This paper introduces an Improved RC6 (IRC6) cipher for data encryption based on data-dependent rotations. The proposed scheme is designed with the potential of meeting the needs of the Advanced Encryption Standard (AES). Four parameters are used to characterize the proposed scheme. These parameters are the size of the word (
Security is the process of protecting data from unwanted behavior. Security can be achieved through security services that satisfy integrity, availability, and confidentiality. Encrypting of data is the operation of substitution or scrambling of the data through a computer system or any communication system. Later, authorized parties may reverse the process to reconstruct and reveal the original data [
Some of the almost widely used traditional ciphers involve RC5 [
The proposal introduces a data encryption algorithm based on data-dependent rotations (IRC6). Unlike RC6, the proposed IRC6 relies on four variables.
These proposed modifications offer the advantages of enhancing the number of rotations for each round and utilizing further data bits to evaluate the number of rotations for each round. Therefore, integer multiplication can be considered as an effective diffusion primitive and can be utilized to calculate the number of rotations in the proposed IRC6. Consequently, the proposed IRC6 shows an increase in the diffusion spread compared with all other block ciphers. In addition, the IRC6 can run with less rounds with an efficient increase in security and throughput.
The work presented in this paper offers several significant contributions to the security field as follows:
A detailed survey of the RC6 encryption algorithm is presented. It is noticed that RC6 cannot provide full confusion and diffusion properties to the encrypted data. A proposed cipher (IRC6), which is an advanced version of RC6, is introduced. This cipher has a variable block length, which makes it more flexible. The proposed algorithm achieves full diffusion and confusion, and it is divided into two parts. The first one is the PXB network, which mixes the bytes of the data. If there are any small changes in the plaintext, they result in changes in all bytes of the ciphertext, and these changes are magnified in the cipher, resulting in full diffusion and confusion properties regardless of the block size. The proposed cipher has good flexibility and effectiveness. This appears in the variable block size and the high throughput. A good comparative analysis is introduced. This is achieved by performing a comparison of the proposed algorithm with RC6 for theoretical attacks.
The rest of the paper is organized as follows. Section 2 provides the RC6 literature overview. Section 3 presents the functional and design parameters of the proposed IRC6. Section 4 explores the architecture of the proposed IRC6. The implementation issues are given in Section 5. Section 6 introduces theoretical attacks on the proposed IRC6 cipher. A comparative analysis of the proposed IRC6 and the state-of-the-art RC6 is introduced in Section 7. The conclusion is given in Section 8.
The RC6 is characterized as an encryption algorithm that belongs to the fully-parameterized family [
Parameter | Definition | Values |
---|---|---|
The size of the word in bits | 16, 32, 64 | |
Rounds number | 1, 2, 3,…, 255 | |
Secret key length in bytes | 1, 2, 3,…, 255 |
The key schedule routine extends the secret key
cc = max (
The RC6 encryption is explored and detailed as follows. It is assumed that the input block is provided to the four ww-bit registers
The RC6 decryption process can be easily derived from the RC6 encryption process [
The IRC6 consists of two parts, the cipher algorithm and the Permuted-XORed Bytes Network (PXB).
Similar to RC5 and RC6 ciphers, the IRC6 is a family of fully-parameterized cryptographic algorithms. The proposed IRC6 is more precisely designated as IRC6-
The second IRC6 design parameter is the number of rounds
The IRC6 third design parameter is the secret key length determined by
Block size is the fourth design parameter of IRC6. The variable block size comes from using a variable number of registers in the encryption/decryption process, unlike RC6, resulting in more flexibility. The test results show that with the increase in the number of working registers, the security and throughput are improved, and the dependency between the data increases.
The proposed IRC6-
Operation | Function |
---|---|
Addition of two’s complement words | |
Subtraction of two’s complement words | |
Exclusive-OR with bit-wise words | |
Word A left cyclic rotation by |
|
Word A right cyclic rotation by |
|
The integer multiplication modulo 2 |
The Permuted–XORed Bytes (PXB) is the network of substitution-transposition that is responsible for providing the confusion/diffusion mechanism of the IRC6. The proposed PXB is utilized to increase the confusion/diffusion characteristics of IRC6 by mixing bytes of data. First, the XOR chain operations are performed between the plaintext bytes.
The IRC6 algorithm, likes RC6, has three processes: the key expansion process, the encryption processes, and the decryption processes. These processes are shown in the following subsections.
