Cryptography Reference
In-Depth Information
Mixing with the Key
•
Copy the
b
-byte key,
K
i
=
0
,...,b
−
1
, into a word field,
L
i
=
0
,...,c
−
1
. Choose as
small a value for
c
as possible. This is similar to copying the character string
K
into field
L
on Intel processors; in general,
K
has to be shoved into
L
bytewise. Written in C, it looks like this:
for(i = c-1; i > = 0; --i) L[i] = 0;
for(i = b-1; i > = 0; --i) L[i/u] = (L[i/u] << 8) + K[i];
•
For integers
i, j, t, m
and for words
A, B
set (again written as a C program):
i=j=0;
t = 2*r + 2;
m = 3*max(t,c);
A=B=0;
and compute
for(k=0; k < m; ++k)
{
A = S[i] = (S[i]+A+B)_3;
B = L[j] = (L[j]+A+B)_(A+B);
++i; i % = t;
/*, i.e., i = (i + 1) mod t */
++j; j % = c;
/*, i.e., j = (j + 1) mod c */
}
Figure 5.12:
(
continued
)
per second — when encrypting long files on the hard disk (so this is not a
trimmed benchmark). Even on a 486-33 computer, the same RC5 implementa-
tion still yielded 240 Kbytes/s, corresponding to 1.9 Mbits/s.
5.4.2 Cryptanalyzing RC5
Similarly to IDEA, RC5 also links three different operations, but in a much
simpler way. As you might expect, the
diffusion
is weaker than with IDEA;
but RC5 has more rounds. The following simplified example shows the weaker
diffusion.
