Filters








48 Hits in 2.0 sec

A Simple Related-Key Attack on the Full SHACAL-1 [chapter]

Eli Biham, Orr Dunkelman, Nathan Keller
2006 Lecture Notes in Computer Science  
This is the first successful related-key key recovery attack on a cipher with varying round constants.  ...  The attack can be mounted using two to eight unknown related keys, where each additional key reduces the time complexity of retrieving the actual values of the keys by a factor of 2 62 .  ...  The best known attack on SHACAL-1 that does not use related-keys is a rectangle attack on 49-round SHACAL-1 [6] .  ... 
doi:10.1007/11967668_2 fatcat:syb2kauxizd2teulrsz5mjq7nm

Amplified Boomerang Attack against Reduced-Round SHACAL [chapter]

Jongsung Kim, Dukjae Moon, Wonil Lee, Seokhie Hong, Sangjin Lee, Seokwon Jung
2002 Lecture Notes in Computer Science  
We can attack 39-step SHACAL with 256-bit key, and 47-step SHACAL with 512-bit key. In addition, we present differential attacks of reduced-round SHACAL with various key sizes.  ...  Using this fact, we discuss the security of SHACAL against an amplified boomerang attack. We find a 36-step boomerang-distinguisher and present attacks on reduced-round SHACAL with various key sizes.  ...  See table 1 for the result of an attack on SHACAL with 128-bit key. Differential Attacks on SHACAL In this section, we present differential attacks on reduced-round SHACAL.  ... 
doi:10.1007/3-540-36178-2_15 fatcat:kxsbeagbwrec3csxr7rwd72ime

Related-Key Rectangle Attack on 42-Round SHACAL-2 [chapter]

Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman
2006 Lecture Notes in Computer Science  
In this paper, we present a related-key rectangle attack on 42-round SHACAL-2, which requires 2 243.38 related-key chosen plaintexts and has a running time of 2 488.37 .  ...  This is the best currently known attack on SHACAL-2.  ...  [14] presented a related-key differential-nonlinear attack on 35-round SHACAL-2 and a related-key rectangle attack on 37-round SHACAL-2, where the latter attack is based on a 33-round related-key rectangle  ... 
doi:10.1007/11836810_7 fatcat:3u6msigytnhmlhyu45dnt74s44

Differential and Rectangle Attacks on Reduced-Round SHACAL-1 [chapter]

Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman
2006 Lecture Notes in Computer Science  
In this paper, we present rectangle attacks on the first 51 rounds and a series of inner 52 rounds of SHACAL-1, and also present differential attacks on the first 49 rounds and a series of inner 55 rounds  ...  These are the best currently known cryptanalytic results on SHACAL-1 in an one key attack scenario.  ...  [8] presented a related-key rectangle attack on the full 80 rounds of SHACAL-1.  ... 
doi:10.1007/11941378_3 fatcat:o6gf2pahznbwjb6wdi5m3krh4e

Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192 [chapter]

Seokhie Hong, Jongsung Kim, Sangjin Lee, Bart Preneel
2005 Lecture Notes in Computer Science  
In this paper we propose a notion of related-key rectangle attack using 4 related keys. It is based on two consecutive related-key differentials which are independent of each other.  ...  Using this attack we can break SHACAL-1 with 512-bit keys up to 70 rounds out of 80 rounds and AES with 192-bit keys up to 8 rounds out of 12 rounds, which are faster than exhaustive search.  ...  Related-Key Rectangle Attack on Reduced Rounds of SHACAL-1 Firstly, we briefly describe SHACAL-1.  ... 
doi:10.1007/11502760_25 fatcat:2eilee52vjexrovriojbf2naqa

Rectangle Attacks on 49-Round SHACAL-1 [chapter]

Eli Biham, Orr Dunkelman, Nathan Keller
2003 Lecture Notes in Computer Science  
SHACAL-1 is a 160-bit block cipher with variable key length of up to 512-bit key based on the hash function SHA-1.  ...  It was submitted to the NESSIE project and was accepted as a finalist for the 2nd phase of the evaluation. In this paper we present rectangle attacks on 49 rounds out of the 80 rounds of SHACAL-1.  ...  In [9] an algorithm for identifying whether two SHACAL-1 encryptions use related keys is presented.  ... 
doi:10.1007/978-3-540-39887-5_3 fatcat:jtshk5szjbd2zix4xgujnknj7q

Analysis of a SHA-256 Variant [chapter]

Hirotaka Yoshida, Alex Biryukov
2006 Lecture Notes in Computer Science  
Using the 31-round distinguisher, we present an attack on SHACAL-2-XOR with up to 32 rounds. We also show that no 2-round iterative patterns with probability higher than 2 −16 exist.  ...  We will present a differential attack on these constructions by using one-round iterative differential characteristics with probability 2 −8 we identified.  ...  on SHACAL-2[22] 32 2 43.4 CP 2 504.2 2 48.4 Related-Key Rectangle attack on SHACAL-2[15] 37 2 43.2 RK-CP 2 484.95 2 238.16 Distinguisher attack on SHACAL-2-XOR in this paper 31 2 248 CP 2 248  ... 
doi:10.1007/11693383_17 fatcat:xsk2ewabnze3tawkzeixvofg34

Cryptanalysis of Block Ciphers Based on SHA-1 and MD5 [chapter]

