAL-2. Our attack only employs 28.5 bytes of memory and thus improves the data complexity of comparable attacks up to a factor of at least 2230, which is a substantial improvement. We do not need to store all the data which gives this low data complexity. The related-key boomerang attack presented in this paper can also be seen as a starting point for more advanced attacks on SHACAL-2. The main advantage of our new attack is that we can proceed the data sequentially instead of parallel as needed for other attacks, which reduces the memory requirements dramatically.


SHACAL-2 block cipher differential cryptanalysis related-key boomerang attack memoryless attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. J. Cryptology 7(4), 229–246 (1994)CrossRefzbMATHGoogle Scholar
  2. 2.
    Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507–525. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. J. Cryptology 4(1), 3–72 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Handschuh, H., Naccache, D.: SHACAL: A Family of Block Ciphers. Submission to the NESSIE project (2002),
  5. 5.
    Hong, S.H., Kim, J.-S., Kim, G., Sung, J., Lee, C.-H., Lee, S.-J.: Impossible Differential Attack on 30-Round SHACAL-2. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 97–106. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Hong, S.H., Kim, J.-S., Lee, S.-J., Preneel, B.: Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 368–383. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Kelsey, J., Schneier, B., Wagner, D.: Rlated-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Kim, J., Kim, G., Hong, S., Lee, S., Hong, D.: The Related-Key Rectangle Attack - Application to SHACAL-1. In: Wang, et al. (eds.) [19], pp. 123–136 (2004)Google Scholar
  9. 9.
    Kim, J.-S., Kim, G., Lee, S.-J., Lim, J.-I., Song, J.: Related-Key Attacks on Reduced Rounds of SHACAL-2. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 175–190. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Knudsen, L.R.: Cryptanalysis of LOKI91. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 196–208. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  11. 11.
    Lu, J., Kim, J.: Attacking 44 rounds of the shacal-2 block cipher using related-key rectangle cryptanalysis. IEICE Transactions 91-A(9), 2588–2596 (2008)CrossRefGoogle Scholar
  12. 12.
    Lu, J., Kim, J.-S., Keller, N., Dunkelman, O.: Related-Key Rectangle Attack on 42-Round SHACAL-2. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 85–100. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
  14. 14.
    National Institute of Standards and Technology. FIPS 180-1: Secure Hash Standard (April 1995),
  15. 15.
    National Institute of Standards and Technology. FIPS 180-2: Secure Hash Standard (August 2002),
  16. 16.
    Shin, Y., Kim, J., Kim, G., Hong, S., Lee, S.: Differential-Linear Type Attacks on Reduced Rounds of SHACAL-2. In: Wang, et al. (eds.) [19], pp. 110–122 (2004)Google Scholar
  17. 17.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.
    Wang, G.: Related-Key Rectangle Attack on 43-Round SHACAL-2. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 33–42. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Wang, H., Pieprzyk, J., Varadharajan, V. (eds.): ACISP 2004. LNCS, vol. 3108. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ewan Fleischmann
    • 1
  • Michael Gorski
    • 1
  • Stefan Lucks
    • 1
  1. 1.Bauhaus-University WeimarGermany

Personalised recommendations