Network Working Group                                          R. Rivest
Request for Comments: 2268           MIT Laboratory for Computer Science
Category: Informational                      and RSA Data Security, Inc.
                                                              March 1998
        
Network Working Group                                          R. Rivest
Request for Comments: 2268           MIT Laboratory for Computer Science
Category: Informational                      and RSA Data Security, Inc.
                                                              March 1998
        

A Description of the RC2(r) Encryption Algorithm

RC2(r)加密算法的描述

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (1998). All Rights Reserved.

版权所有(C)互联网协会(1998年)。版权所有。

1. Introduction
1. 介绍

This memo is an RSA Laboratories Technical Note. It is meant for informational use by the Internet community.

本备忘录是RSA实验室的技术说明。它是为互联网社区提供信息而设计的。

This memo describes a conventional (secret-key) block encryption algorithm, called RC2, which may be considered as a proposal for a DES replacement. The input and output block sizes are 64 bits each. The key size is variable, from one byte up to 128 bytes, although the current implementation uses eight bytes.

本备忘录描述了一种称为RC2的传统(密钥)块加密算法,可将其视为DES替代方案。输入和输出块大小分别为64位。密钥大小是可变的,从一个字节到128个字节不等,尽管当前的实现使用八个字节。

The algorithm is designed to be easy to implement on 16-bit microprocessors. On an IBM AT, the encryption runs about twice as fast as DES (assuming that key expansion has been done).

该算法设计为易于在16位微处理器上实现。在IBMAT上,加密的运行速度大约是DES的两倍(假设密钥扩展已经完成)。

1.1 Algorithm description
1.1 算法描述

We use the term "word" to denote a 16-bit quantity. The symbol + will denote twos-complement addition. The symbol & will denote the bitwise "and" operation. The term XOR will denote the bitwise "exclusive-or" operation. The symbol ~ will denote bitwise complement. The symbol ^ will denote the exponentiation operation. The term MOD will denote the modulo operation.

我们使用术语“字”来表示16位量。符号+表示两个补码相加。符号&将表示按位“and”操作。术语XOR将表示按位“异或”操作。符号~表示按位补码。符号^表示求幂运算。术语MOD表示模运算。

There are three separate algorithms involved:

涉及三种不同的算法:

Key expansion. This takes a (variable-length) input key and produces an expanded key consisting of 64 words K[0],...,K[63].

键扩展。这将获取一个(可变长度)输入键,并生成一个由64个单词K[0],…,K[63]组成的扩展键。

Encryption. This takes a 64-bit input quantity stored in words R[0], ..., R[3] and encrypts it "in place" (the result is left in R[0], ..., R[3]).

加密。这将获取存储在字R[0]、…、R[3]中的64位输入量,并将其“就地”加密(结果保留在R[0]、…、R[3]中)。

Decryption. The inverse operation to encryption.

解密。与加密相反的操作。

2. Key expansion
2. 密钥扩展

Since we will be dealing with eight-bit byte operations as well as 16-bit word operations, we will use two alternative notations

因为我们将处理8位字节操作以及16位字操作,所以我们将使用两种可选的符号

for referring to the key buffer:

对于密钥缓冲区的引用:

For word operations, we will refer to the positions of the buffer as K[0], ..., K[63]; each K[i] is a 16-bit word.

对于字操作,我们将缓冲区的位置称为K[0],…,K[63];每个K[i]是一个16位字。

For byte operations, we will refer to the key buffer as L[0], ..., L[127]; each L[i] is an eight-bit byte.

对于字节操作,我们将密钥缓冲区称为L[0],…,L[127];每个L[i]是一个八位字节。

These are alternative views of the same data buffer. At all times it will be true that

这些是相同数据缓冲区的备选视图。在任何时候都是真的

K[i] = L[2*i] + 256*L[2*i+1].

K[i]=L[2*i]+256*L[2*i+1]。

(Note that the low-order byte of each K word is given before the high-order byte.)

(请注意,每个K字的低位字节在高位字节之前。)

We will assume that exactly T bytes of key are supplied, for some T in the range 1 <= T <= 128. (Our current implementation uses T = 8.) However, regardless of T, the algorithm has a maximum effective key length in bits, denoted T1. That is, the search space is 2^(8*T), or 2^T1, whichever is smaller.

