## A Description of the Rabbit Stream Cipher Algorithm

RFC 4503

Document | Type | RFC - Informational (May 2006; Errata) | |
---|---|---|---|

Last updated | 2015-10-14 | ||

Stream | ISE | ||

Formats | plain text pdf html bibtex | ||

Stream | ISE state | (None) | |

Consensus Boilerplate | Unknown | ||

Document shepherd | No shepherd assigned | ||

IESG | IESG state | RFC 4503 (Informational) | |

Telechat date | |||

Responsible AD | Russ Housley | ||

Send notices to | (None) |

Network Working Group M. Boesgaard Request for Comments: 4503 M. Vesterager Category: Informational E. Zenner Cryptico A/S May 2006 A Description of the Rabbit Stream Cipher Algorithm Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document describes the encryption algorithm Rabbit. It is a stream cipher algorithm with a 128-bit key and 64-bit initialization vector (IV). The method was published in 2003 and has been subject to public security and performance revision. Its high performance makes it particularly suited for the use with Internet protocols where large amounts of data have to be processed. Table of Contents 1. Introduction ....................................................2 2. Algorithm Description ...........................................2 2.1. Notation ...................................................2 2.2. Inner State ................................................3 2.3. Key Setup Scheme ...........................................3 2.4. IV Setup Scheme ............................................3 2.5. Counter System .............................................4 2.6. Next-State Function ........................................4 2.7. Extraction Scheme ..........................................5 2.8. Encryption/Decryption Scheme ...............................5 3. Security Considerations .........................................6 3.1. Message Length .............................................6 3.2. Initialization Vector ......................................6 4. Informative References ..........................................7 Appendix A: Test Vectors ...........................................8 A.1. Testing without IV Setup ...................................8 A.2. Testing with IV Setup ......................................8 Appendix B: Debugging Vectors ......................................9 Boesgaard, et al. Informational [Page 1] RFC 4503 Rabbit Encryption May 2006 B.1. Testing Round Function and Key Setup .......................9 B.2. Testing the IV setup ......................................10 1. Introduction Rabbit is a stream cipher algorithm that has been designed for high performance in software implementations. Both key setup and encryption are very fast, making the algorithm particularly suited for all applications where large amounts of data or large numbers of data packages have to be encrypted. Examples include, but are not limited to, server-side encryption, multimedia encryption, hard-disk encryption, and encryption on limited-resource devices. The cipher is based on ideas derived from the behavior of certain chaotic maps. These maps have been carefully discretized, resulting in a compact stream cipher. Rabbit has been openly published in 2003 [1] and has not displayed any weaknesses as of the time of this writing. To ensure ongoing security evaluation, it was also submitted to the ECRYPT eSTREAM project[2]. Technically, Rabbit consists of a pseudorandom bitstream generator that takes a 128-bit key and a 64-bit initialization vector (IV) as input and generates a stream of 128-bit blocks. Encryption is performed by combining this output with the message, using the exclusive-OR operation. Decryption is performed in exactly the same way as encryption. Further information about Rabbit, including reference implementation, test vectors, performance figures, and security white papers, is available from http://www.cryptico.com/. 2. Algorithm Description 2.1. Notation This document uses the following elementary operators: + integer addition. * integer multiplication. div integer division. mod integer modulus. ^ bitwise exclusive-OR operation. <<< left rotation operator. || concatenation operator. When labeling bits of a variable, A, the least significant bit is denoted by A[0]. The notation A[h..g] represents bits h through g of variable A, where h is more significant than g. Similar variables Boesgaard, et al. Informational [Page 2] RFC 4503 Rabbit Encryption May 2006 are labeled by A0,A1,... with the notation A(0),A(1),... being used to denote those same variables if this improves readability.Show full document text