ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2014, Vol. 51 ›› Issue (10): 2329-2335.doi: 10.7544/issn1000-1239.2014.20130639

• 信息安全 • 上一篇    下一篇



  1. (北京科技大学数理学院 北京 100083) (
  • 出版日期: 2014-10-01
  • 基金资助: 

Biclique Cryptanalysis of Block Cipher SHACAL2

Zheng Yafei, Wei Hongru   

  1. (School of Mathematics and Physics, University of Science and Technology Beijing, Beijing 100083)
  • Online: 2014-10-01

摘要: 分组密码算法SHACAL2是由Handschuh等人于2002年基于标准散列函数SHA2设计的,具有较高的安全性.利用SHACAL2算法密钥生成策略与扩散层的特点,构造了SHACAL2的首18轮32维Biclique.基于构造的Biclique对完整64轮SHACAL2算法应用Biclique攻击.分析结果表明,Biclique攻击恢复64轮SHACAL2密钥的数据复杂度不超过2\+{224}已知明文,时间复杂度约为2\+{511.18}次全轮加密.与已知分析结果相比,Biclique攻击所需的数据复杂度明显降低,且计算复杂度优于穷举攻击.对全轮的SHACAL2算法,Biclique攻击是一种相对有效的攻击方法.这是首次对SHACAL2算法的单密钥全轮攻击.

关键词: 分组密码, SHACAL2, Biclique攻击, 中间相遇攻击, 复杂度

Abstract: SHACAL2 is a block cipher designed by Handschuh H. et al based on the standard Hash function SHA2 in 2002. It one of the European standard block ciphers, and has relatively high security because of its long block length and key length, which are 256b and 512b respectively. There have been a few security analysis results about SHACAL2, such as impossible differential cryptanalysis and related-key rectangle attack on reduced rounds of SHACAL2. Taking advantage of the characteristics of the key schedule and the permutation layer of block cipher SHACAL2, 18-round 32-dimensional Biclique of the first eight rounds of SHACAL2 is constructed. Based on the Biclique constructed, Biclique attack is applied to the whole 64-round SHACAL2. And the results show that, using Biclique attack to recover the whole 512b key information of 64-round SHACAL2, the data complexity is no more than 2\+{224} chosen plaintexts, and the time complexity is 2\+{511.18} 64-round encryptions. Compared with the known analysis results, the data complexity of Biclique attack decreased obviously, and the time complexity is better than exhaustive search. For whole round SHACAL2,Biclique attack is a relatively effective method. This is the first single-key attack for whole round SHACAL2.

Key words: block cipher, SHACAL2, Biclique attack, meet-in-the-middle (MITM) attack, complexity