我们将假设提供的密钥正好是T字节,对于范围1<=T<=128中的一些T。(我们当前的实现使用T=8。)然而,不管T如何,该算法都有一个最大有效密钥长度(以位为单位),表示为T1。也就是说,搜索空间为2^(8*T)或2^T1,以较小者为准。

The purpose of the key-expansion algorithm is to modify the key buffer so that each bit of the expanded key depends in a complicated way on every bit of the supplied input key.

密钥扩展算法的目的是修改密钥缓冲区,以便扩展密钥的每一位都以复杂的方式依赖于提供的输入密钥的每一位。

The key expansion algorithm begins by placing the supplied T-byte key into bytes L[0], ..., L[T-1] of the key buffer.

密钥扩展算法首先将提供的T字节密钥放入密钥缓冲区的字节L[0]、…、L[T-1]中。

The key expansion algorithm then computes the effective key length in bytes T8 and a mask TM based on the effective key length in bits T1. It uses the following operations:

然后,密钥扩展算法计算以字节T8为单位的有效密钥长度,并基于以比特T1为单位的有效密钥长度计算掩码TM。它使用以下操作:

   T8 = (T1+7)/8;
   TM = 255 MOD 2^(8 + T1 - 8*T8);
        
   T8 = (T1+7)/8;
   TM = 255 MOD 2^(8 + T1 - 8*T8);
        

Thus TM has its 8 - (8*T8 - T1) least significant bits set.

因此,TM具有其8-(8*T8-T1)最低有效位集。

For example, with an effective key length of 64 bits, T1 = 64, T8 = 8 and TM = 0xff. With an effective key length of 63 bits, T1 = 63, T8 = 8 and TM = 0x7f.

例如,有效密钥长度为64位时,T1=64、T8=8和TM=0xff。有效密钥长度为63位,T1=63、T8=8和TM=0x7f。

Here PITABLE[0], ..., PITABLE[255] is an array of "random" bytes based on the digits of PI = 3.14159... . More precisely, the array PITABLE is a random permutation of the values 0, ..., 255. Here is the PITABLE in hexadecimal notation:

这里的PITABLE[0],…,PITABLE[255]是一个基于PI=3.14159的数字的“随机”字节数组。更准确地说,数组PITABLE是值0、…、255的随机排列。以下是十六进制表示法中的PITABLE:

        0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
   00: d9 78 f9 c4 19 dd b5 ed 28 e9 fd 79 4a a0 d8 9d
   10: c6 7e 37 83 2b 76 53 8e 62 4c 64 88 44 8b fb a2
   20: 17 9a 59 f5 87 b3 4f 13 61 45 6d 8d 09 81 7d 32
   30: bd 8f 40 eb 86 b7 7b 0b f0 95 21 22 5c 6b 4e 82
   40: 54 d6 65 93 ce 60 b2 1c 73 56 c0 14 a7 8c f1 dc
   50: 12 75 ca 1f 3b be e4 d1 42 3d d4 30 a3 3c b6 26
   60: 6f bf 0e da 46 69 07 57 27 f2 1d 9b bc 94 43 03
   70: f8 11 c7 f6 90 ef 3e e7 06 c3 d5 2f c8 66 1e d7
   80: 08 e8 ea de 80 52 ee f7 84 aa 72 ac 35 4d 6a 2a
   90: 96 1a d2 71 5a 15 49 74 4b 9f d0 5e 04 18 a4 ec
   a0: c2 e0 41 6e 0f 51 cb cc 24 91 af 50 a1 f4 70 39
   b0: 99 7c 3a 85 23 b8 b4 7a fc 02 36 5b 25 55 97 31
   c0: 2d 5d fa 98 e3 8a 92 ae 05 df 29 10 67 6c ba c9
   d0: d3 00 e6 cf e1 9e a8 2c 63 16 01 3f 58 e2 89 a9
   e0: 0d 38 34 1b ab 33 ff b0 bb 48 0c 5f b9 b1 cd 2e
   f0: c5 f3 db 47 e5 a5 9c 77 0a a6 20 68 fe 7f c1 ad
        
