You get a bonus - 1 coin for daily activity. Now you have 1 coin

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

Lecture



  • 1 Description
    • 1.1 Parameters
    • 1.2 Key Extension
      • 1.2.1 Constant Generation
      • 1.2.2 Key breaking into words
      • 1.2.3 Constructing an Extended Key Table
      • 1.2.4 Stirring
    • 1.3 Encryption
    • 1.4 Decryption
  • 2 Properties
  • 3 cryptographic strength
    • 3.1RSA Security Challenge
    • 3.2 Runtime attack
  • 4 Algorithm Options
    • 4.1RC5XOR
    • 4.2RC5P
    • 4.3RC5PFR
    • 4.4RC5KFR
    • 4.5RC5RA
  • 5 Notes
  • 6Links

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

Creator: Ron Rivest

Created: 1994

Published: 1994 year

Key size: 0-2040 bits (128 by default)

Block size: 32, 64, or 128 bits (64 by default for 32-bit platforms)

Rounds: 1-255 (12 by default)

Type: Feistel Network

RC5 ( Ron's Code 5 or Rivest's Cipher 5 ) is a block cipher developed by Ron Rivest of RSA Security Inc. with a variable number of rounds, block length and key length. This extends the scope and simplifies the transition to a stronger version of the algorithm.

Description

There are several different versions of the algorithm in which the transformations in the “half-rounds” of the classic RC5 are slightly modified. The classical algorithm uses three primitive operations and their inversions:

  • modulo addition Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance
  • bitwise exclusive OR (XOR)
  • cyclic shift operations on a variable number of bits Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

The main innovation is the use of a shift operation on a variable number of bits that were not used in earlier encryption algorithms. These operations are equally quickly performed on most processors, but at the same time significantly complicate the differential and linear cryptanalysis of the algorithm.

RC5 encryption consists of two steps. Key extension procedure and encryption directly. For decryption, the key expansion procedure is performed first, and then the operations opposite to the encryption procedure are performed. All addition and subtraction operations are performed modulo Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

Options

Because Since the RC5 algorithm has variable parameters, for the specification of the algorithm with specific parameters the designation RC5-W / R / b is accepted, where

  • W - half the length of the block in bits, the possible values ​​are 16, 32 and 64. For effective implementation, the value of W is recommended to be taken equal to the machine word. For example, for 32-bit platforms, the optimal choice would be W = 32, which corresponds to a block size of 64 bits.
  • R - the number of rounds, possible values ​​from 0 to 255. An increase in the number of rounds provides an increase in the level of security of the cipher. So, at R = 0, the information will not be encrypted. The RC5 algorithm also uses an extended key table of size 2 (R + 1) words, which is obtained from a key specified by the user.
  • b - key length in bytes, possible values ​​are from 0 to 255.

Key extension


Before directly encrypting or decrypting the data, the key extension procedure is performed. The key generation procedure consists of four stages:

  • Constant Generation
  • Key breaking into words
  • Building an extended key table
  • Stirring

Constant Generation

For a given parameter W, two pseudo-random variables are generated using two mathematical constants: e (exponent) and f (Golden Ratio).

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

where Odd () is rounding to the nearest odd integer.

For w = 16.32.64, we obtain the following constants:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

Key breaking into words

At this stage, the key is copied Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance into an array of words Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance that is, the number of bytes in a word.

If a Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance padded with zero bits to the nearest larger size c, a multiple of Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

If b = c = 0, then we set the value Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

Building an extended key table

At this stage, the extension key table is built Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance which is performed as follows:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

Stirring

The following actions are performed cyclically N times:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

moreover, G, H, i, j are temporary variables whose initial values ​​are 0.

The number of iterations of cycle N is the maximum of two values ​​3 * c and Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

Encryption


Before the first round, the operations of applying the extended key to the encrypted data are performed:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

In each round, the following actions are performed:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

Decryption


To decrypt data, reverse operations are used, i.e. for i = R, R-1, ..., 1 the following rounds are performed:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

After completing all rounds, the original message is from the expression:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

The properties

The RC5 algorithm has the following properties: [1]

  • Suitable for both hardware and software implementation (the algorithm uses operations that are performed equally fast on all processors).
  • Each round processes the entire block (a typical round of the Feistel network processes only the “sub-block”).
  • Equally good for machines with different machine word lengths (i.e., it also works well on 64-bit machines).
  • It has a repeating structure with a variable number of rounds, which allows the user to choose between a higher encryption speed and greater security of the cipher.
  • It has a variable key length, which allows the user to choose the security level that matches the specifics of his application.
  • Simple enough to implement and analyze.
  • Not demanding on memory, which allows you to use it even in mobile and portable devices.

