Cryptography Overview

for 12-round RC5-32, recent cryptanalytic work suggests 16 rounds is now a more conservative choice. For the RC5 cipher with a 64-bit word size, RSA Security recommends at least 20 rounds.

The key size can be as little as 0 (zero) and as many as 255 bytes. The RC5 cipher uses the secret key bytes to generate an expanded key table during the Init phase. The key table is then used during encryption or decryption. Therefore, key length will have no appreciable effect on algorithm speed.

The RC5 cipher is more formally described as RC5 w/r/b. For instance, the RC5 cipher with a 32-bit word, 16 rounds, and a 10 byte key would be described as RC5 32/16/10.

RC6

The RC6 cipher was developed by Ronald Rivest and Matthew Robshaw, Ray Sidney, and Lisa Yin of RSA Laboratories West as a candidate for the Advanced Encryption Standard (AES)

The guidelines for the RC6 cipher were aimed at creating a cipher which could take advantage of modern computing power and architecture. These guidelines specify that a submitted algorithm must accept 16-byte blocks (8-byte word). This is in contrast to many previous block ciphers, such as DES and Triple DES, which operate only on 8-byte blocks.

In accordance with these guidelines, RC6 allows a 16-byte block size, which has the following implications:

When you use RC6 with a feedback mode in Crypto-C, your initialization vector must be 16 bytes.

If you use RC6 with padding, the resulting output might be as many as 16 bytes more than the input.

The full RC6 algorithm also allows you to specify different levels of security by setting the number of rounds. However, the version submitted for the AES specifies 20 rounds. At 20 rounds, RC6 provides an optimal balance between security and speed. The current implementation of Crypto-C only accepts 20 rounds.

Note: At 20 rounds, the fastest known attack on the cipher is a brute-force attack on the key, and encryption and decryption operations are faster than with a higher number of rounds. While fewer rounds would still offer good security, there are attacks that would be faster than a brute-force attack on the key. More than 20 rounds might offer more security, but the fastest attack would still be a brute-force attack on the key, and the increased rounds number

4 0

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 62
Image 62
RSA Security 5.2.2 manual RC6