A Description of the Rabbit Stream Cipher Algorithm
RFC 4503
|
| Document |
Type |
|
RFC - Informational
(May 2006; Errata)
|
|
Last updated |
|
2020-01-21
|
|
Stream |
|
ISE
|
|
Formats |
|
plain text
html
pdf
htmlized
with errata
bibtex
|
| Stream |
ISE state
|
|
(None)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 4503 (Informational)
|
|
Telechat date |
|
|
|
Responsible AD |
|
Russ Housley
|
|
Send notices to |
|
(None)
|
Network Working Group M. Boesgaard
Request for Comments: 4503 M. Vesterager
Category: Informational E. Zenner
Cryptico A/S
May 2006
A Description of the Rabbit Stream Cipher Algorithm
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document describes the encryption algorithm Rabbit. It is a
stream cipher algorithm with a 128-bit key and 64-bit initialization
vector (IV). The method was published in 2003 and has been subject
to public security and performance revision. Its high performance
makes it particularly suited for the use with Internet protocols
where large amounts of data have to be processed.
Table of Contents
1. Introduction ....................................................2
2. Algorithm Description ...........................................2
2.1. Notation ...................................................2
2.2. Inner State ................................................3
2.3. Key Setup Scheme ...........................................3
2.4. IV Setup Scheme ............................................3
2.5. Counter System .............................................4
2.6. Next-State Function ........................................4
2.7. Extraction Scheme ..........................................5
2.8. Encryption/Decryption Scheme ...............................5
3. Security Considerations .........................................6
3.1. Message Length .............................................6
3.2. Initialization Vector ......................................6
4. Informative References ..........................................7
Appendix A: Test Vectors ...........................................8
A.1. Testing without IV Setup ...................................8
A.2. Testing with IV Setup ......................................8
Appendix B: Debugging Vectors ......................................9
Boesgaard, et al. Informational [Page 1]
RFC 4503 Rabbit Encryption May 2006
B.1. Testing Round Function and Key Setup .......................9
B.2. Testing the IV setup ......................................10
1. Introduction
Rabbit is a stream cipher algorithm that has been designed for high
performance in software implementations. Both key setup and
encryption are very fast, making the algorithm particularly suited
for all applications where large amounts of data or large numbers of
data packages have to be encrypted. Examples include, but are not
limited to, server-side encryption, multimedia encryption, hard-disk
encryption, and encryption on limited-resource devices.
The cipher is based on ideas derived from the behavior of certain
chaotic maps. These maps have been carefully discretized, resulting
in a compact stream cipher. Rabbit has been openly published in 2003
[1] and has not displayed any weaknesses as of the time of this
writing. To ensure ongoing security evaluation, it was also
submitted to the ECRYPT eSTREAM project[2].
Technically, Rabbit consists of a pseudorandom bitstream generator
that takes a 128-bit key and a 64-bit initialization vector (IV) as
input and generates a stream of 128-bit blocks. Encryption is
performed by combining this output with the message, using the
exclusive-OR operation. Decryption is performed in exactly the same
way as encryption.
Further information about Rabbit, including reference implementation,
test vectors, performance figures, and security white papers, is
available from http://www.cryptico.com/.
2. Algorithm Description
2.1. Notation
This document uses the following elementary operators:
+ integer addition.
* integer multiplication.
div integer division.
mod integer modulus.
^ bitwise exclusive-OR operation.
<<< left rotation operator.
|| concatenation operator.
When labeling bits of a variable, A, the least significant bit is
denoted by A[0]. The notation A[h..g] represents bits h through g of
variable A, where h is more significant than g. Similar variables
Boesgaard, et al. Informational [Page 2]
RFC 4503 Rabbit Encryption May 2006
are labeled by A0,A1,... with the notation A(0),A(1),... being used
to denote those same variables if this improves readability.
Show full document text