A Description of the Rabbit Stream Cipher Algorithm
RFC 4503

Document Type RFC - Informational (May 2006; Errata)
Last updated 2013-03-02
Stream ISE
Formats plain text pdf html
Stream ISE state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4503 (Informational)
Telechat date
Responsible AD Russ Housley
Send notices to ez@cryptico.com
Network Working Group                                       M. Boesgaard
Request for Comments: 4503                                 M. Vesterager
Category: Informational                                        E. Zenner
                                                            Cryptico A/S
                                                                May 2006

          A Description of the Rabbit Stream Cipher Algorithm

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document describes the encryption algorithm Rabbit.  It is a
   stream cipher algorithm with a 128-bit key and 64-bit initialization
   vector (IV).  The method was published in 2003 and has been subject
   to public security and performance revision.  Its high performance
   makes it particularly suited for the use with Internet protocols
   where large amounts of data have to be processed.

Table of Contents

   1. Introduction ....................................................2
   2. Algorithm Description ...........................................2
      2.1. Notation ...................................................2
      2.2. Inner State ................................................3
      2.3. Key Setup Scheme ...........................................3
      2.4. IV Setup Scheme ............................................3
      2.5. Counter System .............................................4
      2.6. Next-State Function ........................................4
      2.7. Extraction Scheme ..........................................5
      2.8. Encryption/Decryption Scheme ...............................5
   3. Security Considerations .........................................6
      3.1. Message Length .............................................6
      3.2. Initialization Vector ......................................6
   4. Informative References ..........................................7
   Appendix A: Test Vectors ...........................................8
      A.1. Testing without IV Setup ...................................8
      A.2. Testing with IV Setup ......................................8
   Appendix B: Debugging Vectors ......................................9

Boesgaard, et al.            Informational                      [Page 1]
RFC 4503                   Rabbit Encryption                    May 2006

      B.1. Testing Round Function and Key Setup .......................9
      B.2. Testing the IV setup ......................................10

1.  Introduction

   Rabbit is a stream cipher algorithm that has been designed for high
   performance in software implementations.  Both key setup and
   encryption are very fast, making the algorithm particularly suited
   for all applications where large amounts of data or large numbers of
   data packages have to be encrypted.  Examples include, but are not
   limited to, server-side encryption, multimedia encryption, hard-disk
   encryption, and encryption on limited-resource devices.

   The cipher is based on ideas derived from the behavior of certain
   chaotic maps.  These maps have been carefully discretized, resulting
   in a compact stream cipher.  Rabbit has been openly published in 2003
   [1] and has not displayed any weaknesses as of the time of this
   writing.  To ensure ongoing security evaluation, it was also
   submitted to the ECRYPT eSTREAM project[2].

   Technically, Rabbit consists of a pseudorandom bitstream generator
   that takes a 128-bit key and a 64-bit initialization vector (IV) as
   input and generates a stream of 128-bit blocks.  Encryption is
   performed by combining this output with the message, using the
   exclusive-OR operation.  Decryption is performed in exactly the same
   way as encryption.

   Further information about Rabbit, including reference implementation,
   test vectors, performance figures, and security white papers, is
   available from http://www.cryptico.com/.

2.  Algorithm Description

2.1.  Notation

   This document uses the following elementary operators:

    +     integer addition.
    *     integer multiplication.
   div    integer division.
   mod    integer modulus.
    ^     bitwise exclusive-OR operation.
   <<<    left rotation operator.
    ||    concatenation operator.

   When labeling bits of a variable, A, the least significant bit is
   denoted by A[0].  The notation A[h..g] represents bits h through g of
   variable A, where h is more significant than g.  Similar variables

Boesgaard, et al.            Informational                      [Page 2]
Show full document text