RC5
|
|
| RC5 | |||
| |||
| General | |||
| Designer(s) | Ron Rivest | ||
| First published | 1994 | ||
| Derived from | - | ||
| Cipher(s) based on this design | RC6, Akelarre | ||
| Algorithm detail | |||
| Block size(s) | 32, 64 or 128 bits (64 suggested) | ||
| Key size(s) | 0 to 2040 bits (128 suggested) | ||
| Structure | Feistel network | ||
| Number of rounds | 12 suggested originally | ||
| Best cryptanalysis | |||
| 12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts (Biryukov and Kushilevitz, 1998). | |||
RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code" (compare RC2 and RC4). The AES candidate RC6 was based on RC5.
| Contents |
Description
Unlike many schemes, RC5 has a variable block size (32, 64 or 128 bits), key size (0 to 2040 bits) and number of rounds (0 to 255). The original suggested choice of parameters were a block size of 64 bits, a 128-bit key and 12 rounds.
A key feature of RC5 is the use of data-dependent rotations; one of the goals of RC5 was to prompt the study and evaluation of such operations as a cryptographic primitive. RC5 also consists of a number of modular additions and eXclusive OR (XOR)s. The general structure of the algorithm is a Feistel-like network. The encryption and decryption routines can be specified in a few lines of code, although the key schedule is more complex. The tantalising simplicity of the algorithm together with the novelty of the data-dependent rotations has made RC5 an attractive object of study for cryptanalysts.
Cryptanalysis
12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts (Biryukov and Kushilevitz, 1998). 18–20 rounds are suggested as sufficient protection.
RSA Security, who have a patent on the algorithm (US patent #5,724,428), offer a series of US$10,000 prizes for breaking ciphertexts encrypted with RC5. A number of these challenge problems have been tackled using distributed computing, organised by Distributed.net. Distributed.net has brute-forced RC5 messages encrypted 56- and 64-bit keys, and is, as of June 2005, working on cracking a 72-bit key.
See also
References
- Biryukov A. and Kushilevitz E. (1998). Improved Cryptanalysis of RC5. EUROCRYPT 1998.
- Rivest, R. L. (1998). Block Encryption Algorithm with Data Dependent Rotation. Patent No. 5,724,428 issued 3rd March 1998.
- Rivest, R. L. (1994). The RC5 Encryption Algorithm. In the Proceedings of the Second Intenational Workshop on Fast Software Encryption (FSE) 1994, p86–96 (PDF) (http://theory.lcs.mit.edu/~rivest/Rivest-rc5rev.pdf).
- Rivest, R. L, "Block Encryption Algorithm With Data Dependent Rotation", US patent #5,724,428, issued on 3 March 1998.
External links
- SCAN's entry for the cipher (http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC5)
- RSA Laboratories FAQ — What are RC5 and RC6? (http://www.rsasecurity.com/rsalabs/node.asp?id=2251)
- Helger Lipmaa's links on RC5 (http://www.cs.ut.ee/~helger/crypto/link/block/rc5.php)
- RSA's patent via Google. (http://www.google.com/search?q=Patent+5724428)
| Block ciphers edit (https://academickids.com:443/encyclopedia/index.php?title=Template:Block_ciphers&action=edit) |
| Algorithms: 3-Way | AES | Akelarre | Blowfish | Camellia | CAST-128 | CAST-256 | CMEA | DEAL | DES | DES-X | FEAL | FOX | FROG | G-DES | GOST | ICE | IDEA | Iraqi | KASUMI | KHAZAD | Khufu and Khafre | LOKI89/91 | LOKI97 | Lucifer | MacGuffin | Madryga | MAGENTA | MARS | MISTY1 | MMB | NewDES | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SEED | Serpent | SHACAL | SHARK | Skipjack | Square | TEA | Triple DES | Twofish | XTEA |
| Design: Feistel network | Key schedule | Product cipher | S-box | SPN Attacks: Brute force | Linear / Differential cryptanalysis | Mod n | XSL Standardisation: AES process | CRYPTREC | NESSIE Misc: Avalanche effect | Block size | IV | Key size | Modes of operation | Piling-up lemma | Weak key |