Misplaced Pages

SHACAL

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

SHACAL-1 (originally simply SHACAL ) is a 160-bit block cipher based on SHA-1 , and supports keys from 128-bit to 512-bit. SHACAL-2 is a 256-bit block cipher based upon the larger hash function SHA-256 .

#182817

12-537: Both SHACAL-1 and SHACAL-2 were selected for the second phase of the NESSIE project. However, in 2003, SHACAL-1 was not recommended for the NESSIE portfolio because of concerns about its key schedule, while SHACAL-2 was finally selected as one of the 17 NESSIE finalists. SHACAL-1 is based on the following observation of SHA-1: The hash function SHA-1 is designed around a compression function . This function takes as input

24-461: A "*". Most may be used by anyone for any purpose without needing to seek a patent license from anyone; a license agreement is needed for those marked with a "#", but the licensors of those have committed to "reasonable non-discriminatory license terms for all interested", according to a NESSIE project press release. None of the six stream ciphers submitted to NESSIE were selected because every one fell to cryptanalysis . This surprising result led to

36-463: A 160-bit state and a 512-bit data word and outputs a new 160-bit state after 80 rounds. The hash function works by repeatedly calling this compression function with successive 512-bit data blocks and each time updating the state accordingly. This compression function is easily invertible if the data block is known, i.e. given the data block on which it acted and the output of the compression function, one can compute that state that went in. SHACAL-1 turns

48-654: A 4×4-bit one used at the beginning of each round, and a 5×5-bit one and 6×6-bit one used in the Feistel network. No analysis of the full SC2000 has been announced, but a reduced version of 4.5 rounds is susceptible to linear cryptanalysis , and a reduced version of 5 rounds is susceptible to differential cryptanalysis . In 2014, Alex Biryukov and Ivica Nikolić found a weakness in the key schedule of SC2000 which allows an attacker to find colliding keys which result in identical encryptions in just 2 time for 256 bit keys. They proved that there are 2 colliding key pairs and

60-700: Is both overlap and disagreement between the selections and recommendations from NESSIE and CRYPTREC (as of the August 2003 draft report). The NESSIE participants include some of the foremost active cryptographers in the world, as does the CRYPTREC project. NESSIE was intended to identify and evaluate quality cryptographic designs in several categories, and to that end issued a public call for submissions in March 2000. Forty-two were received, and in February 2003 twelve of

72-588: Is the best currently known cryptanalytic result on SHACAL-2. NESSIE NESSIE ( New European Schemes for Signatures, Integrity and Encryption ) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives . The project was comparable to the NIST AES process and the Japanese Government-sponsored CRYPTREC project, but with notable differences from both. In particular, there

84-416: The eSTREAM project. Entrants that did not get past the first stage of the contest include Noekeon , Q , Nimbus , NUSH , Grand Cru , Anubis , Hierocrypt , SC2000 , and LILI-128 . The contractors and their representatives in the project were: SC2000 In cryptography , SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but

96-493: The SHA-1 compression function into a block cipher by using the state input as the data block and using the data input as the key input. In other words, SHACAL-1 views the SHA-1 compression function as an 80-round, 160-bit block cipher with a 512-bit key. Keys shorter than 512 bits are supported by padding them with zeros. SHACAL-1 is not intended to be used with keys shorter than 128 bits. In the paper "Related-key rectangle attack on

108-441: The first 49 rounds and a series of 55 inner rounds of SHACAL-1. These are the best currently known cryptanalytic results on SHACAL-1 in a single key attack scenario. In the paper "Related-Key Rectangle Attack on 42-Round SHACAL-2", Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman presented a related-key rectangle attack on 42-round SHACAL-2. In 2008 Lu and Kim presented a related-key rectangle attack on 44-round SHACAL-2. This

120-417: The full SHACAL-1", 2006, Orr Dunkelman, Nathan Keller and Jongsung Kim presented a related-key rectangle attack on the full 80 rounds of SHACAL-1. In the paper "Differential and Rectangle Attacks on Reduced-Round SHACAL-1", Jiqiang Lu, Jongsung Kim, Nathan Keller and Orr Dunkelman presented rectangle attacks on the first 51 rounds and a series of 52 inner rounds of SHACAL-1 and presented differential attacks on

132-419: The submissions were selected. In addition, five algorithms already publicly known, but not explicitly submitted to the project, were chosen as "selectees". The project has publicly announced that "no weaknesses were found in the selected designs". The selected algorithms and their submitters or developers are listed below. The five already publicly known, but not formally submitted to the project, are marked with

SECTION 10

#1732798566183

144-444: Was not selected. It was among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, has been dropped to "candidate" by CRYPTREC revision in 2013. The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using 6.5 or 7.5 rounds of encryption. Each round consists of S-box lookups, key additions, and an unkeyed two-round Feistel network . There are 3 S-boxes:

#182817