SHACAL-1 (originally simply SHACAL) is a 160-bit block cipher based on SHA-1, and supports keys from 128-bit to 512-bit.

This compression function is easily invertible if the data block is known, i.e. given the data block on which it acted and the output of the compression function, one can compute that state that went in.

In other words, SHACAL-1 views the SHA-1 compression function as an 80-round, 160-bit block cipher with a 512-bit key.

In the paper "Related-key rectangle attack on the full SHACAL-1", 2006, Orr Dunkelman, Nathan Keller and Jongsung Kim presented a related-key rectangle attack on the full 80 rounds of SHACAL-1.

In the paper "Related-Key Rectangle Attack on 42-Round SHACAL-2", Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman presented a related-key rectangle attack on 42-round SHACAL-2.