This preview shows page 1. Sign up to view the full content.
Unformatted text preview: er than DES. Unfortunately, [1174] shows that MBAL is susceptible to differential cryptanalysis, and [865] shows that it is susceptible to linear cryptanalysis. 14.8 RC5
RC5 is a block cipher with a variety of parameters: block size, key size, and number of rounds. It was invented by Ron Rivest and analyzed by RSA Laboratories [1324,1325]. There are three operations: XOR, addition, and rotations. Rotations are constanttime operations on most processors and variable rotations are a nonlinear function. These rotations, which depend on both the key and the data, are the interesting operation. RC5 has a variablelength block, but this example will focus on a 64bit data block. Encryption uses 2r + 2 keydependent 32bit words—S0, S1, S2,..., S2r + 1—where r is the number of rounds. We’ll generate those words later. To encrypt, first divide the plaintext block into two 32bit words: A and B. (RC5 assumes a littleendian convention for packing bytes into words: The first byte goes into the loworder bit positions of register A, etc.) Then: A = A + S0 B = B + S1 For i = 1 to r: A = ((A • B) <<< B) + S2i B = ((B • A) <<< A) + S2i + 1 The output is in the registers A and B. Decryption is just as easy. Divide the plaintext block into two words, A and B, and then: For i = r down to 1: B = ((B – S2i + 1) >>> A) • A A = ((A – S2i) >>> B) • B B = B – S1 A = A – S0 The symbol “>>>” is a right circular shift. Of course, all addition and subtraction are mod 232. Creating the array of keys is more complicated, but also straightforward. First, copy the bytes of the key into an array, L, of c 32bit words, padding the final word with zeros if necessary. Then, initialize an array, S, using a linear congruential generator mod 232: S0 = P for i = 1 to 2(r + 1) – 1: Si = (Si  1 + Q) mod 232 P = 0xb7e15163 and Q = 0x9e3779b9; these constants are based on the binary representation of e and phi. Finally, mix L into S: i=j=0 A=B=0 do 3n times (wher...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details