RC5

From Wikipedia, the free encyclopedia

RC5

One round (two half-rounds) of the RC5 block cipher
General
Designers Ron Rivest
First published 1994
Successors RC6, Akelarre
Cipher detail
Key sizes 0 to 2040 bits (128 suggested)
Block sizes 32, 64 or 128 bits (64 suggested)
Structure Feistel-like network
Rounds 1-255 (12 suggested originally)
Best public cryptanalysis
12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts.[1]

RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994[2], RC stands for "Rivest Cipher", or alternatively, "Ron's Code" (compare RC2 and RC4). The Advanced Encryption Standard (AES) candidate RC6 was based on RC5.

Contents

[edit] Description

Unlike many schemes, RC5 has a variable block size (32, 64 or 128 bits), key size (0 to 2040 bits) and number of rounds (0 to 255). The original suggested choice of parameters were a block size of 64 bits, a 128-bit key and 12 rounds.

A key feature of RC5 is the use of data-dependent rotations; one of the goals of RC5 was to prompt the study and evaluation of such operations as a cryptographic primitive. RC5 also consists of a number of modular additions and eXclusive OR (XOR)s. The general structure of the algorithm is a Feistel-like network. The encryption and decryption routines can be specified in a few lines of code. The key schedule, however, is more complex, expanding the key using an essentially one-way function with the binary expansions of both e and the golden ratio as sources of "nothing up my sleeve numbers". The tantalising simplicity of the algorithm together with the novelty of the data-dependent rotations has made RC5 an attractive object of study for cryptanalysts.

[edit] Cryptanalysis

12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts.[1] 18–20 rounds are suggested as sufficient protection.

RSA Security, which has a patent on the algorithm[3], offered a series of US$10,000 prizes for breaking ciphertexts encrypted with RC5, but these contests have been discontinued as of May 2007. A number of these challenge problems have been tackled using distributed computing, organised by Distributed.net. Distributed.net has brute-forced RC5 messages encrypted with 56- and 64-bit keys, and is, as of December 3rd, 2002, working on cracking a 72-bit key. At the current rate, it will take approximately 1,000 years to test every possible key, and thus guarantee completion of the project. [1]

[edit] See also

[edit] References

  1. ^ a b Biryukov A. and Kushilevitz E. (1998). Improved Cryptanalysis of RC5. EUROCRYPT 1998.
  2. ^ Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e: 86–96. 
  3. ^ Rivest, R. L, "Block Encryption Algorithm With Data Dependent Rotation", U.S. Patent 5,724,428 , issued on 3 March 1998.

[edit] External links

v  d  e
 
Block ciphers

Common algorithms: AES | Blowfish | DES | Triple DES | Serpent | Twofish

Other algorithms: 3-Way | ABC | Akelarre | Anubis | ARIA | BaseKing | BassOmatic | BATON | BEAR and LION | C2 | Camellia | CAST-128 | CAST-256 | CIKS-1 | CIPHERUNICORN-A | CIPHERUNICORN-E | CLEFIA | CMEA | Cobra | COCONUT98 | Crab | CRYPTON | CS-Cipher | DEAL | DES-X | DFC | E2 | FEAL | FEA-M | FROG | G-DES | GOST | Grand Cru | Hasty Pudding Cipher | Hierocrypt | ICE | IDEA | IDEA NXT | Intel Cascade Cipher | Iraqi | KASUMI | KeeLoq | KHAZAD | Khufu and Khafre | KN-Cipher | Ladder-DES | Libelle | LOKI97 | LOKI89/91 | Lucifer | M6 | M8 | MacGuffin | Madryga | MAGENTA | MARS | Mercy | MESH | MISTY1 | MMB | MULTI2 | MultiSwap | New Data Seal | NewDES | Nimbus | NOEKEON | NUSH | Q | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SAVILLE | SC2000 | SEED | SHACAL | SHARK | Skipjack | SMS4 | Spectr-H64 | Square | SXAL/MBAL | TEA | Treyfer | UES | Xenon | xmx | XTEA | XXTEA | Zodiac

Standardization: AES process | CRYPTREC | NESSIE
v  d  e
 
Cryptography