RC6. Marcel Felipe Weschenfelder

Size: px

Start display at page:

Download "RC6. Marcel Felipe Weschenfelder"

Andra Stephens
8 years ago
Views:

1 RC6 Marcel Felipe Weschenfelder

2 Introduction Operations Algorithm Performance Crypto analyse Highlight/lowlight Conclusion References Agenda

3 RC6 Introduction Designed by: Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin Symmetric key block cipher derived from RC5 First published: 1998 One of the five finalists of AES Also submitted to the NESSIE and CRYPTREC projects Proprietary algorithm, patented by RSA Security

published: 1998 One of the five finalists of AES Also submitted to the

4 RC6 Introduction Structure: Feistel network Block size of 128 bits Supports key sizes of 128, 192 and 256 bits Rounds: 20 Can be parameterized (RC6 w/r/b) to support a wide variety of word lengths, key sizes and number of rounds Similar to RC5: using data dependent rotations, modular addition and XOR operations Multiplication operation

support a wide variety of word lengths, key sizes and number of rounds Similar to

5 Operations A + B : adição módulo 2 w A B : subtração módulo 2 w A x B : multiplicação módulo 2 w A B : ou exclusivo A <<< B : rotação circular de A para a esquerda de B bits A >>> B : rotação circular de A para a direita de B bits

6 Key schedule for RC6 w/r/b Input: User supplied b byte key preloaded into the c word array L[0,..., c 1] Number r of rounds Output: w bit round keys S[0,..., 2r + 3] Procedure: S[0] = B7E15163 for i = 1 to 2r + 3 do S[i] = S[i 1] + 9E3779B9 A = B = i = j = 0 v = 3 max{c, 2r + 4} for s = 1 to v do { A = S[i] = (S[i] + A + B)<<<3 B = L[j] = (L[j] + A + B)<<<(A + B) i = (i + 1) mod (2r + 4) j = (j + 1) mod c }

.., 2r + 3] Procedure: S[0] = B7E15163 for i = 1 to 2r + 3 do S[i] = S[i 1] + 9E3779B9 A = B = i = j =

7 Encryption with RC6 w/r/b Input: Output: Plaintext stored in four w bit input registers A,B,C,D Number r of rounds w bit round keys S[0,..., 2r + 3] Cipher text stored in A,B,C,D Procedure: B = B + S[0] D = D + S[1] for i = 1 to r do { t = (B (2B + 1))<<<lg w u = (D (2D + 1))<<<lg w A = ((A t)<<<u) + S[2i] C = ((C u)<<<t) + S[2i + 1] (A,B,C,D) = (B,C,D,A) } A = A + S[2r + 2] C = C + S[2r + 3]

.., 2r + 3] Cipher text stored in A,B,C,D Procedure: B = B + S[0] D = D + S[1] for i = 1 to r do {

9 Decryption with RC6 w/r/b Input: Output: Cipher text stored in four w bit input registers A,B,C,D Number r of rounds w bit round keys S[0,..., 2r + 3] Plaintext stored in A,B,C,D Procedure: C = C S[2r + 3] A = A S[2r + 2] for i = r downto 1 do { (A,B,C,D) = (D, A,B,C) u = (D (2D + 1))<<<lg w t = (B (2B + 1))<<<lg w C = ((C S[2i + 1])>>>t) u A = ((A S[2i])>>>u) t } D = D S[1] B = B S[0]

.., 2r + 3] Plaintext stored in A,B,C,D Procedure: C = C S[2r + 3] A = A S[2r + 2] for i = r

10 Desempenho Implementações em linguagem C em computadores de 32 bits a 200MHz atingem velocidades na ordem de 5 Mbytes/sec

11 Desempenho

12 RC6 x Rijndael Thesamesecuritylevel Rijndael is more easy to implement in hardware Rijndael has better performance in a 8 bit processor RC6 small memory requirements Pentium II, Pentium Pro, Pentium III, and PowerPC. In C implementations, and handoptimized assembly on these processors, RC6 generally out performs Rijndael.

requirements Pentium II, Pentium Pro, Pentium III, and PowerPC.

13 Criptoanálise

14 Criptoanálise

15 Criptoanálise CHAVE No known weaknesses No Known weak keys No known related key attacks Round keys appear to be a random function of the supplied key

16 Criptoanálise The more advanced attacks of differential and linear cryptanalysis, while being feasible on small round versions of the cipher, do not extend to attacking the full 20 round RC6 cipher.

17 Highlight Nenhuma fraqueza no design. Design simples Mais seguro contra criptoanalise que RC5 Mais veloz que RC5 Adequado para implementacoes em hardware e software

18 Lowlight On 8 bit processors, RC6 does not generally perform as well as some of the other AES finalists. The key schedule and the use of multiplication added some complexity to hardware implementations and impacted hardware performance pequena margem de segurança (com poucas rodadas)

The key schedule and the use of multiplication added some complexity

19 Applications Best Crypto electronic data protection in smartphones. It provides you with a user friendly graphical interface for encrypting and decrypting your sensitive data. Encrypt Easy secure file encryption (67 encryption algorithms) program enabling fast and simple one click encryption. The program allows encryption and decryption of single files, folders and entire directory trees. Integrated with windows explorer.

Encrypt Easy secure file encryption (67 encryption algorithms) program enabling fast and simple one click

20 References [An] Ron Rivest, Further notes on RC6, notes.txt Wikipedia May RC6 Block Cipher on RSA web page May The RC6 Block Cipher: A simple fast secure AES proposal slides.pdf S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.L. Yin. The security of RC6. August 20, Available at Ronald R. Rives Home Page RC6 and the AES M.J.B. Robshaw 16d Stowe Rd, London, W12 8BN, UK. January 9, 2001

id=2512 The RC6 Block Cipher: A simple fast secure AES proposal http://csrc.nist.gov/encryption/aes/round1/conf1/rc6 slides.pdf S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Secret Key Cryptography (I) 1 Introductory Remarks Roadmap Feistel Cipher DES AES Introduction