The MIX transformation of RC2; four of these comprise a MIXING round
|First published||leaked in 1996, designed in 1987|
|Key sizes||8–1024 bits, in steps of 8 bits; default 64 bits|
|Block sizes||64 bits|
|Structure||Source-heavy unbalanced Feistel network|
|Rounds||16 of type MIXING, 2 of type MASHING|
|Best public cryptanalysis|
|A related-key attack is possible requiring 234 chosen plaintexts (Kelsey et al., 1997).|
In cryptography, RC2 (also known as ARC2) is a symmetric-key block cipher designed by Ron Rivest in 1987. "RC" stands for "Ron's Code" or "Rivest Cipher"; other ciphers designed by Rivest include RC4, RC5, and RC6.
The development of RC2 was sponsored by Lotus, who were seeking a custom cipher that, after evaluation by the NSA, could be exported as part of their Lotus Notes software. The NSA suggested a couple of changes, which Rivest incorporated. After further negotiations, the cipher was approved for export in 1989. Along with RC4, RC2 with a 40-bit key size was treated favourably under US export regulations for cryptography.
Initially, the details of the algorithm were kept secret — proprietary to RSA Security — but on 29 January 1996, source code for RC2 was anonymously posted to the Internet on the Usenet forum, sci.crypt. Mentions of CodeView and SoftICE (popular debuggers) suggest that it had been reverse engineered. A similar disclosure had occurred earlier with RC4.
In March 1998 Ron Rivest authored an RFC publicly describing RC2 himself.
RC2 is a 64-bit block cipher with a variable size key. Its 18 rounds are arranged as a source-heavy unbalanced Feistel network, with 16 rounds of one type (MIXING) punctuated by two rounds of another type (MASHING). A MIXING round consists of four applications of the MIX transformation, as shown in the diagram.
- Steven Levy, Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age, ISBN 0-14-024432-8, 2001.
- Lars R. Knudsen, Vincent Rijmen, Ronald L. Rivest, Matthew J. B. Robshaw: On the Design and Security of RC2. Fast Software Encryption 1998: 206–221
- John Kelsey, Bruce Schneier, David Wagner: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. ICICS 1997: 233–246