Cryptography Reference
In-Depth Information
in 1994 (you know Rivest from the RSA method). In designing this algorithm,
Rivest pursued the following goals:
•
RC5 should be equally suitable
for hardware and software
.
•
RC5 should be
fast
. To this end, the algorithm uses only operations on
words in the sense of hardware, i.e., operations on 32-bit blocks, for
example, when working with 32-bit processors.
•
RC5 should be
variable
. No word length, block length, key length, or
number of rounds are defined. It should be up to the user to opt between
higher speed and higher security.
•
RC5 should be
simple
, which would not only simplify the implementa-
tion: the main idea is that a simple structure makes it easier for cryptan-
alytic study.
•
RC5 should require
little memory
. This makes it interesting for chip cards.
•
Finally and most importantly, RC5 should be
secure
.
5.4.1 Description of the RC5 Algorithm
For the sake of simplicity, we will limit our discussion in this section to 32-bit
words, i.e., to the algorithm fastest for 32-bit processors. RC5 looks the same
for 64-bit words, and it can also be implemented on 32-bit processors, but this
makes it somewhat slower.
Figure 5.12 summarizes the original description of RC5.
We can represent the algorithm in an alternative form. Denoting
A
as
L
i
and
B
as
R
i
, each of the two equations looks like this in an RC5 round:
L
i
+
1
=R
i
R
i
= ((L
i
⊕
R
i
) <<< R
i
)+S
i
This reminds us strongly of a Feistel network (see Figure 4.6), but it is not:
first, the round function depends not only on
R
i
, but also on
L
i
; second,
L
i
is not XORed with the round function's result. Figure 5.13 shows a graphical
representation of an RC5 round.
RC5 is really very fast: my own implementation on a 133-MHz Pentium
and ESIX V.4.2 PC-UNIX achieved 1.5 Mbytes per second — i.e., 12 Mbits