[RC5] RC5 core questions

Chris Berry cberry at e-14.com
Fri Jan 22 18:35:04 EST 1999

John Girvin wrote:
> if you look at the source code to any of the RC5 cores for 32
> bit processors ( http://www.distributed.net/cores/ ) you will
> see that they work by encrypting the given plaintext with the
> key being tested, then comparing the cyphertext produced with
> the expected result 32 bits at a time (high 32 bits are only
> checked if the low 32 bits match).

That's not entirely true... 

> I was wondering:
> 1. is it possible and would there be any performance benefit
>    in implementing a core that *decrypts* the given contest
>    cyphertext with the key being tested and compares it to the
>    plaintext? I mean, is RC5 decryption any easier than RC5
>    encryption? Would this be compatible with the rest of the
>    client/network? Would it even work!?

In general, there is no difference in the speed of encryption
and the speed of decryption. There is at least one exception
to this, however. The RC5 algorithm uses the "ROTL" (or ROL,
to many people) instruction when encrypting the plaintext. The
ARM processor doesn't have a ROL instruction, but does have
a ROR (rotate right).

We gained an early speed increase by modifying the core to
decrypt the ciphertext (using ROR and subtract) rather than
encrypting the plaintext (which would have required (0-rotate
count), followed by ROR, followed by an add).

I don't think there are any other processors which have a ROR
but no ROL, but I could be wrong. Other than that, there's no
potential for speed increase through decryption.

> 2. are there any statistics on how often you could expect the
>    low 32 bits of the produced cyphertext to match the low 32
>    bits of the expected result? eg: 50% of keys, 25%, 10% ... ?

Not that I'm aware of. I presume you're hinting that there might
be an advantage to checking the high word before the low word.
I've got no proof, but my guess is that there'll be no difference
in the rate of matches.

> Just looking to squeeze more keys/s out of the cores :)

Aren't we all... :-)


To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list