SHACAL-1 and SHACAL-2 are block ciphers based on cryptographic hash function from the SHA family. It was designed by Helena Handschuh and David Naccache, both cryptographers from the smart card manufacturer Gemplus .

SHACAL-1 (originally simply SHACAL) is a 160-bit block cipher based on SHA-1, and supports keys from 128-bit to 512-bit. SHACAL-2 is a 256-bit block cipher based upon the larger hash function SHA-256.

In 2003, SHACAL-2 was selected by the NESSIE project as one of their 17 recommended algorithms.

Design

SHACAL is based on the following observation of SHA-1:

The hash function SHA-1 is designed around a compression function. This function takes as input a 160-bit state and a 512-bit data word and outputs a new 160-bit state. The hash function works by repeatedly calling this compression function with successive 512-bit data blocks and each time updating the state accordingly. This compression function is easily invertible if the data block is known, i.e. given the data block on which it acted and the output of the compression function, one can compute that state that went in.

SHACAL turns the SHA-1 compression function into a block cipher by using the state input as the data block and using the data input as the key input. In other words SHACAL views the SHA-1 compression function as 160-bit block cipher with a 512-bit key

Keys shorter than 512 bits are supported by padding them with zero up to 512. SHACAL is not intended to be used with keys shorter than 128 bit.

References

• Eli Biham, Orr Dunkelman, Nathan Keller: Rectangle Attacks on 49-Round SHACAL-1. FSE 2003: pp22–35
• Helena Handschuh, Lars R. Knudsen, Matthew J. B. Robshaw: Analysis of SHA-1 in Encryption Mode. CT-RSA 2001: pp70–83
• Seokhie Hong, Jongsung Kim, Guil Kim, Jaechul Sung, Changhoon Lee, Sangjin Lee: Impossible Differential Attack on 30-Round SHACAL-2. INDOCRYPT 2003: pp97–106
• Jongsung Kim, Guil Kim, Sangjin Lee, Jongin Lim and Junghwan Song, Related-Key Attacks on Reduced Rounds of SHACAL-2, INDOCRYPT 2004, pp175-190.
• Jongsung Kim, Guil Kim, Seokhie Hong, Sangjin Lee, Dowon Hong: The Related-Key Rectangle Attack — Application to SHACAL-1. ACISP 2004: pp123–136
• Jongsung Kim, Dukjae Moon, Wonil Lee, Seokhie Hong, Sangjin Lee, Seokwon Jung: Amplified Boomerang Attack against Reduced-Round SHACAL. ASIACRYPT 2002: pp243–253
• Markku-Juhani Olavi Saarinen: Cryptanalysis of Block Ciphers Based on SHA-1 and MD5. FSE 2003: pp36–44
• YongSup Shin, Jongsung Kim, Guil Kim, Seokhie Hong, Sangjin Lee: Differential-Linear Type Attacks on Reduced Rounds of SHACAL-2. ACISP 2004: pp110–122