# RC5: Wikis

Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

# Encyclopedia

General One round (two half-rounds) of the RC5 block cipher Ron Rivest 1994 RC6, Akelarre 0 to 2040 bits (128 suggested) 32, 64 or 128 bits (64 suggested) Feistel-like network 1-255 (12 suggested originally) 12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts.[1]

In cryptography, RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994[2], RC stands for "Rivest Cipher", or alternatively, "Ron's Code" (compare RC2 and RC4). The Advanced Encryption Standard (AES) candidate RC6 was based on RC5.

## Description

Unlike many schemes, RC5 has a variable block size (32, 64 or 128 bits), key size (0 to 2040 bits) and number of rounds (0 to 255). The original suggested choice of parameters were a block size of 64 bits, a 128-bit key and 12 rounds.

A key feature of RC5 is the use of data-dependent rotations; one of the goals of RC5 was to prompt the study and evaluation of such operations as a cryptographic primitive. RC5 also consists of a number of modular additions and eXclusive OR (XOR)s. The general structure of the algorithm is a Feistel-like network. The encryption and decryption routines can be specified in a few lines of code. The key schedule, however, is more complex, expanding the key using an essentially one-way function with the binary expansions of both e and the golden ratio as sources of "nothing up my sleeve numbers". The tantalising simplicity of the algorithm together with the novelty of the data-dependent rotations has made RC5 an attractive object of study for cryptanalysts. The RC5 is basically denoted as RC5-w/r/b where w=word size in bits, r=number of rounds, b=number of 8-bit byte in the key.

## Cryptanalysis

12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts.[1] 18–20 rounds are suggested as sufficient protection.

RSA Security, which has a patent on the algorithm,[3] offered a series of US\$10,000 prizes for breaking ciphertexts encrypted with RC5, but these contests have been discontinued as of May 2007. A number of these challenge problems have been tackled using distributed computing, organised by Distributed.net. Distributed.net has brute-forced RC5 messages encrypted with 56- and 64-bit keys, and is working on cracking a 72-bit key; as of August 2009 0.64% of the keyspace have been searched. At the current rate, it will take approximately 660 years to test every possible remaining key, and thus guarantee completion of the project.[1]

## References

1. ^ a b Biryukov A. and Kushilevitz E. (1998). Improved Cryptanalysis of RC5. EUROCRYPT 1998.
2. ^ Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e. pp. 86–96.
3. ^ Rivest, R. L, "Block Encryption Algorithm With Data Dependent Rotation", U.S. Patent 5,724,428, issued on 3 March 1998.

# Simple English

In cryptography, RC5 is a simple symmetric-key block cipher. Designed by Ronald Rivest in 1994[1], RC5 is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. "RC" stands for "Rivest Cipher", or alternatively, "Ron's Code".

In order to provide varieties of security and efficiency levels; RC5 has a variable block size (32, 64 or 128 bits), variable key size (0 to 2040 bits) and variable number of rounds (0 to 255). The original suggested choice of parameters were a block size of 64 bits, a 128-bit key and 12 rounds.[1][2]

A key feature of RC5 is the use of data-dependent rotations; one of the goals of RC5 was to study and evaluate operations of block ciphers as a cryptographic primitive. RC5 also consists of a number of modular additions and eXclusive OR (Xor)s. The general structure of the algorithm is a Feistel-like network. The encryption and decryption routines can be specified in a few lines of code. The key schedule, however, is more complex, expanding the key using an essentially one-way function with the binary expansions of both e and the golden ratio as sources of "nothing up my sleeve numbers". The simplicity of the algorithm together with the novelty of the data-dependent rotations has made RC5 an attractive subject to study by cryptanalysts.

## Cryptanalysis

12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts.[3] 18–20 rounds are suggested as sufficient protection.

RSA Security, which has a patent on the algorithm,[4] offered a series of US\$10,000 prizes for breaking ciphertexts encrypted with RC5, but these contests have been discontinued as of May 2007. A number of these challenge problems have been tackled using distributed computing, organised by Distributed.net. Distributed.net has brute-forced RC5 messages encrypted with 56- and 64-bit keys, and now is working on cracking a 72-bit key. At the current rate (as of November 12, 2008), it will take approximately 1,000 years to test every possible key to complete the project.

## References

1. 1.0 1.1 Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e: 86–96.
2. "What are RC5 and RC6". RSA Security. Retrieved 2008-11-12.
3. Biryukov A. and Kushilevitz E. (1998). Improved Cryptanalysis of RC5. EUROCRYPT 1998.
4. Rivest, R. L, "Block Encryption Algorithm With Data Dependent Rotation", U.S. Patent 5,724,428 , issued on 3 March 1998.