[RC5] RC5 core questions

Bryan Talbot btalbot at ucsd.edu
Fri Jan 22 13:01:20 EST 1999

At 10:07 AM 1/22/99 -0800, you wrote:
>] 2. are there any statistics on how often you could expect the
>]    low 32 bits of the produced cyphertext to match the low 32
>]    bits of the expected result? eg: 50% of keys, 25%, 10% ... ?
>What I was wondering is if there are any pattern searches which I think
>might be more intersting.. if keys starting with containing certain values
>have a higher percantage of matching low 32 bits, and if so if those could
>be checked (Or if there any other patterns) I am no cryptoligist, that's for
>sure, but I'm still not convinced that the only way to break the rc5 is to
>check every possible key...

Well the whole point of a good encryption scheem is to avoid other possible
attacks such as this and force the best attack to be a brute force one.  If
a simple pattern matching attack would work, the encryption wouldn't be
worth a damn.

There may indeed be other ways to break rc5, but know one knows how to yet.
 If you come up with a way to easially decrypt a single message without the
key, you'll be famous ... and probably be able to solve every other
np-complete problem too!

>also, if every possible key is checked, can those keys be stored in a
>database, then retrieve later on?  How big would this database be?

Well think about it.  There are 2^64 possible keys by definition of rc5-64.
 Assume each key is only 1 byte: so, if you used tapes that stored say 1
Terrabyte (only 2^40) per tape you'd still need 2^24 = 16 million of those
tapes.  That would be a large robotic tape changer!

To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list