Markku-Juhani O. Saarinen
2003 Lecture Notes in Computer Science  
We discuss a related-key attack against SHACAL-1 and present a method for finding "slid pairs" for it. We also present simple attacks against MDC-MD5 and the Kaliski-Robshaw block cipher.  ...  We cryptanalyse some block cipher proposals that are based on dedicated hash functions SHA-1 and MD5.  ...  A version of SHACAL-1 reduced to three rounds (60 iterations) will require 2 64 pairs (only two transitions).  ... 
doi:10.1007/978-3-540-39887-5_4 fatcat:jqc64phi7bcdbgyfbogiwecig4

All Subkeys Recovery Attack on Block Ciphers: Extending Meet-in-the-Middle Approach [chapter]

Takanori Isobe, Kyoji Shibutani
2013 Lecture Notes in Computer Science  
We apply our approach called all subkeys recovery (ASR) attack to block ciphers employing a complex key schedule such as CAST-128, SHACAL-2, KATAN, FOX128 and Blowfish, and present the best attacks on  ...  them with respect to the number of attacked rounds in literature.  ...  Basic ASR Attack on 37-Step Reduced SHACAL-2 We directly apply the ASR attack described in Section 3 to SHACAL-2. This leads to the attack on the 37-step reduced SHACAL-2.  ... 
doi:10.1007/978-3-642-35999-6_14 fatcat:7wsv7lx4pvdndd5nbziis63fji

Improved All-Subkeys Recovery Attacks on FOX, KATAN and SHACAL-2 Block Ciphers [chapter]

Takanori Isobe, Kyoji Shibutani
2015 Lecture Notes in Computer Science  
Moreover, the improved ASR attacks on the 119-, 105and 99-round reduced KATAN32, KATAN48 and KATAN64, and the 42-round reduced SHACAL-2 are also presented, respectively.  ...  Similarly, S can be computed from the corresponding ciphertext C and another set of subkey bits ⋆ In the related-key setting, the attacks on the 174-, 145-, 130-and 44-round reduced KATAN32, KATAN48, KATAN64  ...  Then, we propose a 42-round attack on SHACAL-2, based on the 41-round attack on SHACAL-2 [13] .  ... 
doi:10.1007/978-3-662-46706-0_6 fatcat:y773ga26wvbx7nturdgrfbc26a

Analysis of Boomerang Differential Trails via a SAT-Based Constraint Solver URSA [chapter]

Aleksandar Kircanski
2015 Lecture Notes in Computer Science  
In this paper, we propose the use of a SAT-based constraint solver URSA as aid in analysis of differential trails and find that previous rectangle/boomerang attacks on XTEA and SHACAL-1 block ciphers and  ...  In order to obtain differential patterns over many rounds of a cryptographic primitive, the cryptanalyst often needs to work on local differential trail analysis.  ...  On the incompatibility of XTEA trails [31] The key-recovery attack on 36-reduced-round XTEA [31] is a related-key attack since it requires differences in the key bits (as well as in plaintexts).  ... 
doi:10.1007/978-3-319-28166-7_16 fatcat:ltcgqqdqjjb3pgbxiqb4aqrwey

Revisiting key schedule's diffusion in relation with round function's diffusion

Jialin Huang, Xuejia Lai
2013 Designs, Codes and Cryptography  
This reminds us of the importance of the diffusion's relation between key schedule and round function.  ...  One major cause is that overlapping between the diffusion of key schedule and round function leads to information leakage of key bits.  ...  The best single-key attacks for SHACAL-2 are differential-linear attack on 32-round [19] and differentialnonlinear attack on 33-round [20] . Our attack is for 0-39 rounds with 512-bit keys.  ... 
doi:10.1007/s10623-013-9804-9 fatcat:7upebzo54ja3leivrflgbrzkhq

Second-Order Differential Collisions for Reduced SHA-256 [chapter]

Alex Biryukov, Mario Lamberger, Florian Mendel, Ivica Nikolić
2011 Lecture Notes in Computer Science  
Our analysis also exposes flaws in all of the previously published related-key rectangle attacks on the SHACAL-2 block cipher, which is based on SHA-256.  ...  We provide valid rectangles for 48 steps of SHACAL-2.  ...  Application to SHACAL-2 In the past several related-key rectangle attacks have been published for the SHACAL-2 block cipher [11, 19, 23, 24, 38] .  ... 
doi:10.1007/978-3-642-25385-0_15 fatcat:p4det7oor5h5rntocdrstjvmjy

Cryptanalysis on Block Ciphers [chapter]

2015 Security of Block Ciphers  
at Xidian University for initiating me into the field of cryptography during my master studies.  ...  Special thanks go to my wife Xiaoyan Yan for her support, who had to get accustomed to a rather different culture, has experienced and is still to experience every moment of my happiness and sadness.  ...  rectangle attack on 44-round SHACAL-2. • A related-key rectangle attack on 36-round XTEA. • An impossible differential attack on 25-round reduced HIGHT, a related-key rectangle attack on 26-round reduced  ... 
doi:10.1002/9781118660027.ch4 fatcat:zv7gnyul4rgrzhdvmzodgvarxa

Algebraic Fault Analysis of SHA-256 Compression Function and Its Application

Kazuki Nakamura, Koji Hori, Shoichi Hirose
2021 Information  
We also conducted an AFA for the SHACAL-2 block cipher and an AFA for the SHA-256 compression function, enabling almost universal forgery of the chopMD-MAC function.  ...  They also presented an almost universal forgery attack on HMAC-SHA-256 using this result.  ...  Figure 2 . 2 Figure 2. Round function of SHA-256 compression function.  ... 
doi:10.3390/info12100433 fatcat:3gmb4yly45dwrmwinzolkmbhsa
« Previous Showing results 1 — 15 out of 48 results