        0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
   00: d9 78 f9 c4 19 dd b5 ed 28 e9 fd 79 4a a0 d8 9d
   10: c6 7e 37 83 2b 76 53 8e 62 4c 64 88 44 8b fb a2
   20: 17 9a 59 f5 87 b3 4f 13 61 45 6d 8d 09 81 7d 32
   30: bd 8f 40 eb 86 b7 7b 0b f0 95 21 22 5c 6b 4e 82
   40: 54 d6 65 93 ce 60 b2 1c 73 56 c0 14 a7 8c f1 dc
   50: 12 75 ca 1f 3b be e4 d1 42 3d d4 30 a3 3c b6 26
   60: 6f bf 0e da 46 69 07 57 27 f2 1d 9b bc 94 43 03
   70: f8 11 c7 f6 90 ef 3e e7 06 c3 d5 2f c8 66 1e d7
   80: 08 e8 ea de 80 52 ee f7 84 aa 72 ac 35 4d 6a 2a
   90: 96 1a d2 71 5a 15 49 74 4b 9f d0 5e 04 18 a4 ec
   a0: c2 e0 41 6e 0f 51 cb cc 24 91 af 50 a1 f4 70 39
   b0: 99 7c 3a 85 23 b8 b4 7a fc 02 36 5b 25 55 97 31
   c0: 2d 5d fa 98 e3 8a 92 ae 05 df 29 10 67 6c ba c9
   d0: d3 00 e6 cf e1 9e a8 2c 63 16 01 3f 58 e2 89 a9
   e0: 0d 38 34 1b ab 33 ff b0 bb 48 0c 5f b9 b1 cd 2e
   f0: c5 f3 db 47 e5 a5 9c 77 0a a6 20 68 fe 7f c1 ad
        

The key expansion operation consists of the following two loops and intermediate step:

钥匙扩展操作包括以下两个回路和中间步骤:

   for i = T, T+1, ..., 127 do
     L[i] = PITABLE[L[i-1] + L[i-T]];
        
   for i = T, T+1, ..., 127 do
     L[i] = PITABLE[L[i-1] + L[i-T]];
        

L[128-T8] = PITABLE[L[128-T8] & TM];

L[128-T8]=PITABLE[L[128-T8]&TM];

   for i = 127-T8, ..., 0 do
     L[i] = PITABLE[L[i+1] XOR L[i+T8]];
        
   for i = 127-T8, ..., 0 do
     L[i] = PITABLE[L[i+1] XOR L[i+T8]];
        

(In the first loop, the addition of L[i-1] and L[i-T] is performed modulo 256.)

(在第一个循环中,L[i-1]和L[i-T]的相加以256模进行。)

The "effective key" consists of the values L[128-T8],..., L[127]. The intermediate step's bitwise "and" operation reduces the search space for L[128-T8] so that the effective number of key bits is T1. The expanded key depends only on the effective key bits, regardless

“有效密钥”由值L[128-T8]、…、L[127]组成。中间步骤的按位“和”操作减少了L[128-T8]的搜索空间,因此有效的密钥位数为T1。扩展密钥仅取决于有效密钥位,而不考虑

of the supplied key K. Since the expanded key is not itself modified during encryption or decryption, as a pragmatic matter one can expand the key just once when encrypting or decrypting a large block of data.

由于扩展密钥本身在加密或解密过程中不会被修改,因此在加密或解密大数据块时,可以只扩展密钥一次。

3. Encryption algorithm
3. 加密算法

The encryption operation is defined in terms of primitive "mix" and "mash" operations.

加密操作是根据基本的“混合”和“混合”操作定义的。

Here the expression "x rol k" denotes the 16-bit word x rotated left by k bits, with the bits shifted out the top end entering the bottom end.

