This article includes a list ofgeneral references, butit lacks sufficient correspondinginline citations. Please help toimprove this article byintroducing more precise citations.(March 2009) (Learn how and when to remove this message)

RC6

TheFeistel function of the RC6 algorithm.
General
Designers	Ron Rivest,Matt Robshaw,Ray Sidney,Yiqun Lisa Yin
First published	1998
Derived from	RC5
Certification	AES finalist
Cipher detail
Key sizes	128, 192, or 256 bits
Block sizes	128 bits
Structure	Feistel network (Type 2)[1]
Rounds	20

Incryptography,RC6 (Rivest cipher 6) is asymmetric keyblock cipher derived fromRC5. It was designed byRon Rivest,Matt Robshaw, Ray Sidney, andYiqun Lisa Yin to meet the requirements of theAdvanced Encryption Standard (AES)competition. The algorithm was one of the five finalists, and also was submitted to theNESSIE andCRYPTREC projects. It was a proprietary algorithm, patented byRSA Security.

RC6 proper has ablock size of 128 bits and supportskey sizes of 128, 192, and 256 bits up to 2040-bits, but, like RC5, it may be parameterised to support a wide variety of word-lengths, key sizes, and number of rounds. RC6 is very similar to RC5 in structure, using data-dependent rotations,modular addition, andXOR operations; in fact, RC6 could be viewed as interweaving two parallel RC5 encryption processes, although RC6 does use an extra multiplication operation not present in RC5 in order to make the rotation dependent on every bit in a word, and not just the least significant few bits.

Note that the key expansion algorithm is practically identical to that of RC5. The only difference is that for RC6, more words are derived from the user-supplied key.

// Encryption/Decryption with RC6-w/r/b//// Input:   Plaintext stored in four w-bit input registers A, B, C & D// r is the number of rounds// w-bit round keys S[0, ... , 2r + 3]//// Output: Ciphertext stored in A, B, C, D//// '''Encryption Procedure:'''B=B+S[0]D=D+S[1]fori=1tordo{t=(B*(2B+1))<<<lgwu=(D*(2D+1))<<<lgwA=((A^t)<<<u)+S[2i]C=((C^u)<<<t)+S[2i+1](A,B,C,D)=(B,C,D,A)}A=A+S[2r+2]C=C+S[2r+3]// '''Decryption Procedure:'''C=C-S[2r+3]A=A-S[2r+2]fori=rdownto1do{(A,B,C,D)=(D,A,B,C)u=(D*(2D+1))<<<lgwt=(B*(2B+1))<<<lgwC=((C-S[2i+1])>>>t)^uA=((A-S[2i])>>>u)^t}D=D-S[1]B=B-S[0]

In August 2016, code reputed to beEquation Group orNSA "implants" for various network security devices was disclosed.^[2] The accompanying instructions revealed that some of these programs use RC6 for confidentiality of network communications.^[3]

As RC6 was not selected for theAES, it was not guaranteed that RC6 is royalty-free. As of January 2017^[update], a web page on the official web site of the designers of RC6, RSA Laboratories, states the following:^[4]

"We emphasize thatif RC6 is selected for the AES, RSA Security willnot require any licensing or royalty payments for products using the algorithm".

The emphasis on the word "if" suggests that RSA Security Inc. may have required licensing and royalty payments for any products using the RC6 algorithm. RC6 was a patented encryption algorithm (U.S. patent 5,724,428 andU.S. patent 5,835,600); however, the patents expired between 2015 and 2017.

• "Cryptography - 256 bit Ciphers: Reference source code and submissions to international cryptographic designs contests".

• "Symmetric Ciphers: RC6". Standard Cryptographic Algorithm Naming (SCAN). 2009-04-15.

• "RC6® Block Cipher".RSA Laboratories. Archived fromthe original on 2016-03-04.

• Block ciphers

• Articles with short description
• Short description is different from Wikidata
• Articles lacking in-text citations from March 2009
• All articles lacking in-text citations
• Articles containing potentially dated statements from January 2017
• All articles containing potentially dated statements