Presentation is loading. Please wait.

Presentation is loading. Please wait.

RC6: The Simple Cipher Presenter: Morgan Monger. RC6 Cipher Created by Ronald Rivest et al. for AES submission Follows the evolution of RC5 cipher –Parameterized.

Published byAngelina Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "RC6: The Simple Cipher Presenter: Morgan Monger. RC6 Cipher Created by Ronald Rivest et al. for AES submission Follows the evolution of RC5 cipher –Parameterized."— Presentation transcript:

1 RC6: The Simple Cipher Presenter: Morgan Monger

2 RC6 Cipher Created by Ronald Rivest et al. for AES submission Follows the evolution of RC5 cipher –Parameterized family of algorithms Improvements over RC5 –Uses four w-bit registers –Integer multiplication –Quadratic equation –Fixed bit shifting

3 More RC6 Cipher Main design objective: simplicity Not reported vulnerable to any known practical attacks Consists of three components –Key expansion algorithm Identical to RC5 version –Block encryption algorithm –Block decryption algorithm

4 RC6 Structure Specification: RC6-w/r/b –w is the word size in bits –r is the number of non-negative rounds –b is the key size in bits Round Stages –Pre-whitening –r rounds –Post-whitening

5 More RC6 Structure Pre-whitening –Removes inference of part of the input to the first round of encryption r rounds –Uses integer multiplication –Uses a quadratic equation f(x) = x(2x + 1)(mod 2 w ) –Uses fixed bit shifting –All of the above are required for sufficient diffusion

6 Final RC6 Structure Post-whitening –Removes inference of part of the input to the last round of encryption

7 Key Setup The user supplies a key of b bytes, where 0 ≤ b ≤ 255 The key bytes are zero-padded and stored in little-endian order –(2r+4) words are derived and stored in a round key array S

8 Diffusion Integer multiplication ensures that the bits used for rotation amounts depend on the bits of x, which is a word or register The quadratic equation increases the avalanche of changes per round The bit shift complicates more advanced cryptanalytic attacks

9 RC6 Encryption B and D are pre- whitened The loop controls the rounds defined by r A and C are post-whitened Input: Plaintext stored in four w-bit input registers A,B,C,D Number r of rounds w-bit round keys S[0,…,2r + 3] Output: Ciphertext stored in A,B,C,D Procedure: B = B + S[0] D = D + S[1] for i = 1 to r do { t = (B x (2B + 1)) <<< log 2 w u = (D x (2D + 1)) <<< log 2 w A = ((A t) <<< u) + S[2i] C = ((C u) <<< t) + S[2i+ 1] (A,B,C,D) = (B,C,D,A) } A = A + S[2r + 2] C = C + S[2r + 3] (Rivest et al., 1998a)

10 RC6 Decryption C and A are pre- whitened The loop runs in reverse for r rounds D and B are post-whitened Input: Ciphertext stored in four w-bit input registers A,B,C,D Number r of rounds w-bit round keys S[0,…,2r + 3] Output: Plaintext stored in A,B,C,D Procedure: C = C - S[2r + 3] A = A - S[2r + 2] for i = r downto 1 do { (A,B,C,D) = (D,A,B,C) u = (D x (2D + 1)) <<< log 2 w t = (B x (2B + 1)) <<< log 2 w C = ((C - S[2i + 1]) >>> t) u A = ((A - S[2i]) >>> u) t } D = D - S[1] B = B - S[0] (Rivest et al., 1998a)

11 RC6 for AES RC6-32/20/[16,24,32] –32-bit words 128-bit block size / 4 registers –20 rounds –16-, 24-, and 32-bit keys are available Input: Plaintext stored in four w-bit input registers A,B,C,D 20 rounds 32-bit round keys S[0,…,43] Output: Ciphertext stored in A,B,C,D Procedure: B = B + S[0] //Pre-whitening D = D + S[1] for i = 1 to 20 do { t = (B x (2B + 1)) <<< 5 u = (D x (2D + 1)) <<< 5 A = ((A t) <<< u) + S[2i] C = ((C u) <<< t) + S[2i+ 1] (A,B,C,D) = (B,C,D,A) } A = A + S[42] //Post-whitening C = C + S[43]

12 More RC6 for AES (Shimoyama et al., 2000)

13 AES Candidacy To meet the architectural constraints, the use of four w-bit registers permitted better 32-bit implementations –RC5 uses 64-bit operations and the constraints do not involve proper implementations The 20 rounds were chosen from linear cryptanalysis results –16 rounds could be compromised with linear cryptanalysis

14 Research Appeal Research appeal has expanded the already large knowledge base –RC5 has existing research Simplicity of the cipher has enticed cryptanalysts to evaluate it Stands open to simple and complex analysis

15 Performance Compactness permits implementation in limited space Performance is reported good on most platforms studied in the AES competition According to the final AES report, even when performance suffers from variants, the performance loss is not severe Encryption uses very little memory –Decryption has high memory requirements because of an absent on-the-fly round key computation

16 Security Ruled to provide an adequate margin of security for AES criteria Proof of security comes from the evaluations performed on RC5 and during AES competition Impervious to any known attacks, with AES parameter values

17 Attacks All known attacks are theoretical Brute Force –Not feasible due to plaintext limit of 2 128 Linear Cryptanalysis –Effective up to 16 rounds Differential Cryptanalysis –Effective up to 12 rounds Statistical Attack –Analyze distributions to discover round keys

18 Conclusions Considerable, precise thought behind the cipher design Simplicity contributes to multiple areas –Research –Performance –Security Invulnerability to any known practical attack is an appealing banner

19 Bibliography 1.Rivest, R.L., Robshaw, M.J.B., Sidney, R., & Yin, Y.L (1998a). “The RC6 Block Cipher.” URL: ftp://ftp.rsasecurity.com/pub/rsalabs/rc6/rc6v11.pdf 2.Shimoyama, T., Takeuchi, K., & Hayakawa, J. (2000). “Correlation Attack to the Block Cipher RC5 and the Simplified Variants of RC6.” 3rd AES Conference (AES3). URL: http://csrc.nist.gov/encryption/aes/round2/conf3/papers/36- tshimoyama.pdf

Download ppt "RC6: The Simple Cipher Presenter: Morgan Monger. RC6 Cipher Created by Ronald Rivest et al. for AES submission Follows the evolution of RC5 cipher –Parameterized."

Similar presentations

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
The Advanced Encryption Standard (AES) Simplified.

The Advanced Encryption Standard (AES) Simplified.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.

Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.
Advanced Encryption Standard

Advanced Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.

Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption

Similar presentations

Ads by Google