Memoryless Related-Key Boomerang Attack on 39-Round SHACAL-2

Abstract

SHACAL-2 is a 64-round block cipher based on the compression function of the hash function standard SHA-256. It has a 256-bit block size and a variable length key of up to 512 bits. Up to now, all attacks on more than 37 rounds require at least 2235 bytes of memory. Obviously such attacks will never become of practical interest due to this high amount of space. In this paper we adopt the relate-key boomerang attack and present the first memoryless attack on 39-round SHACAL-2. Our attack only employs 28.5 bytes of memory and thus improves the data complexity of comparable attacks up to a factor of at least 2230, which is a substantial improvement. We do not need to store all the data which gives this low data complexity. The related-key boomerang attack presented in this paper can also be seen as a starting point for more advanced attacks on SHACAL-2. The main advantage of our new attack is that we can proceed the data sequentially instead of parallel as needed for other attacks, which reduces the memory requirements dramatically. © 2009 Springer Berlin Heidelberg.