RC6 is a symmetric key algorithm for block encryption designed by Ron Rivest in 1998, four years after the proposal of its predecessor, the RC5 encryption algorithm.
Although the high-level processing remains very similar to RC5, there are a few differences between the two algorithms, as outlined below:
RC6 | RC5 |
Uses four working registers to hold the input and output values, which greatly increases speed. | Uses two working registers to hold values. |
Consists of four primitive operations and their inverses: addition, multiplication, bitwise XOR, and circular shifts. | Consists of three primitive operations and their inverses: addition, bitwise XOR, and circular shifts. |
Inclusion of integer multiplication as an operation allows for lesser rounds and greater security. | There is a trade-off between speed and security, where greater rounds imply higher security but lower speed. |
Similar to RC5, RC6 is parameterized, word-oriented algorithm. Since it uses four registers, there is a four-word input (plaintext) and a four-word output (ciphertext), each of size
This is the word size in bits. As RC6 uses four-word inputs and outputs, the blocks are
This is the non-negative number of rounds. This parameter influences the size
This is the number of bytes in the secret key,
Given these parameters, the notation for the algorithm is as follows:
The proposed version of the algorithm was
RC6 uses four primitive operations and their inverses. These are:
Addition: This refers to the two's complement addition of words and is denoted by
Bitwise XOR: This is the bitwise exclusive-OR of words and is denoted by
Left rotation: This is the cyclic left rotation of words, denoted by
Integer multiplication: This refers to multiplication modulo
The RC6 algorithm consists of three main components, as mentioned:
Key expansion
Encryption
Decryption
Let us take a look at each of these in detail.
The key expansion algorithm is almost identical to RC5, except that it derives more words (four instead of two) from the secret key. This process is carried out over four steps, as detailed below:
RC6 uses two word-sized constants,
Where
The secret key array,
for i = b-1 to 0:L[i/u] = (L[i/u] <<< 8) + K[i]
Recall that
S[0] = Pfor i = 0 to t-1:S[i] = S[i-1] + Q
The last step of the key expansion algorithm involves mixing the provided secret key thrice over the arrays
i = 0j = 0do 3 * max(t, c) times:A = S[i] = (S[i] + A + B) <<< 3B = L[j] = (L[j] + A + B) <<< (A + B)i = (i + 1) % tj = (j + 1) % c
Now that we have the expanded key in the array
The final pseudocode is as follows:
B = B + S[0]D = D + S[1]for i = 1 to r:t = (B x (2 * B + 1)) <<< log(w)u = (D X (2 * D + 1)) <<< log(w)A = ((A ^ t) <<< u) + S[2 * i]C = ((C ^ u) <<< t) + S[2 * i + 1]A = B, B = C, C = D, D = AA = A + S[t - 2]C = C + S[t - 1]
At the end of
The diagram below illustrates the encryption process:
The pseudocode for the decryption algorithm is the exact reverse of the encryption algorithm, as shown:
C = C - S[t - 1]A = A - S[t - 2]for i = r to 1:A = D, D = C, C = B, D = Cu = (D X (2 * D + 1)) <<< log(w)t = (B x (2 * B + 1)) <<< log(w)C = ((C - S[2 * i + 1]) >>> t) ^ uA = ((A - S[2 * i]) >>> u) ^ tD = D - S[1]B = B - S[0]