The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
RFC 2040
Document | Type |
RFC - Informational
(October 1996; Errata)
Was draft-baldwin-rc5 (individual)
|
|
---|---|---|---|
Authors | Robert Baldwin , Ronald Rivest | ||
Last updated | 2020-01-21 | ||
Stream | Legacy | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 2040 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group R. Baldwin Request for Comments: 2040 RSA Data Security, Inc. Category: Informational R. Rivest MIT Laboratory for Computer Science and RSA Data Security, Inc. October 1996 The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms Status of this Memo This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Acknowledgments We would like to thank Steve Dusse, Victor Chang, Tim Mathews, Brett Howard, and Burt Kaliski for helpful suggestions. Table of Contents 1. Executive Summary ....................... 1 2. Overview ................................ 2 3. Terminology and Notation ................ 3 4. Description of RC5 Keys ................. 4 5. Description of RC5 Key Expansion ........ 6 6. Description of RC5 Block Cipher ......... 10 7. Description of RC5-CBC and RC5-CBC-Pad .. 12 8. Description of RC5-CTS .................. 18 9. Test Program and Vectors ................ 19 10. Security Considerations ................. 26 11. ASN.1 Identifiers ....................... 28 References ........................................ 28 Authors' Addresses ................................ 29 1. Executive Summary This document defines four ciphers with enough detail to ensure interoperability between different implementations. The first cipher is the raw RC5 block cipher. The RC5 cipher takes a fixed size input block and produces a fixed sized output block using a transformation that depends on a key. The second cipher, RC5-CBC, is the Cipher Block Chaining (CBC) mode for RC5. It can process messages whose length is a multiple of the RC5 block size. The third cipher, RC5- CBC-Pad, handles plaintext of any length, though the ciphertext will be longer than the plaintext by at most the size of a single RC5 Baldwin & Rivest Informational [Page 1] RFC 2040 RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS October 1996 block. The RC5-CTS cipher is the Cipher Text Stealing mode of RC5, which handles plaintext of any length and the ciphertext length matches the plaintext length. The RC5 cipher was invented by Professor Ronald L. Rivest of the Massachusetts Institute of Technology in 1994. It is a very fast and simple algorithm that is parameterized by the block size, the number of rounds, and key length. These parameters can be adjusted to meet different goals for security, performance, and exportability. RSA Data Security Incorporated has filed a patent application on the RC5 cipher and for trademark protection for RC5, RC5-CBC, RC5-CBC- Pad, RC5-CTS and assorted variations. 2. Overview This memo is a restatement of existing published material. The description of RC5 follows the notation and order of explanation found in the original RC5 paper by Professor Rivest [2]. The CBC mode appears in reference works such as the one by Bruce Schneier [6]. The CBC-Pad mode is the same as in the Public Key Cryptography Standard (PKCS) number five [5]. Sample C code [8] is included for clarity only and is equivalent to the English language descriptions. The ciphers will be explained in a bottom up object-oriented fashion. First, RC5 keys will be presented along with the key expansion algorithm. Second, the RC5 block cipher is explained, and finally, the RC5-CBC and RC5-CBC-Pad ciphers are specified. For brevity, only the encryption process is described. Decryption is achieved by inverting the steps of encryption. The object-oriented description found here should make it easier to implement interoperable systems, though it is not as terse as the functional descriptions found in the references. There are two classes of objects, keys and cipher algorithms. Both classes share operations that create and destroy these objects in a manner that ensures that secret information is not returned to the memory manager. Keys also have a "set" operation that copies a secret key into the object. The "set" operation for the cipher objects defines the number of rounds, and the initialization vector. There are four operations for the cipher objects described in this memo. There is binding a key to a cipher object, setting a new initialization vector for a cipher object without changing the key, encrypting part of a message (this would be performed multiple times for long messages), and processing the last part of a message whichShow full document text