World Library  
Flag as Inappropriate
Email this Article


Article Id: WHEBN0000877495
Reproduction Date:

Title: Shacal  
Author: World Heritage Encyclopedia
Language: English
Subject: Crab (cipher), Block cipher, SHA-1, Cobra ciphers, Xor-encrypt-xor
Collection: Block Ciphers
Publisher: World Heritage Encyclopedia


Designers Helena Handschuh, David Naccache
Derived from SHA-1, SHA-256
Related to Crab
Certification NESSIE (SHACAL-2)
Cipher detail
Key sizes 128 to 512 bits
Block sizes 160 bits (SHACAL-1),
256 bits (SHACAL-2)
Structure Cryptographic hash function
Rounds 80

SHACAL-1 (originally simply SHACAL) is a 160-bit block cipher based on SHA-1, and supports keys from 128-bit to 512-bit. SHACAL-2 is a 256-bit block cipher based upon the larger hash function SHA-256.

Both SHACAL-1 and SHACAL-2 were selected for the second phase of the NESSIE project. However, in 2003, SHACAL-1 was not recommended for the NESSIE portfolio because of concerns about its key schedule, while SHACAL-2 was finally selected as one of the 17 NESSIE finalists.


  • Design 1
  • Security of SHACAL-1 2
  • Security of SHACAL-2 3
  • External links 4
  • References 5


SHACAL-1 is based on the following observation of SHA-1:

The hash function SHA-1 is designed around a compression function. This function takes as input a 160-bit state and a 512-bit data word and outputs a new 160-bit state after 80 rounds. The hash function works by repeatedly calling this compression function with successive 512-bit data blocks and each time updating the state accordingly. This compression function is easily invertible if the data block is known, i.e. given the data block on which it acted and the output of the compression function, one can compute that state that went in.

SHACAL-1 turns the SHA-1 compression function into a block cipher by using the state input as the data block and using the data input as the key input. In other words SHACAL-1 views the SHA-1 compression function as an 80-round, 160-bit block cipher with a 512-bit key. Keys shorter than 512 bits are supported by padding them with zero up to 512. SHACAL-1 is not intended to be used with keys shorter than 128-bit.

Security of SHACAL-1

In the paper "Related-key rectangle attack on the full SHACAL-1", 2006, Orr Dunkelman, Nathan Keller and Jongsung Kim presented a related-key rectangle attack on the full 80 rounds of SHACAL-1.

In the paper "Differential and Rectangle Attacks on Reduced-Round SHACAL-1", Jiqiang Lu, Jongsung Kim, Nathan Keller and Orr Dunkelman presented rectangle attacks on the first 51 rounds and a series of 52 inner rounds of SHACAL-1 and presented differential attacks on the first 49 rounds and a series of 55 inner rounds of SHACAL-1. These are the best currently known cryptanalytic results on SHACAL-1 in a single key attack scenario.

Security of SHACAL-2

In the paper "Related-Key Rectangle Attack on 42-Round SHACAL-2", Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman presented a related-key rectangle attack on 42-round SHACAL-2.

In 2008 Lu and Kim presented a related-key rectangle attack on 44-round SHACAL-2. This is the best currently known cryptanalytic result on SHACAL-2.

External links

  • Nathan Keller's homepage


  • Helena Handschuh,  
  • Seokhie Hong, Jongsung Kim, Guil Kim, Jaechul Sung, Changhoon Lee, Sangjin Lee (December 2003). "4th International Conference on Cryptology in India ( 
  • Jongsung Kim, Guil Kim, Sangjin Lee, Jongin Lim, Junghwan Song (December 2004). "INDOCRYPT 2004".  
  • Jongsung Kim, Guil Kim, Seokhie Hong, Sangjin Lee, Dowon Hong (July 2004). "9th Australasian Conference on Information Security and Privacy (ACISP 2004)".  
  • Jongsung Kim, Dukjae Moon, Wonil Lee, Seokhie Hong, Sangjin Lee, Seokwon Jung (December 2002). " 
  • Markku-Juhani Olavi Saarinen (February 2003). "FSE '03" (PDF). Lund: Springer-Verlag. pp. 36–44. Retrieved 2007-07-02. 
  • YongSup Shin, Jongsung Kim, Guil Kim, Seokhie Hong, Sangjin Lee (July 2004). "ACISP 2004". Sydney: Springer-Verlag. pp. 110–122. 
  • Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman (2006). "Information Security, 9th International Conference (ISC 2006)" (PDF).  
  • Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman (December 2006). "INDOCRYPT 2006" (PDF).  
  • O. Dunkelman, N. Keller, J. Kim (August 2006). " (SAC 2006), to appear" (PostScript).  
  • Jiqiang Lu, Jongsung Kim (2008-9). "IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences" (PDF). IEICE. pp. 2599–2596. Retrieved 2012-01-30. 
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.