这里的表达式“x rol k”表示16位字x向左旋转k位,位从顶端移出,进入底端。

3.1 Mix up R[i]
3.1 混合R[i]

The primitive "Mix up R[i]" operation is defined as follows, where s[0] is 1, s[1] is 2, s[2] is 3, and s[3] is 5, and where the indices of the array R are always to be considered "modulo 4," so that R[i-1] refers to R[3] if i is 0 (these values are

原语“混合R[i]”操作定义如下,其中s[0]为1,s[1]为2,s[2]为3,s[3]为5,其中数组R的索引始终被视为“模4”,因此,如果i为0,R[i-1]指R[3](这些值为

"wrapped around" so that R always has a subscript in the range 0 to 3 inclusive):

“环绕”以使R始终具有范围为0到3(包括0到3)的下标:

   R[i] = R[i] + K[j] + (R[i-1] & R[i-2]) + ((~R[i-1]) & R[i-3]);
   j = j + 1;
   R[i] = R[i] rol s[i];
        
   R[i] = R[i] + K[j] + (R[i-1] & R[i-2]) + ((~R[i-1]) & R[i-3]);
   j = j + 1;
   R[i] = R[i] rol s[i];
        

In words: The next key word K[j] is added to R[i], and j is advanced. Then R[i-1] is used to create a "composite" word which is added to R[i]. The composite word is identical with R[i-2] in those positions where R[i-1] is one, and identical to R[i-3] in those positions where R[i-1] is zero. Then R[i] is rotated left by s[i] bits (bits rotated out the left end of R[i] are brought back in at the right). Here j is a "global" variable so that K[j] is always the first key word in the expanded key which has not yet been used in a "mix" operation.

换句话说:下一个关键字K[j]被添加到R[i],并且j是高级的。然后使用R[i-1]创建一个“复合”字,并将其添加到R[i]。复合词在R[i-1]为1的位置与R[i-2]相同,在R[i-1]为零的位置与R[i-3]相同。然后,R[i]向左旋转s[i]位(从R[i]左端旋转出来的位在右侧返回)。这里j是一个“全局”变量,因此K[j]始终是扩展键中尚未在“混合”操作中使用的第一个关键字。

3.2 Mixing round
3.2 混合

A "mixing round" consists of the following operations:

“混合轮”包括以下操作:

   Mix up R[0]
   Mix up R[1]
   Mix up R[2]
   Mix up R[3]
        
   Mix up R[0]
   Mix up R[1]
   Mix up R[2]
   Mix up R[3]
        
3.3 Mash R[i]
3.3 Mash R[i]

The primitive "Mash R[i]" operation is defined as follows (using the previous conventions regarding subscripts for R):

原语“Mash R[i]”操作的定义如下(使用先前关于R的下标的约定):

   R[i] = R[i] + K[R[i-1] & 63];
        
   R[i] = R[i] + K[R[i-1] & 63];
        

In words: R[i] is "mashed" by adding to it one of the words of the expanded key. The key word to be used is determined by looking at the low-order six bits of R[i-1], and using that as an index into the key array K.

换句话说:R[i]是通过添加扩展键的一个单词来“混合”的。要使用的关键字是通过查看R[i-1]的低阶六位来确定的,并将其用作关键字数组K的索引。

3.4 Mashing round
3.4 捣碎

A "mashing round" consists of:

“糖化圆”包括:

   Mash R[0]
   Mash R[1]
   Mash R[2]
   Mash R[3]
        
   Mash R[0]
   Mash R[1]
   Mash R[2]
   Mash R[3]
        
3.5 Encryption operation
3.5 加密操作

The entire encryption operation can now be described as follows. Here j is a global integer variable which is affected by the mixing operations.

整个加密操作现在可以描述如下。这里j是受混合操作影响的全局整数变量。

1. Initialize words R[0], ..., R[3] to contain the 64-bit input value.

1. 初始化字R[0]、…、R[3]以包含64位输入值。

2. Expand the key, so that words K[0], ..., K[63] become defined.

2. 展开键,以便定义单词K[0]、…、K[63]。

3. Initialize j to zero.

3. 将j初始化为零。

4. Perform five mixing rounds.

4. 进行五轮混合。

5. Perform one mashing round.

5. 进行一轮捣碎。

6. Perform six mixing rounds.

6. 进行六轮混合。

7. Perform one mashing round.

7. 进行一轮捣碎。

8. Perform five mixing rounds.

8. 进行五轮混合。

Note that each mixing round uses four key words, and that there are 16 mixing rounds altogether, so that each key word is used exactly

请注意,每个混合轮使用四个关键字,总共有16个混合轮,因此每个关键字的使用都是准确的

once in a mixing round. The mashing rounds will refer to up to eight of the key words in a data-dependent manner. (There may be repetitions, and the actual set of words referred to will vary from encryption to encryption.)

