The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
RFC 2040
| Document | Type |
RFC - Informational
(October 1996; Errata)
Was draft-baldwin-rc5 (individual)
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | Legacy | ||
| Formats | plain text html pdf htmlized with errata bibtex | ||
| Stream | Legacy state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | RFC 2040 (Informational) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group R. Baldwin
Request for Comments: 2040 RSA Data Security, Inc.
Category: Informational R. Rivest
MIT Laboratory for Computer Science
and RSA Data Security, Inc.
October 1996
The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
Acknowledgments
We would like to thank Steve Dusse, Victor Chang, Tim Mathews, Brett
Howard, and Burt Kaliski for helpful suggestions.
Table of Contents
1. Executive Summary ....................... 1
2. Overview ................................ 2
3. Terminology and Notation ................ 3
4. Description of RC5 Keys ................. 4
5. Description of RC5 Key Expansion ........ 6
6. Description of RC5 Block Cipher ......... 10
7. Description of RC5-CBC and RC5-CBC-Pad .. 12
8. Description of RC5-CTS .................. 18
9. Test Program and Vectors ................ 19
10. Security Considerations ................. 26
11. ASN.1 Identifiers ....................... 28
References ........................................ 28
Authors' Addresses ................................ 29
1. Executive Summary
This document defines four ciphers with enough detail to ensure
interoperability between different implementations. The first cipher
is the raw RC5 block cipher. The RC5 cipher takes a fixed size input
block and produces a fixed sized output block using a transformation
that depends on a key. The second cipher, RC5-CBC, is the Cipher
Block Chaining (CBC) mode for RC5. It can process messages whose
length is a multiple of the RC5 block size. The third cipher, RC5-
CBC-Pad, handles plaintext of any length, though the ciphertext will
be longer than the plaintext by at most the size of a single RC5
Baldwin & Rivest Informational [Page 1]
RFC 2040 RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS October 1996
block. The RC5-CTS cipher is the Cipher Text Stealing mode of RC5,
which handles plaintext of any length and the ciphertext length
matches the plaintext length.
The RC5 cipher was invented by Professor Ronald L. Rivest of the
Massachusetts Institute of Technology in 1994. It is a very fast and
simple algorithm that is parameterized by the block size, the number
of rounds, and key length. These parameters can be adjusted to meet
different goals for security, performance, and exportability.
RSA Data Security Incorporated has filed a patent application on the
RC5 cipher and for trademark protection for RC5, RC5-CBC, RC5-CBC-
Pad, RC5-CTS and assorted variations.
2. Overview
This memo is a restatement of existing published material. The
description of RC5 follows the notation and order of explanation
found in the original RC5 paper by Professor Rivest [2]. The CBC
mode appears in reference works such as the one by Bruce Schneier
[6]. The CBC-Pad mode is the same as in the Public Key Cryptography
Standard (PKCS) number five [5]. Sample C code [8] is included for
clarity only and is equivalent to the English language descriptions.
The ciphers will be explained in a bottom up object-oriented fashion.
First, RC5 keys will be presented along with the key expansion
algorithm. Second, the RC5 block cipher is explained, and finally,
the RC5-CBC and RC5-CBC-Pad ciphers are specified. For brevity, only
the encryption process is described. Decryption is achieved by
inverting the steps of encryption.
The object-oriented description found here should make it easier to
implement interoperable systems, though it is not as terse as the
functional descriptions found in the references. There are two
classes of objects, keys and cipher algorithms. Both classes share
operations that create and destroy these objects in a manner that
ensures that secret information is not returned to the memory
manager.
Keys also have a "set" operation that copies a secret key into the
object. The "set" operation for the cipher objects defines the
number of rounds, and the initialization vector.
There are four operations for the cipher objects described in this
memo. There is binding a key to a cipher object, setting a new
initialization vector for a cipher object without changing the key,
encrypting part of a message (this would be performed multiple times
for long messages), and processing the last part of a message which
Show full document text