RC5
In cryptography, RC5 is a simple symmetric-key block cipher. Designed by Ronald Rivest in 1994,[1] RC5 is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. "RC" stands for "Rivest Cipher", or alternatively, "Ron's Code".
In order to provide varieties of security and efficiency levels; RC5 has a variable block size (32, 64 or 128 bits), variable key size (0 to 2040 bits) and variable number of rounds (0 to 255). The original suggested choice of parameters were a block size of 64 bits, a 128-bit key and 12 rounds.[1][2]
A key feature of RC5 is the use of data-dependent rotations; one of the goals of RC5 was to study and evaluate operations of block ciphers as a cryptographic primitive. RC5 also consists of a number of modular additions and eXclusive OR (Xor)s. The general structure of the algorithm is a Feistel-like network. The encryption and decryption routines can be specified in a few lines of code. The key schedule, however, is more complex, expanding the key using an essentially one-way function with the binary expansions of both e and the golden ratio as sources of "nothing up my sleeve numbers". The simplicity of the algorithm together with the novelty of the data-dependent rotations has made RC5 an attractive subject to study by cryptanalysts.
Cryptanalysis
12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts.[3] 18–20 rounds are suggested as sufficient protection.
RSA Security, which has a patent on the algorithm,[4] offered a series of US$10,000 prizes for breaking ciphertexts encrypted with RC5, but these contests have been discontinued as of May 2007. A number of these challenge problems have been tackled using distributed computing, organised by Distributed.net. Distributed.net has brute-forced RC5 messages encrypted with 56- and 64-bit keys, and now is working on cracking a 72-bit key. At the current rate (as of November 12, 2008), it will take approximately 1,000 years to test every possible key to complete the project.
References
- Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (PDF). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e. pp. 86–96.
- "What are RC5 and RC6". RSA Security. Archived from the original on 2006-12-29. Retrieved 2008-11-12.
- Biryukov A. and Kushilevitz E. (1998). Improved Cryptanalysis of RC5. EUROCRYPT 1998.
- Rivest, R. L, "Block Encryption Algorithm With Data Dependent Rotation", U.S. Patent 5,724,428, issued on 3 March 1998.
Other websites
- Rivest's paper describing the cipher Archived 2019-03-31 at the Wayback Machine
- SCAN's entry for the cipher
- RSA Laboratories FAQ — What are RC5 and RC6? Archived 2006-12-29 at the Wayback Machine
- Helger Lipmaa's links on RC5 Archived 2008-12-23 at the Wayback Machine
- RSA's patent via Google.