一轮搅拌一次。mashing轮次将以依赖于数据的方式引用最多8个关键字。(可能会有重复,所指的实际单词集会因加密而异。)

4. Decryption algorithm
4. 解密算法

The decryption operation is defined in terms of primitive operations that undo the "mix" and "mash" operations of the encryption algorithm. They are named "r-mix" and "r-mash" (r- denotes the reverse operation).

解密操作是根据原语操作定义的,原语操作撤消加密算法的“混合”和“混合”操作。它们被命名为“r-mix”和“r-mash”(r-表示反向操作)。

Here the expression "x ror k" denotes the 16-bit word x rotated right by k bits, with the bits shifted out the bottom end entering the top end.

这里的表达式“x ror k”表示16位字x向右旋转k位,位从下端移出,进入上端。

4.1 R-Mix up R[i]
4.1 R-混合R[i]

The primitive "R-Mix up R[i]" operation is defined as follows, where s[0] is 1, s[1] is 2, s[2] is 3, and s[3] is 5, and where the indices of the array R are always to be considered "modulo 4," so that R[i-1] refers to R[3] if i is 0 (these values are "wrapped around" so that R always has a subscript in the range 0 to 3 inclusive):

原语“R-Mix-up R[i]”操作定义如下,其中s[0]为1,s[1]为2,s[2]为3,s[3]为5,其中数组R的索引始终被视为“模4”,因此,如果i为0,则R[i-1]指R[3](这些值被“环绕”,以便R始终具有0到3范围内的下标):

   R[i] = R[i] ror s[i];
   R[i] = R[i] - K[j] - (R[i-1] & R[i-2]) - ((~R[i-1]) & R[i-3]);
   j = j - 1;
        
   R[i] = R[i] ror s[i];
   R[i] = R[i] - K[j] - (R[i-1] & R[i-2]) - ((~R[i-1]) & R[i-3]);
   j = j - 1;
        

In words: R[i] is rotated right by s[i] bits (bits rotated out the right end of R[i] are brought back in at the left). Here j is a "global" variable so that K[j] is always the key word with greatest index in the expanded key which has not yet been used in a "r-mix" operation. The key word K[j] is subtracted from R[i], and j is decremented. R[i-1] is used to create a "composite" word which is subtracted from R[i]. The composite word is identical with R[i-2] in those positions where R[i-1] is one, and identical to R[i-3] in those positions where R[i-1] is zero.

换句话说:R[i]向右旋转s[i]位(从R[i]右端旋转出来的位从左端返回)。这里j是一个“全局”变量,因此K[j]始终是扩展关键字中索引最大的关键字,该关键字尚未在“r-mix”操作中使用。从R[i]中减去关键字K[j],并递减j。R[i-1]用于创建一个从R[i]中减去的“复合”字。复合词在R[i-1]为1的位置与R[i-2]相同,在R[i-1]为零的位置与R[i-3]相同。

4.2 R-Mixing round
4.2 R混合轮

An "r-mixing round" consists of the following operations:

“r混合轮”包括以下操作:

   R-Mix up R[3]
   R-Mix up R[2]
   R-Mix up R[1]
   R-Mix up R[0]
        
   R-Mix up R[3]
   R-Mix up R[2]
   R-Mix up R[1]
   R-Mix up R[0]
        
4.3 R-Mash R[i]
4.3 R-Mash R[i]

The primitive "R-Mash R[i]" operation is defined as follows (using the previous conventions regarding subscripts for R):

原语“R-Mash R[i]”操作的定义如下(使用先前关于R的下标的约定):

   R[i] = R[i] - K[R[i-1] & 63];
        
   R[i] = R[i] - K[R[i-1] & 63];
        

In words: R[i] is "r-mashed" by subtracting from it one of the words of the expanded key. The key word to be used is determined by looking at the low-order six bits of R[i-1], and using that as an index into the key array K.