Cryptographic strength

RSA spent a lot of time analyzing its work with a 64-bit block. So, from 1995 to 1998, they published a number of reports in which they analyzed in detail the cryptographic strength of the RC5 algorithm. An evaluation for linear cryptanalysis shows that the algorithm is safe after 6 rounds. Differential cryptanalysis requires Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance selected plaintexts for an algorithm with 5 rounds, Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance for 10 rounds, Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance for 12 rounds and Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance for 15 rounds. And since there is only Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance possible different plaintexts, then differential cryptanalysis is impossible for the algorithm in 15 or more rounds. So it is recommended to use 18-20 rounds, or at least not less than 15 instead of the 12 rounds that Rivest himself recommended.

RSA Security Challenge

To stimulate learning and use of the RC5 cipher RSA Security Inc. On January 28, 1997, she proposed hacking a series of messages encrypted with the RC5 algorithm with different parameters, [2] giving a prize of $ 10,000 for hacking each message. The cipher with the weakest parameters RC5-32 / 12/5 was cracked for several hours. Nevertheless, the last hacking of the RC5-32 / 12/8 cipher required 5 years of calculations within the framework of the RC5-64 distributed computing project (here 64 = b · 8, the key length in bits) under the supervision of distributed.net. RC5-32 / 12 / b is still inaccessible for b from 9 to 16. distributed.net launched the RC5-72 project for hacking RC5-32 / 12/9 , in which as of October 2013 it was possible to sort out about 3 % keys. [3]

In May 2007, RSA Security Inc. announced the termination of support for the competition and the payment of cash rewards. In order not to stop the RC-72 project, distributed.net decided to sponsor a prize of $ 4,000 from its own funds. [4]

Runtime Attack

On platforms where the cyclic shift operation by a variable number of bits is performed for a different number of processor cycles, an attack during execution time on the RC5 algorithm is possible. Two options for such an attack were formulated by cryptanalysts Howard Haze and Helena Handschuh . They found that the key can be calculated after performing about 220 encryption operations with high-precision measurements of the execution time and then from 228 to 240 test encryption operations. The easiest way to deal with such attacks is to force shifts for a constant number of measures (for example, during the execution of the slowest shift).

Algorithm Options

Because one of the properties of RC5 is its simplicity in implementation and analysis, it is logical that many cryptologists [ who? ] wanted to improve the classic algorithm. The general structure of the algorithm remained unchanged, only the actions performed on each block in the process of direct encryption changed. So a few different variants of this algorithm appeared:

RC5XOR

In this algorithm, modulo round key addition Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance replaced by XOR operation:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

This algorithm turned out to be vulnerable to differential and linear cryptanalysis. Biryukov and Kushilevits managed to find an attack using differential cryptanalysis for the RC5XOR-32/12/16 algorithm using 228 selected plaintexts.

RC5P

In this algorithm, the addition of two processed “blocks” by the XOR operation is replaced by modulo addition Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance :

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

This algorithm turned out to be vulnerable to differential cryptanalysis.

RC5PFR

In this algorithm, a cyclic shift is carried out by a fixed number of bits for a given round, and not by a variable.

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

where Ri is a fixed number.

This algorithm is not well understood, but it is assumed that it is unstable to differential cryptanalysis.

RC5KFR

In this algorithm, the number of shift bits depends on the algorithm key and on the current round:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

This algorithm is also not well understood.

RC5RA

In this algorithm, the number of shift bits is determined using some function of another “sub-block”:

Cipher RC5 (Rons Code 5 or Rivests Cipher 5) Algorithm, cryptoresistance

It is assumed that the RC5RA algorithm is even more resistant to known cryptanalysis methods than RC5.

created: 2016-09-19
updated: 2021-03-13
319



Rating 9 of 10. count vote: 2
Are you satisfied?:



Comments


To leave a comment
If you have any suggestion, idea, thanks or comment, feel free to write. We really value feedback and are glad to hear your opinion.
To reply

Information security, Cryptographic ciphers

Terms: Information security, Cryptographic ciphers