# RC6: Wikis

Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

# Encyclopedia

General The Feistel function of the RC6 algorithm. Ron Rivest, Matt Robshaw, Ray Sidney, Yiqun Lisa Yin 1998 RC5 AES finalist 128, 192, or 256 bits 128 bits Feistel network 20

In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. The algorithm was one of the five finalists, and was also submitted to the NESSIE and CRYPTREC projects. It is a proprietary algorithm, patented by RSA Security.

RC6 proper has a block size of 128 bits and supports key sizes of 128, 192 and 256 bits, but, like RC5, it can be parameterised to support a wide variety of word-lengths, key sizes and number of rounds. RC6 is very similar to RC5 in structure, using data-dependent rotations, modular addition and XOR operations; in fact, RC6 could be viewed as interweaving two parallel RC5 encryption processes. However, RC6 does use an extra multiplication operation not present in RC5 in order to make the rotation dependent on every bit in a word, and not just the least significant few bits.

## Encryption/Decryption

```// Encryption/Decryption with RC6-w/r/b
//
// Input:   Plaintext stored in four w-bit input registers A, B, C & D
//    r is the number of rounds
//    w-bit round keys S[0, ... , 2r + 3]
//
// Output: Ciphertext stored in A, B, C, D
//
// '''Encryption Procedure:'''

B = B + S[0]
D = D + S[1]
for i = 1 to r do
{
t = (B*(2B + 1)) <<< lg w
u = (D*(2D + 1)) <<< lg w
A = ((A ^ t) <<< u) + S[2i]
C = ((C ^ u) <<< t) + S[2i + 1]
(A, B, C, D)  =  (B, C, D, A)

}
A = A + S[2r + 2]
C = C + S[2r + 3]

// '''Decryption Procedure:'''

C = C - S[2r + 3]
A = A - S[2r + 2]

for i = r downto 1 do
{
(A, B, C, D) = (D, A, B, C)
u = (D*(2D + 1)) <<< lg w
t = (B*(2B + 1)) <<< lg w
C = ((C - S[2i + 1]) >>> t) ^ u
A = ((A - S[2i]) >>> u) ^ t
}
D = D - S[1]
B = B - S[0]
```

## Licensing

As RC6 has not been selected for the AES, it is not guaranteed that RC6 is royalty-free. As of January 2007, a web page on the official web site of the designers of RC6, RSA Laboratories, states the following:

"We emphasize that if RC6 is selected for the AES, RSA Security will not require any licensing or royalty payments for products using the algorithm".

The emphasis on the word "if" suggests that RSA Security Inc. may now require licensing and royalty payments for any products using the RC6 algorithm. RC6 is a patented encryption algorithm (U.S. Patent 5,724,428 and U.S. Patent 5,835,600).

# Simple English

In cryptography, RC6 is a symmetric-key block cipher derived from RC5. RC6 is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. RC stands for "Rivest Cipher", or alternatively, "Ron's Code".

In 1997, the NIST announced for competition to choose a successor to Data Encryption Standard (DES) to be known as Advanced Encryption Standard (AES), RC6 was derived from RC5 to meet the competition requirements, and was selected as one of the five finalists of the Advanced Encryption Standard (AES) competition, but was not selected as a standard.

In order to provide varieties of security and efficiency levels; RC6 allows choices for the block size are 32 bits (for experimentation and evaluation purposes only), 64 bits (for use as a replacement for DES), and 128 bits (intended for AES). The number of rounds can range from 0 to 255, while the key sizes can range from 0 bits to 2040 bits in size. [1]

RC6 is very similar to RC5 in structure and could be viewed as interweaving two parallel RC5 encryption processes. However, RC6 does use an extra multiplication operation not present in RC5 and the use of four b/4-bit working registers (see splitting of plaintext blocks in feistel cipher) instead of two b/2-bit registers as in RC5 (b is the block size). Integer multiplication is used to increase the diffusion achieved per round so that fewer rounds are needed and the speed of the cipher can be increased.
The reason for using four working registers instead of two is mainly for Optimization on 32-bit CPUs. Namely, the default block size of RC5 was 64bit while the default block size of the AES is 128 bits, RC5 has only two working registers; it uses 32-bit operations when dealing with 64-bits blocks and 64-bit operations when dealing with 128-bits blocks, so four working registers are required to build the AES architecture using only 32-bit operations.[1]

RC6 is a proprietary and patented algorithm (by RSA Security U.S. Patent 5,724,428  and U.S. Patent 5,835,600 ), and may require licensing and royalty payments for any products using the algorithm.[1] It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin, and was also submitted to the NESSIE and CRYPTREC projects.

## References

1. 1.0 1.1 1.2 "What are RC5 and RC6". RSA Security. Retrieved 2008-11-12.