换句话说:R[i]是“R-mashed”,从中减去扩展键的一个单词。要使用的关键字是通过查看R[i-1]的低阶六位来确定的,并将其用作关键字数组K的索引。

4.4 R-Mashing round
4.4 R-糖化圆

An "r-mashing round" consists of:

“r-糖化圆”包括:

   R-Mash R[3]
   R-Mash R[2]
   R-Mash R[1]
   R-Mash R[0]
        
   R-Mash R[3]
   R-Mash R[2]
   R-Mash R[1]
   R-Mash R[0]
        
4.5 Decryption operation
4.5 解密操作

The entire decryption operation can now be described as follows. Here j is a global integer variable which is affected by the mixing operations.

现在可以如下描述整个解密操作。这里j是受混合操作影响的全局整数变量。

1. Initialize words R[0], ..., R[3] to contain the 64-bit ciphertext value.

1. 初始化字R[0]、…、R[3]以包含64位密文值。

2. Expand the key, so that words K[0], ..., K[63] become defined.

2. 展开键,以便定义单词K[0]、…、K[63]。

3. Initialize j to 63.

3. 将j初始化为63。

4. Perform five r-mixing rounds.

4. 进行五轮r混合。

5. Perform one r-mashing round.

5. 进行一轮r-mashing。

6. Perform six r-mixing rounds.

6. 进行六轮r混合。

7. Perform one r-mashing round.

7. 进行一轮r-mashing。

8. Perform five r-mixing rounds.

8. 进行五轮r混合。

5. Test vectors
5. 测试向量

Test vectors for encryption with RC2 are provided below.

下面提供了使用RC2加密的测试向量。

All quantities are given in hexadecimal notation.

所有数量均以十六进制表示。

Key length (bytes) = 8 Effective key length (bits) = 63 Key = 00000000 00000000 Plaintext = 00000000 00000000 Ciphertext = ebb773f9 93278eff

密钥长度(字节)=8有效密钥长度(位)=63密钥=00000000 00000000明文=00000000 00000000密文=ebb773f9 93278eff

Key length (bytes) = 8 Effective key length (bits) = 64 Key = ffffffff ffffffff Plaintext = ffffffff ffffffff Ciphertext = 278b27e4 2e2f0d49

密钥长度(字节)=8有效密钥长度(位)=64密钥=FFFFFFFFFF明文=FFFFFFFFFF密文=278b27e4 2e2f0d49

Key length (bytes) = 8 Effective key length (bits) = 64 Key = 30000000 00000000 Plaintext = 10000000 00000001 Ciphertext = 30649edf 9be7d2c2

密钥长度(字节)=8有效密钥长度(位)=64密钥=3000000000000明文=1000000000001密文=30649edf 9be7d2c2

Key length (bytes) = 1 Effective key length (bits) = 64 Key = 88 Plaintext = 00000000 00000000 Ciphertext = 61a8a244 adacccf0

密钥长度(字节)=1有效密钥长度(位)=64密钥=88明文=00000000 00000000密文=61a8a244 ADACCF0

Key length (bytes) = 7 Effective key length (bits) = 64 Key = 88bca90e 90875a Plaintext = 00000000 00000000 Ciphertext = 6ccf4308 974c267f

密钥长度(字节)=7有效密钥长度(位)=64密钥=88bca90e 90875a明文=00000000 00000000密文=6ccf4308 974c267f

Key length (bytes) = 16 Effective key length (bits) = 64 Key = 88bca90e 90875a7f 0f79c384 627bafb2 Plaintext = 00000000 00000000 Ciphertext = 1a807d27 2bbe5db1

密钥长度(字节)=16有效密钥长度(位)=64密钥=88bca90e 90875a7f 0f79c384 627bafb2明文=00000000 00000000密文=1a807d27 2bbe5db1

