Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
RC5
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Algorithm== RC5 encryption and decryption both expand the random key into 2(r+1) words that will be used sequentially (and only once each) during the encryption and decryption processes. All of the below comes from Rivest's revised paper on RC5.<ref>{{Cite web|url=http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf|archiveurl=https://web.archive.org/web/20180921234702/http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf|url-status=dead |title=The RC5 Encryption Algorithm|archivedate=September 21, 2018|website=people.csail.mit.edu}}</ref> ===Key expansion=== The key expansion algorithm is illustrated below, first in [[pseudocode]], then example [[C (programming language)|C code]] copied directly from the reference paper's appendix. Following the naming scheme of the paper, the following variable names are used: * {{math|{{var|w}}}} β The length of a word in bits, typically 16, 32 or 64. Encryption is done in 2-word blocks. * {{math|1={{var|u}} = {{var|w}}/8}} β The length of a word in bytes. * {{math|{{var|b}}}} β The length of the key in bytes. * {{math|K[]}} β The key, considered as an array of bytes (using 0-based indexing). * {{math|{{var|c}}}} β The length of the key in words (or 1, if b = 0). * {{math|L[]}} β A temporary working array used during key scheduling, initialized to the key in words. * {{math|{{var|r}}}} β The number of rounds to use when encrypting data. * {{math|1={{var|t}} = 2({{var|r}}+1)}} β the number of round subkeys required. * {{math|S[]}} β The round subkey words. * {{math|P{{sub|{{var|w}}}}}} β The first magic constant, defined as {{math|Odd(({{var|e}} β 2) {{times}} 2{{sup|{{var|w}}}})}}, where {{math|Odd}} is the nearest odd integer to the given input, {{math|{{var|e}}}} is the [[e (mathematical constant)|base of the natural logarithm]], and {{math|{{var|w}}}} is defined above. For common values of {{math|{{var|w}}}}, the associated values of {{math|P{{sub|{{var|w}}}}}} are given here in hexadecimal: ** For ''w'' = 16: 0xB7E1 ** For ''w'' = 32: 0xB7E15163 ** For ''w'' = 64: 0xB7E151628AED2A6B * {{math|Q{{sub|{{var|w}}}}}} β The second magic constant, defined as {{math|Odd(({{phi}} β 1) {{times}} 2{{sup|{{var|w}}}})}}, where {{math|Odd}} is the nearest odd integer to the given input, where {{math|{{phi}}}} is the [[golden ratio]], and {{math|{{var|w}}}} is defined above. For common values of {{math|{{var|w}}}}, the associated values of {{math|Q{{sub|{{var|w}}}}}} are given here in hexadecimal: ** For ''w'' = 16: 0x9E37 ** For ''w'' = 32: 0x9E3779B9 ** For ''w'' = 64: 0x9E3779B97F4A7C15 <syntaxhighlight lang="python"> # Break K into words # u = w / 8 c = ceiling(max(b, 1) / u) # L is initially a c-length list of 0-valued w-length words for i = b-1 down to 0 do: L[i / u] = (L[i / u] <<< 8) + K[i] # Initialize key-independent pseudorandom S array # S is initially a t=2(r+1) length list of undefined w-length words S[0] = P_w for i = 1 to t-1 do: S[i] = S[i - 1] + Q_w # The main key scheduling loop i = j = 0 A = B = 0 do 3 * max(t, c) times: A = S[i] = (S[i] + A + B) <<< 3 B = L[j] = (L[j] + A + B) <<< (A + B) i = (i + 1) % t j = (j + 1) % c # return S </syntaxhighlight> The example source code is provided from the appendix of Rivest's paper on RC5. The implementation is designed to work with w = 32, r = 12, and b = 16. <syntaxhighlight lang="c"> void RC5_SETUP(unsigned char *K) { // w = 32, r = 12, b = 16 // c = max(1, ceil(8 * b/w)) // t = 2 * (r+1) WORD i, j, k, u = w/8, A, B, L[c]; for (i = b-1, L[c-1] = 0; i != -1; i--) L[i/u] = (L[i/u] << 8) + K[i]; for (S[0] = P, i = 1; i < t; i++) S[i] = S[i-1] + Q; for (A = B = i = j = k = 0; k < 3 * t; k++, i = (i+1) % t, j = (j+1) % c) { A = S[i] = ROTL(S[i] + (A + B), 3); B = L[j] = ROTL(L[j] + (A + B), (A + B)); } } </syntaxhighlight> ===Encryption=== Encryption involved several rounds of a simple function, with 12 or 20 rounds seemingly recommended, depending on security needs and time considerations. Beyond the variables used above, the following variables are used in this algorithm: * A, B - The two words composing the block of [[plaintext]] to be encrypted. <syntaxhighlight lang="python"> A = A + S[0] B = B + S[1] for i = 1 to r do: A = ((A ^ B) <<< B) + S[2 * i] B = ((B ^ A) <<< A) + S[2 * i + 1] # The ciphertext block consists of the two-word wide block composed of A and B, in that order. return A, B </syntaxhighlight> The example C code given by Rivest is this. <syntaxhighlight lang="c"> void RC5_ENCRYPT(WORD *pt, WORD *ct) { WORD i, A = pt[0] + S[0], B = pt[1] + S[1]; for (i = 1; i <= r; i++) { A = ROTL(A ^ B, B) + S[2*i]; B = ROTL(B ^ A, A) + S[2*i + 1]; } ct[0] = A; ct[1] = B; } </syntaxhighlight> ===Decryption=== Decryption is a fairly straightforward reversal of the encryption process. The below pseudocode shows the process. <syntaxhighlight lang="python"> for i = r down to 1 do: B = ((B - S[2 * i + 1]) >>> A) ^ A A = ((A - S[2 * i]) >>> B) ^ B B = B - S[1] A = A - S[0] return A, B </syntaxhighlight> The example C code given by Rivest is this. <syntaxhighlight lang="c"> void RC5_DECRYPT(WORD *ct, WORD *pt) { WORD i, B=ct[1], A=ct[0]; for (i = r; i > 0; i--) { B = ROTR(B - S[2*i + 1], A) ^ A; A = ROTR(A - S[2*i], B) ^ B; } pt[1] = B - S[1]; pt[0] = A - S[0]; } </syntaxhighlight>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)