Image Processing Reference
In-Depth Information
// Algorithm: RC5-Encryption
// Input:
A, B
= plaintext stored in two words
//
S[0, 2r+1] = an array filled by a key setup
procedure
//
// Ouput:
A, B
= ciphertext stored in two words
A := A + S[0];
B := B + S[1];
for
i
:= 1 to r
A := ( (A B) <<< B) + s[2i];
B := ( (B A) <<< A) + s[2i + 1];
FIGURE .
RC encryption algorithm.
TABLE .
Plaintext Requirements for Differential
Attacks on RC
Number of Rounds
Differential attack
(chosen plaintext)
Differential attack
(known plaintext)
RegardingthesecurityoftheRCalgorithm,KaliskiandYinreportinthatthebest-known
attacks against RC with a blocklength of bit have plaintext requirements as listed in Table .
[KY]. According to the information given in [PST
+
] (RAM requirements, etc.), Perrig et al. seem
to plan for RC with rounds and bit words (leading to a blocklength of bit), so that a diferential
cryptanalysis attack would require about
chosen plaintexts and about
known plaintexts and
CPUefortinthesameorderofmagnitude.TakingintoaccountprogressinPCtechnology,this
should be considered on the edge of being secure (if an attacker can collect that many plaintexts).
Nevertheless, by increasing the number of rounds the required effort could be raised to
or
,
respectively. Even higher security requirements can by principle only be ensured by using a block
cipher with a larger block size.
In SNEP, encryption of messages is performed by using the RC algorithm in an operational mode
called “counter mode” that XORs the plaintext with a pseudo-random bit sequence, which is gener-
ated by encrypting increasing counter values (see also Figure .). .).The encryption of message
Ms g
with key
K
and counter value “
Counter
” is denoted as
.
For computing message authentication codes (MACs), SNEP uses the well established
cipher block
chaining MAC (CBC-MAC)
construction. his mode encrypts each plaintext block
P
, ...,
P
n
with an
integrity key
IK
, XORing the ciphertext of the last encryption result
C
i
{
M
}
<
K
,Counter
>
with the plaintext block
P
i
prior to the encryption step. he result of the last encryption step is then taken as the MAC (see also
Figure .).
−
Counter
Counter + 1
Counter + 2
CK
A
,
B
CK
A
,
B
CK
A
,
B
RC5
RC5
RC5
P
1
C
1
P
2
C
2
P
3
C
3
FIGURE .
Encryption in counter mode.