Key length (bytes) = 16 Effective key length (bits) = 128 Key = 88bca90e 90875a7f 0f79c384 627bafb2 Plaintext = 00000000 00000000 Ciphertext = 2269552a b0f85ca6

密钥长度(字节)=16有效密钥长度(位)=128密钥=88bca90e 90875a7f 0f79c384 627bafb2明文=00000000 00000000密文=2269552a b0f85ca6

Key length (bytes) = 33 Effective key length (bits) = 129 Key = 88bca90e 90875a7f 0f79c384 627bafb2 16f80a6f 85920584 c42fceb0 be255daf 1e

密钥长度(字节)=33有效密钥长度(位)=129密钥=88bca90e 90875a7f 0f79c384 627bafb2 16f80a6f 85920584 c42fceb0 be255daf 1e

Plaintext = 00000000 00000000 Ciphertext = 5b78d3a4 3dfff1f1

明文=00000000 00000000密文=5b78d3a4 3dfff1f1

6. RC2 Algorithm Object Identifier
6. RC2算法对象标识符

The Object Identifier for RC2 in cipher block chaining mode is

密码块链接模式下RC2的对象标识符为

   rc2CBC OBJECT IDENTIFIER
     ::= {iso(1) member-body(2) US(840) rsadsi(113549)
          encryptionAlgorithm(3) 2}
        
   rc2CBC OBJECT IDENTIFIER
     ::= {iso(1) member-body(2) US(840) rsadsi(113549)
          encryptionAlgorithm(3) 2}
        

RC2-CBC takes parameters

RC2-CBC采用参数

   RC2-CBCParameter ::= CHOICE {
     iv IV,
     params SEQUENCE {
       version RC2Version,
       iv IV
     }
   }
        
   RC2-CBCParameter ::= CHOICE {
     iv IV,
     params SEQUENCE {
       version RC2Version,
       iv IV
     }
   }
        

where

哪里

   IV ::= OCTET STRING -- 8 octets
   RC2Version ::= INTEGER -- 1-1024
        
   IV ::= OCTET STRING -- 8 octets
   RC2Version ::= INTEGER -- 1-1024
        

RC2 in CBC mode has two parameters: an 8-byte initialization vector (IV) and a version number in the range 1-1024 which specifies in a roundabout manner the number of effective key bits to be used for the RC2 encryption/decryption.

CBC模式下的RC2有两个参数:一个8字节的初始化向量(IV)和一个1-1024范围内的版本号,该版本号以迂回的方式指定用于RC2加密/解密的有效密钥位数。

The correspondence between effective key bits and version number is as follows:

有效密钥位与版本号的对应关系如下:

1. If the number EKB of effective key bits is in the range 1-255, then the version number is given by Table[EKB], where the 256-byte translation table Table[] is specified below. Table[] specifies a permutation on the numbers 0-255; note that it is not the same table that appears in the key expansion phase of RC2.

1. 如果有效密钥位的数量EKB在1-255范围内,则版本号由表[EKB]给出,其中256字节翻译表[]在下面指定。表[]指定了数字0-255的排列;请注意,它与RC2的密钥扩展阶段中显示的表不同。

2. If the number EKB of effective key bits is in the range 256-1024, then the version number is simply EKB.

2. 如果有效密钥位的EKB数在256-1024范围内,则版本号仅为EKB。

The default number of effective key bits for RC2 is 32. If RC2-CBC is being performed with 32 effective key bits, the parameters should be supplied as a simple IV, rather than as a SEQUENCE containing a version and an IV.

