Cryptography Reference
In-Depth Information
is very easy to program and to implement in hardware. The same applies to
RC5a, except that you can trade not only 'computing time for security', but
also 'memory requirements for security'.
5.4.4 Patents and the RC6 Successor
A US patent was filed for RC5. Rivest claims that the license fee will be
extremely low and is intended only to finance further research at the RSA Lab-
oratories. Similarly to IDEA, non-commercial use might even be free. Unfor-
tunately, I don't have more details at the time of writing. The improvement
named RC6 would have been available for free if it became AES. However,
since Rijndael won the race (see Section 5.5), RC6 was also patented.
Rivest assumes that RC5a also falls under the RC5 patent. However, everybody
outside the USA can use this algorithm for free in any event. It has been on an
FTP server on the Internet (visit
ftp.cert.dfn.de/pub/tools/crypt/RC5-
IFW/*
and have your search engine look for
rc5a.c
) since February 1996. I
have not set any restrictions on its use, just the copyright has to be ensured.
Due to the disclosure, there was no way for RC5a to obtain patent protection
in Germany, provided the method is accepted as an independent algorithm.
Section 7.6 will discuss an implementation that detects and considers the inter-
nal number representation (big endian/little endian) automatically, in contrast
to others, as well as on the Web site to this topic.
My RC5a implementation was ported to Windows NT by the Chile-based com-
pany S&I Chile, and it is used at EffCom GmbH, based in Ludwigshafen,
Germany, in their
Treasury
asset management program. At the occasion of this
porting, the code was thoroughly checked and a small error was found, luckily
without impact. We are grateful to S&I Chile for making us the pertaining
porting in addition to a small cryptolibrary available for free — you will find
all these things on our Web site.
RC6 Further Development
Time didn't stand still at the RSA Laboratories, of course. RC5 didn't meet
the requirements of the AES standard described in Section 5.5, since it spec-
ifies 128-bit block sizes. Considering that it uses 64-bit words, RC5 is not
particularly fast on 32-bit processors. This motivated people to find out how
the algorithm could be further developed, how it could work faster, remain as
flexible as it was simple, and be harder to attack than RC5 at the same time.
