General | |
---|---|
Designers | Ron Rivest |
First published | Leaked in 1996, designed in 1987, officially published in 1998 |
Cipher detail | |
Key sizes | 1–128 bytes |
Block sizes | 64 bits |
Structure | Source-heavy unbalanced Feistel network |
Rounds | 16 of type MIXING, 2 of type MASHING |
Best public cryptanalysis | |
A related-key attack is possible requiring 234 chosen plaintexts (Kelsey et al., 1997). |
In cryptography, RC2 (also known as ARC2) is a symmetric-key block cipher designed by Ron Rivest in 1987. "RC" stands for "Ron's Code" or "Rivest Cipher"; other ciphers designed by Rivest include RC4, RC5, and RC6.
The development of RC2 was sponsored by Lotus, who were seeking a custom cipher that, after evaluation by the NSA, could be exported as part of their Lotus Notes software. The NSA suggested a few changes, which Rivest incorporated. After further negotiations, the cipher was approved for export in 1989. Along with RC4, RC2 with a 40-bit key size was treated favourably under US export regulations for cryptography.
Initially, the details of the algorithm were kept secret — proprietary to RSA Security — but on 29 January 1996, source code for RC2 was anonymously posted to the Internet on the Usenet forum sci.crypt. Mentions of CodeView and SoftICE (popular debuggers) suggest that it had been reverse engineered. A similar disclosure had occurred earlier with RC4.
In March 1998, Ron Rivest authored an RFC publicly describing RC2 himself.[1]
RC2 is a 64-bit block cipher with a variable size key. Its 18 rounds are arranged as a source-heavy unbalanced Feistel network, with 16 rounds of one type (MIXING) punctuated by two rounds of another type (MASHING). A MIXING round consists of four applications of the MIX transformation, as shown in the diagram.
RC2 is vulnerable to a related-key attack using 234 chosen plaintexts.[2]