The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
RFC 2040

Document Type RFC - Informational (October 1996; Errata)
Was draft-baldwin-rc5 (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text html pdf htmlized with errata bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2040 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         R. Baldwin
Request for Comments: 2040                       RSA Data Security, Inc.
Category: Informational                                        R. Rivest
                                     MIT Laboratory for Computer Science
                                             and RSA Data Security, Inc.
                                                            October 1996

         The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Acknowledgments

   We would like to thank Steve Dusse, Victor Chang, Tim Mathews, Brett
   Howard, and Burt Kaliski for helpful suggestions.

Table of Contents

     1.        Executive Summary .......................  1
     2.        Overview ................................  2
     3.        Terminology and Notation ................  3
     4.        Description of RC5 Keys .................  4
     5.        Description of RC5 Key Expansion ........  6
     6.        Description of RC5 Block Cipher ......... 10
     7.        Description of RC5-CBC and RC5-CBC-Pad .. 12
     8.        Description of RC5-CTS .................. 18
     9.        Test Program and Vectors ................ 19
     10.       Security Considerations ................. 26
     11.       ASN.1 Identifiers ....................... 28
     References ........................................ 28
     Authors' Addresses ................................ 29

1.  Executive Summary

   This document defines four ciphers with enough detail to ensure
   interoperability between different implementations.  The first cipher
   is the raw RC5 block cipher.  The RC5 cipher takes a fixed size input
   block and produces a fixed sized output block using a transformation
   that depends on a key.  The second cipher, RC5-CBC, is the Cipher
   Block Chaining (CBC) mode for RC5.  It can process messages whose
   length is a multiple of the RC5 block size.  The third cipher, RC5-
   CBC-Pad, handles plaintext of any length, though the ciphertext will
   be longer than the plaintext by at most the size of a single RC5

Baldwin & Rivest             Informational                      [Page 1]
RFC 2040         RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS     October 1996

   block.  The RC5-CTS cipher is the Cipher Text Stealing mode of RC5,
   which handles plaintext of any length and the ciphertext length
   matches the plaintext length.

   The RC5 cipher was invented by Professor Ronald L. Rivest of the
   Massachusetts Institute of Technology in 1994.  It is a very fast and
   simple algorithm that is parameterized by the block size, the number
   of rounds, and key length.  These parameters can be adjusted to meet
   different goals for security, performance, and exportability.

   RSA Data Security Incorporated has filed a patent application on the
   RC5 cipher and for trademark protection for RC5, RC5-CBC, RC5-CBC-
   Pad, RC5-CTS and assorted variations.

2.  Overview

   This memo is a restatement of existing published material.  The
   description of RC5 follows the notation and order of explanation
   found in the original RC5 paper by Professor Rivest [2].  The CBC
   mode appears in reference works such as the one by Bruce Schneier
   [6].  The CBC-Pad mode is the same as in the Public Key Cryptography
   Standard (PKCS) number five [5].  Sample C code [8] is included for
   clarity only and is equivalent to the English language descriptions.

   The ciphers will be explained in a bottom up object-oriented fashion.
   First, RC5 keys will be presented along with the key expansion
   algorithm.  Second, the RC5 block cipher is explained, and finally,
   the RC5-CBC and RC5-CBC-Pad ciphers are specified.  For brevity, only
   the encryption process is described.  Decryption is achieved by
   inverting the steps of encryption.

   The object-oriented description found here should make it easier to
   implement interoperable systems, though it is not as terse as the
   functional descriptions found in the references.  There are two
   classes of objects, keys and cipher algorithms.  Both classes share
   operations that create and destroy these objects in a manner that
   ensures that secret information is not returned to the memory
   manager.

   Keys also have a "set" operation that copies a secret key into the
   object.  The "set" operation for the cipher objects defines the
   number of rounds, and the initialization vector.

   There are four operations for the cipher objects described in this
   memo.  There is binding a key to a cipher object, setting a new
   initialization vector for a cipher object without changing the key,
   encrypting part of a message (this would be performed multiple times
   for long messages), and processing the last part of a message which
Show full document text