Dismiss
There will be a system update on Friday, May 5th, 6 PM ET. You may experience a brief service interruption.
Browse Prior Art Database

A Description of the RC2(r) Encryption Algorithm (RFC2268)

IP.com Disclosure Number: IPCOM000002828D
Original Publication Date: 1998-Mar-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 9 page(s) / 17K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Rivest: AUTHOR

Abstract

This memo is an RSA Laboratories Technical Note. It is meant for informational use by the Internet community.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 17% of the total text.

Network Working Group R. Rivest

Request for Comments: 2268 MIT Laboratory for Computer Science

Category: Informational and RSA Data Security, Inc.

March 1998

A Description of the RC2(r) Encryption Algorithm

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

1. Introduction

This memo is an RSA Laboratories Technical Note. It is meant for

informational use by the Internet community.

This memo describes a conventional (secret-key) block encryption

algorithm, called RC2, which may be considered as a proposal for a

DES replacement. The input and output block sizes are 64 bits each.

The key size is variable, from one byte up to 128 bytes, although the

current implementation uses eight bytes.

The algorithm is designed to be easy to implement on 16-bit

microprocessors. On an IBM AT, the encryption runs about twice as

fast as DES (assuming that key expansion has been done).

1.1 Algorithm description

We use the term "word" to denote a 16-bit quantity. The symbol + will

denote twos-complement addition. The symbol & will denote the bitwise

"and" operation. The term XOR will denote the bitwise "exclusive-or"

operation. The symbol ~ will denote bitwise complement. The symbol ^

will denote the exponentiation operation. The term MOD will denote

the modulo operation.

There are three separate algorithms involved:

Key expansion. This takes a (variable-length) input key and

produces an expanded key consisting of 64 words K[0],...,K[63].

Encryption. This takes a 64-bit input quantity stored in words

R[0], ..., R[3] and encrypts it "in place" (the result is left in

R[0], ..., R[3]).

Decryption. The inverse operation to encryption.

2. Key expansion

Since we will be dealing with eight-bit byte operations as well as

16-bit word operations, we will use two alternative notations

for referring to the key buffer:

For word operations, we will refer to the positions of the

buffer as K[0], ..., K[63]; each K[i] is a 16-bit word.

For byte operations, we will refer to the key buffer as

L[0], ..., L[127]; each L[i] is an eight-bit byte.

These are alternative views of the same data buffer. At all times it

will be true that

K[i] = L[2*i] + 256*L[2*i+1].

(Note that the low-order byte of each K word is given before the

high-order byte.)

We will assume that exactly T bytes of key are supplied, for some T

in the range 1 <= T <= 128. (Our current implementation uses T = 8.)

However, regardless of T, the algorithm has a maximum effective key

length in bits, denoted T1. That is, the search space is 2^(8*...