RC6. Marcel Felipe Weschenfelder

RC6 Marcel Felipe Weschenfelder

Introduction Operations Algorithm Performance Crypto analyse Highlight/lowlight Conclusion References Agenda

RC6 Introduction Designed by: Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin Symmetric key block cipher derived from RC5 First published: 1998 One of the five finalists of AES Also submitted to the NESSIE and CRYPTREC projects Proprietary algorithm, patented by RSA Security

RC6 Introduction Structure: Feistel network Block size of 128 bits Supports key sizes of 128, 192 and 256 bits Rounds: 20 Can be parameterized (RC6 w/r/b) to support a wide variety of word lengths, key sizes and number of rounds Similar to RC5: using data dependent rotations, modular addition and XOR operations Multiplication operation

Operations A + B : adição módulo 2 w A B : subtração módulo 2 w A x B : multiplicação módulo 2 w A B : ou exclusivo A <<< B : rotação circular de A para a esquerda de B bits A >>> B : rotação circular de A para a direita de B bits

Key schedule for RC6 w/r/b Input: User supplied b byte key preloaded into the c word array L[0,..., c 1] Number r of rounds Output: w bit round keys S[0,..., 2r + 3] Procedure: S[0] = B7E15163 for i = 1 to 2r + 3 do S[i] = S[i 1] + 9E3779B9 A = B = i = j = 0 v = 3 max{c, 2r + 4} for s = 1 to v do { A = S[i] = (S[i] + A + B)<<<3 B = L[j] = (L[j] + A + B)<<<(A + B) i = (i + 1) mod (2r + 4) j = (j + 1) mod c }

Encryption with RC6 w/r/b Input: Output: Plaintext stored in four w bit input registers A,B,C,D Number r of rounds w bit round keys S[0,..., 2r + 3] Cipher text stored in A,B,C,D Procedure: B = B + S[0] D = D + S[1] for i = 1 to r do { t = (B (2B + 1))<<<lg w u = (D (2D + 1))<<<lg w A = ((A t)<<<u) + S[2i] C = ((C u)<<<t) + S[2i + 1] (A,B,C,D) = (B,C,D,A) } A = A + S[2r + 2] C = C + S[2r + 3]

Decryption with RC6 w/r/b Input: Output: Cipher text stored in four w bit input registers A,B,C,D Number r of rounds w bit round keys S[0,..., 2r + 3] Plaintext stored in A,B,C,D Procedure: C = C S[2r + 3] A = A S[2r + 2] for i = r downto 1 do { (A,B,C,D) = (D, A,B,C) u = (D (2D + 1))<<<lg w t = (B (2B + 1))<<<lg w C = ((C S[2i + 1])>>>t) u A = ((A S[2i])>>>u) t } D = D S[1] B = B S[0]

Desempenho Implementações em linguagem C em computadores de 32 bits a 200MHz atingem velocidades na ordem de 5 Mbytes/sec

Desempenho

RC6 x Rijndael Thesamesecuritylevel Rijndael is more easy to implement in hardware Rijndael has better performance in a 8 bit processor RC6 small memory requirements Pentium II, Pentium Pro, Pentium III, and PowerPC. In C implementations, and handoptimized assembly on these processors, RC6 generally out performs Rijndael.

Criptoanálise

Criptoanálise

Criptoanálise CHAVE No known weaknesses No Known weak keys No known related key attacks Round keys appear to be a random function of the supplied key

Criptoanálise The more advanced attacks of differential and linear cryptanalysis, while being feasible on small round versions of the cipher, do not extend to attacking the full 20 round RC6 cipher.

Highlight Nenhuma fraqueza no design. Design simples Mais seguro contra criptoanalise que RC5 Mais veloz que RC5 Adequado para implementacoes em hardware e software

Lowlight On 8 bit processors, RC6 does not generally perform as well as some of the other AES finalists. The key schedule and the use of multiplication added some complexity to hardware implementations and impacted hardware performance pequena margem de segurança (com poucas rodadas)

Applications Best Crypto electronic data protection in smartphones. It provides you with a user friendly graphical interface for encrypting and decrypting your sensitive data. Encrypt Easy secure file encryption (67 encryption algorithms) program enabling fast and simple one click encryption. The program allows encryption and decryption of single files, folders and entire directory trees. Integrated with windows explorer.

References [An] Ron Rivest, Further notes on RC6, http://theory.lcs.mit.edu/~rivest/rc6 notes.txt Wikipedia May 2007 http://en.wikipedia.org/wiki/rc6 RC6 Block Cipher on RSA web page May 2007 http://www.rsa.com/rsalabs/node.asp?id=2512 The RC6 Block Cipher: A simple fast secure AES proposal http://csrc.nist.gov/encryption/aes/round1/conf1/rc6 slides.pdf S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.L. Yin. The security of RC6. August 20, 1998. Available at www.rsasecurity.com/rsalabs/aes/ Ronald R. Rives Home Page http://people.csail.mit.edu/rivest/ RC6 and the AES M.J.B. Robshaw 16d Stowe Rd, London, W12 8BN, UK. January 9, 2001