RC6
The Feistel function of the RC6 algorithm. | |
General | |
---|---|
Designers | Ron Rivest, Matt Robshaw, Ray Sidney, Yiqun Lisa Yin |
First published | 1998 |
Derived from | RC5 |
Certification | AES finalist |
Cipher detail | |
Key sizes | 128, 192, or 256 bits |
Block sizes | 128 bits |
Structure | Feistel network |
Rounds | 20 |
In cryptography, RC6 (Rivest Cipher 6) is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. The algorithm was one of the five finalists, and also was submitted to the NESSIE and CRYPTREC projects. It is a proprietary algorithm, patented by RSA Security.
RC6 proper has a block size of 128 bits and supports key sizes of 128, 192, and 256 bits, but, like RC5, it may be parameterised to support a wide variety of word-lengths, key sizes, and number of rounds. RC6 is very similar to RC5 in structure, using data-dependent rotations, modular addition, and XOR operations; in fact, RC6 could be viewed as interweaving two parallel RC5 encryption processes, however, RC6 does use an extra multiplication operation not present in RC5 in order to make the rotation dependent on every bit in a word, and not just the least significant few bits.
Encryption/decryption
// Encryption/Decryption with RC6-w/r/b // // Input: Plaintext stored in four w-bit input registers A, B, C & D // r is the number of rounds // w-bit round keys S[0, ... , 2r + 3] // // Output: Ciphertext stored in A, B, C, D // // '''Encryption Procedure:''' B = B + S[0] D = D + S[1] for i = 1 to r do { t = (B*(2B + 1)) <<< lg w u = (D*(2D + 1)) <<< lg w A = ((A ⊕ t) <<< u) + S[2i] C = ((C ⊕ u) <<< t) + S[2i + 1] (A, B, C, D) = (B, C, D, A) } A = A + S[2r + 2] C = C + S[2r + 3] // '''Decryption Procedure:''' C = C - S[2r + 3] A = A - S[2r + 2] for i = r downto 1 do { (A, B, C, D) = (D, A, B, C) u = (D*(2D + 1)) <<< lg w t = (B*(2B + 1)) <<< lg w C = ((C - S[2i + 1]) >>> t) ⊕ u A = ((A - S[2i]) >>> u) ⊕ t } D = D - S[1] B = B - S[0]
Licensing
As RC6 has not been selected for the AES, it is not guaranteed that RC6 is royalty-free. As of January 2007, a web page on the official web site of the designers of RC6, RSA Laboratories, states the following:
- "We emphasize that if RC6 is selected for the AES, RSA Security will not require any licensing or royalty payments for products using the algorithm".
The emphasis on the word "if" suggests that RSA Security Inc. now may require licensing and royalty payments for any products using the RC6 algorithm. RC6 is a patented encryption algorithm (U.S. Patent 5,724,428 and U.S. Patent 5,835,600).
NSA use
According to an analysis of leaked documents by Jacob Appelbaum, an independent computer security researcher, NSA systems installed remotely to intercept internet communications emit RC6 encrypted UDP traffic.[1] Document dates suggest the systems in question were designed before the Advanced Encryption Standard process was completed.[2]
Notes
- ↑ Jacob Appelbaum. 30c3: To Protect And Infect, Part 2 (FLV). Hamburg, Germany. Retrieved 2014-01-16.
- ↑ "FASHIONCLEFT Interface control document" (PDF). Der Spiegel.
References
- R.L. Pavan, M.J.B. Robshaw, R.Sidney, and Y.L. Yin. The RC6 Block Cipher. v1.1, August 1998.
- J. Beuchat FPGA Implementations of the RC6 Block Cipher.
- How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks by Iain Thompson 31 Dec 2013, The Register.
External links
- 256bit Ciphers - RC6 Reference implementation and derived code
- SCAN's entry on RC6
- RSA Security's RC6 page
- RC6 // EMC Corporation