RFC 2040 (rfc2040) - Page 2 of 29
The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
Alternative Format: Original Text Document
RFC 2040 RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS October 1996
block. The RC5-CTS cipher is the Cipher Text Stealing mode of RC5,
which handles plaintext of any length and the ciphertext length
matches the plaintext length.
The RC5 cipher was invented by Professor Ronald L. Rivest of the
Massachusetts Institute of Technology in 1994. It is a very fast and
simple algorithm that is parameterized by the block size, the number
of rounds, and key length. These parameters can be adjusted to meet
different goals for security, performance, and exportability.
RSA Data Security Incorporated has filed a patent application on the
RC5 cipher and for trademark protection for RC5, RC5-CBC, RC5-CBC-
Pad, RC5-CTS and assorted variations.
2. Overview
This memo is a restatement of existing published material. The
description of RC5 follows the notation and order of explanation
found in the original RC5 paper by Professor Rivest [2]. The CBC
mode appears in reference works such as the one by Bruce Schneier
[6]. The CBC-Pad mode is the same as in the Public Key Cryptography
Standard (PKCS) number five [5]. Sample C code [8] is included for
clarity only and is equivalent to the English language descriptions.
The ciphers will be explained in a bottom up object-oriented fashion.
First, RC5 keys will be presented along with the key expansion
algorithm. Second, the RC5 block cipher is explained, and finally,
the RC5-CBC and RC5-CBC-Pad ciphers are specified. For brevity, only
the encryption process is described. Decryption is achieved by
inverting the steps of encryption.
The object-oriented description found here should make it easier to
implement interoperable systems, though it is not as terse as the
functional descriptions found in the references. There are two
classes of objects, keys and cipher algorithms. Both classes share
operations that create and destroy these objects in a manner that
ensures that secret information is not returned to the memory
manager.
Keys also have a "set" operation that copies a secret key into the
object. The "set" operation for the cipher objects defines the
number of rounds, and the initialization vector.
There are four operations for the cipher objects described in this
memo. There is binding a key to a cipher object, setting a new
initialization vector for a cipher object without changing the key,
encrypting part of a message (this would be performed multiple times
for long messages), and processing the last part of a message which
Baldwin & Rivest Informational