Cryptography Reference
In-Depth Information
The RC6 Algorithm
The algorithm depends on three parameters:
- the word size,
w
, in bits (in the following called
w
=
32);
- the number of rounds,
r(r
1
)
; and
- the key length,
b
bytes (
b
=
0,1
,...,
255).
≤
Plaintext and ciphertext blocks are each 4
w
bits long, i.e., 128 bits for
w
=
32.
Rivest recommends for
w
=
32 a key length of at least 16 bytes (128 bits) with 20
rounds and calls this method 'RC6-32/20/16'.
Encryption
•
Take a key
K
with a length of
b
bytes and create a field,
S
0
,S
1
,...,S
2
r
+
3
,
of 2
(r
+
2
)
subkeys with 32 bits each (see below).
•
Decompose each 128-bit plaintext block into four 32-bit blocks,
A, B, C
,
and
D
.
•
Set
B=B+S0
D=D+S1
•
In the
i
th round (
i
=
1
,...,r
) set
t = (B(2B + 1)) <<< 5
u = (D(2D + 1)) <<< 5
A = ((A
⊕
t) <<< u) + S
2i
C = ((C
⊕
u) <<< t) + S
2i
+
1
(A,B,C,D) = (B,C,D,A)
(cyclic swapping of the four words), where
A <<< B
is the left rotation of
A
by
B
bits. Multiplications and additions are done mod 2
32
. To compute
A <<< t
, you need to consider only the five least significant bits of
t
. For
word lengths of 2
6
=
64 bits or more, generally 2
w
bits, replace number 5 by
the value of 6 (generally
w
).
Figure 5.16:
The RC6 algorithm.