RC2的默认有效密钥位数为32。如果使用32个有效密钥位执行RC2-CBC,则参数应作为简单IV提供,而不是作为包含版本和IV的序列提供。

0 1 2 3 4 5 6 7 8 9 a b c d e f

01 2 3 4 5 6 7 8 9 a b c d e f

   00: bd 56 ea f2 a2 f1 ac 2a b0 93 d1 9c 1b 33 fd d0
   10: 30 04 b6 dc 7d df 32 4b f7 cb 45 9b 31 bb 21 5a
   20: 41 9f e1 d9 4a 4d 9e da a0 68 2c c3 27 5f 80 36
   30: 3e ee fb 95 1a fe ce a8 34 a9 13 f0 a6 3f d8 0c
   40: 78 24 af 23 52 c1 67 17 f5 66 90 e7 e8 07 b8 60
   50: 48 e6 1e 53 f3 92 a4 72 8c 08 15 6e 86 00 84 fa
   60: f4 7f 8a 42 19 f6 db cd 14 8d 50 12 ba 3c 06 4e
   70: ec b3 35 11 a1 88 8e 2b 94 99 b7 71 74 d3 e4 bf
   80: 3a de 96 0e bc 0a ed 77 fc 37 6b 03 79 89 62 c6
   90: d7 c0 d2 7c 6a 8b 22 a3 5b 05 5d 02 75 d5 61 e3
   a0: 18 8f 55 51 ad 1f 0b 5e 85 e5 c2 57 63 ca 3d 6c
   b0: b4 c5 cc 70 b2 91 59 0d 47 20 c8 4f 58 e0 01 e2
   c0: 16 38 c4 6f 3b 0f 65 46 be 7e 2d 7b 82 f9 40 b5
   d0: 1d 73 f8 eb 26 c7 87 97 25 54 b1 28 aa 98 9d a5
   e0: 64 6d 7a d4 10 81 44 ef 49 d6 ae 2e dd 76 5c 2f
   f0: a7 1c c9 09 69 9a 83 cf 29 39 b9 e9 4c ff 43 ab
        
   00: bd 56 ea f2 a2 f1 ac 2a b0 93 d1 9c 1b 33 fd d0
   10: 30 04 b6 dc 7d df 32 4b f7 cb 45 9b 31 bb 21 5a
   20: 41 9f e1 d9 4a 4d 9e da a0 68 2c c3 27 5f 80 36
   30: 3e ee fb 95 1a fe ce a8 34 a9 13 f0 a6 3f d8 0c
   40: 78 24 af 23 52 c1 67 17 f5 66 90 e7 e8 07 b8 60
   50: 48 e6 1e 53 f3 92 a4 72 8c 08 15 6e 86 00 84 fa
   60: f4 7f 8a 42 19 f6 db cd 14 8d 50 12 ba 3c 06 4e
   70: ec b3 35 11 a1 88 8e 2b 94 99 b7 71 74 d3 e4 bf
   80: 3a de 96 0e bc 0a ed 77 fc 37 6b 03 79 89 62 c6
   90: d7 c0 d2 7c 6a 8b 22 a3 5b 05 5d 02 75 d5 61 e3
   a0: 18 8f 55 51 ad 1f 0b 5e 85 e5 c2 57 63 ca 3d 6c
   b0: b4 c5 cc 70 b2 91 59 0d 47 20 c8 4f 58 e0 01 e2
   c0: 16 38 c4 6f 3b 0f 65 46 be 7e 2d 7b 82 f9 40 b5
   d0: 1d 73 f8 eb 26 c7 87 97 25 54 b1 28 aa 98 9d a5
   e0: 64 6d 7a d4 10 81 44 ef 49 d6 ae 2e dd 76 5c 2f
   f0: a7 1c c9 09 69 9a 83 cf 29 39 b9 e9 4c ff 43 ab
        

A. Intellectual Property Notice

A.知识产权公告

RC2 is a registered trademark of RSA Data Security, Inc. RSA's copyrighted RC2 software is available under license from RSA Data Security, Inc.

RC2是RSA Data Security,Inc.的注册商标。RSA受版权保护的RC2软件在RSA Data Security,Inc.的许可下可用。

B. Author's Address

B.作者地址

Ron Rivest RSA Laboratories 100 Marine Parkway, #500 Redwood City, CA 94065 USA

Ron Rivest RSA Laboratories美国加利福尼亚州红木市500号海洋公园路100号,邮编94065

Phone: (650) 595-7703 EMail: rsa-labs@rsa.com

电话:(650)595-7703电子邮件:rsa-labs@rsa.com

C. Full Copyright Statement

C.完整的版权声明

Copyright (C) The Internet Society (1998). All Rights Reserved.

版权所有(C)互联网协会(1998年)。版权所有。

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.

上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。