In the encryption process, the plaintext is firstly processed by PXB, and then it is delivered to the IRC6 cipher. The IRC6 has
The pseudo-code of the encryption with IRC6-
for
begin
end
for
begin
end
end;
The pseudo-code of the decryption of IRC6-
The main schedule of IRC6 is substantially the same as the main key schedule of RC5 and RC6, using the magic constants
If the block size is large, i.e., (
The key re-usage function is used to update table
And in the decryption process:
The IRC6-
For the previous block cipher and the modified cipher, the selected transform is the left rotation by the function
Another issue is that in the decryption process, the key must be prepared first before beginning the decryption process by applying the key re-usage function of the encryption process along the length of the ciphertext to get the value of
The brute-force attack is the most commonly employed for IRC6 cryptographic analysis via searching the encryption key space for the
A desirable property of the proposed encryption system is that it is susceptible to small changes in plaintext (just one plaintext bit changes). Usually, the other party can make minor changes, like changing just only 1 byte of the source plaintext and notifying the result modification. Through this technique, one can figure out a meaningful relationship between plaintext and ciphertext. However, this attack would be practically useless and inefficient if the ciphertext could be changed drastically due to minor changes in the plaintext [
In Shannon’s original definitions, confusion means complicating the relationship between the key and the ciphertext. The main purpose of the confusion is to make the key hard to be determined, even when there are many plaintext-ciphertext pairs generated with the same key. So, each ciphertext bit has to depend differently on the whole key and the other bits in the key. Specifically, if we change just one key bit, the ciphertext must be changed completely [
In the IRC6 cryptosystem, due to PXB and the variable working registers (m), one can encrypt a huge amount of data (ex: 1GB) by processing the data with the PXB network, and then dividing it into m working registers. These registers are all encrypted with each other in each round, giving a complete self-diffusion mechanism. Furthermore, the key re-usage function can generate new values of keys in the encryption/decryption processes, resulting in full dependence of the data on the key.
A comparative analysis is held between IRC6 and RC6 to assess the encryption/decryption procedures. The effect of the number of rounds on the encryption quality is investigated for IRC6 and compared with that on RC6 in different modes of operation at
Let The best result of IRC6 is at Comparing these results with those of RC6, one can see that with only two rounds of IRC6, the encryption quality is better than that of RC6.
Encryption quality | RC632/20/16 ECB | RC632/20/16 CBC | RC632/20/16 OFB |
---|---|---|---|
733.9219 | 734.4706 | 735.1059 |
The encryption/decryption throughput (Th) can be estimated as the encryption or decryption amount of data per time unit (MB/Sec). In addition, the throughput normalization is tested on data with a size of 64 KB and computed for RC6-32/20/16 and IRC6-32/2/16/64 K. The results show that IRC6 takes only 30% of the encryption time of RC6, but in decryption, the percentage is increased to 36% of the decryption time of RC6. This is attributed to the key preparation process before decryption.
The diffusion of an algorithm can be tested by two factors: the Number of Pixels Changing Rate (NPCR) and the Unified Average Change Intensity (UACI) [
The UACI can be computed as:
The best mode that makes the most significant diffusion in RC6 is the CBC mode. The IRC6 has the best results compared to all other RC6 modes.
IRC6-32/2/16/64 K | RC6-32/20/16 ECB | RC6-32/20/16 CBC | RC6-32/20/16 OFB | |
---|---|---|---|---|
NPCR | 99.62% | 0.0244% | 96.0678% | 0.0015% |
UACI | 16.7% | 0.0024% | 16.1227% | 0% |
We have tested the confusion by ciphering a 64 KB plaintext with two different keys. The first is key1 = ‘0000000000000000’16 and the second is key2 = ‘0000000000000001’16. The correlation between these two ciphers is calculated. For IRC6-32/2/16/64 K, the correlation is −0.0013 indicating a high deviation between these two ciphers due to a one-bit change in the key.
This paper introduced an IRC6, which is considered as an improved extension of RC5 and RC6 ciphers. Its salient feature is the utilization of a variable number of working registers instead of constant four registers in the RC6 round resulting in varying plaintext/ciphertext block size resulting and more flexibility. The processes of IRC6 include encryption, decryption and key expansion. Experiments have been conducted to demonstrate that the proposed encryption algorithm is robust against theoretical attacks. Furthermore, the IRC6 is verified as a full diffusion/confusion mechanism regardless of the block size. Finally, the comparative analysis for the IRC6 was considered, and its results were compared to those of RC6. The obtained results demonstrate that IRC6 has less encryption/decryption times and higher throughput compared to RC6 in other modes of operation. Using this architecture, the IRC6 w/r/b/L provides a compact, simple, and dynamic block cipher that satisfies the Advanced Encryption Standard and the computer security developers’ goals.
The authors would like to thank the Deanship of Scientific Research, Taif University Researchers Supporting Project number (TURSP-2020/08), Taif University, Taif, Saudi Arabia for supporting this research work.