A Description of the KCipher-2 Encryption Algorithm
RFC 7008

Versions
06
07
08
09


Document	Type	RFC - Informational (August 2013; No errata) Was draft-kiyomoto-kcipher2 (individual)
	Last updated	2013-08-28
	Stream	ISE
	Formats	plain text pdf html bibtex
	IETF conflict review	conflict-review-kiyomoto-kcipher2
Stream	ISE state	Published RFC
	Consensus Boilerplate	Unknown
	Document shepherd	No shepherd assigned
IESG	IESG state	RFC 7008 (Informational)
	Telechat date
	Responsible AD	(None)
	Send notices to	(None)

Email authors IPR 3 References Referenced by Nits

Independent Submission                                       S. Kiyomoto
Request for Comments: 7008                                       W. Shin
Category: Informational                      KDDI R&D Laboratories, Inc.
ISSN: 2070-1721                                              August 2013

          A Description of the KCipher-2 Encryption Algorithm

Abstract

   This document describes the KCipher-2 encryption algorithm.
   KCipher-2 is a stream cipher with a 128-bit key and a 128-bit
   initialization vector.  Since the algorithm for KCipher-2 was
   published in 2007, security and efficiency have been rigorously
   evaluated through academic and industrial studies.  As of the
   publication of this document, no security vulnerabilities have been
   found.  KCipher-2 offers fast encryption and decryption by means of
   simple operations that enable efficient implementation.  KCipher-2
   has been used for industrial applications, especially for mobile
   health monitoring and diagnostic services in Japan.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7008.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Kiyomoto & Shin               Informational                     [Page 1]
RFC 7008               A Description of KCipher-2            August 2013

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Algorithm Description  . . . . . . . . . . . . . . . . . . . .  3
     2.1.  Notations  . . . . . . . . . . . . . . . . . . . . . . . .  4
     2.2.  Internal State . . . . . . . . . . . . . . . . . . . . . .  4
       2.2.1.  Feedback Shift Registers . . . . . . . . . . . . . . .  4
       2.2.2.  Internal Registers . . . . . . . . . . . . . . . . . .  5
     2.3.  Operations . . . . . . . . . . . . . . . . . . . . . . . .  5
       2.3.1.  next() . . . . . . . . . . . . . . . . . . . . . . . .  5
       2.3.2.  init() . . . . . . . . . . . . . . . . . . . . . . . .  7
       2.3.3.  stream() . . . . . . . . . . . . . . . . . . . . . . .  8
     2.4.  Subroutines  . . . . . . . . . . . . . . . . . . . . . . .  9
       2.4.1.  NLF()  . . . . . . . . . . . . . . . . . . . . . . . .  9
       2.4.2.  sub_K2() . . . . . . . . . . . . . . . . . . . . . . .  9
       2.4.3.  S_box()  . . . . . . . . . . . . . . . . . . . . . . . 10
       2.4.4.  Multiplications in GF(2#32)  . . . . . . . . . . . . . 11
     2.5.  Encryption and Decryption Scheme . . . . . . . . . . . . . 13
       2.5.1.  Key Stream Generation  . . . . . . . . . . . . . . . . 13
       2.5.2.  Encryption and Decryption of a Message . . . . . . . . 14
   3.  Security Considerations  . . . . . . . . . . . . . . . . . . . 14
   4.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
     4.1.  Normative References . . . . . . . . . . . . . . . . . . . 14
     4.2.  Informative References . . . . . . . . . . . . . . . . . . 14
   Appendix A.  Tables for Multiplication in GF(2#32) . . . . . . . . 16
     A.1.  The table amul0  . . . . . . . . . . . . . . . . . . . . . 16
     A.2.  The table amul1  . . . . . . . . . . . . . . . . . . . . . 17
     A.3.  The table amul2  . . . . . . . . . . . . . . . . . . . . . 19
     A.4.  The table amul3  . . . . . . . . . . . . . . . . . . . . . 20
   Appendix B.  A Simple Implementation Example of KCipher-2  . . . . 22
     B.1.  Code Components I - Definitions and Declarations . . . . . 22
     B.2.  Code Components II - Functions . . . . . . . . . . . . . . 23
     B.3.  Use Case . . . . . . . . . . . . . . . . . . . . . . . . . 28
   Appendix C.  Test Vectors  . . . . . . . . . . . . . . . . . . . . 28
     C.1.  Key Stream Generation Examples . . . . . . . . . . . . . . 28
     C.2.  Another Key Stream Generation with the State Values  . . . 29
       C.2.1.  S after init(1)  . . . . . . . . . . . . . . . . . . . 30

Show full document text

A Description of the KCipher-2 Encryption AlgorithmRFC 7008

A Description of the KCipher-2 Encryption Algorithm
RFC 7008