Rabbit (cipher)
Encyclopedia
Rabbit is a high-speed stream cipher
first presented in February 2003 at the 10th FSE workshop. In May 2005, it was submitted to the eSTREAM
project of the ECRYPT
network.
Rabbit was designed by Martin Boesgaard, Mette Vesterager, Thomas Pedersen, Jesper Christiansen and Ove Scavenius.
Rabbit uses a 128-bit key and a 64-bit initialization vector. The cipher was designed with high performance in software in mind, where fully optimized implementations achieve an encryption speed of up to 3.7 CPB
on a Pentium 3, and of 9.7 CPB
on an ARM7. However, the cipher also turns out to be very fast and compact in hardware.
The core component of the cipher is a bitstream generator which encrypts 128 message bits per iteration. The cipher's strength rests on a strong mixing of its inner state between two consecutive iterations. The mixing function is entirely based on arithmetical operations that are available on a modern processor, i.e., no S-boxes
or lookup tables are required to implement the cipher.
The authors of the cipher have provided a full set of cryptanalytic white papers on the Cryptico
home page. It is also described in RFC 4503. Cryptico had patent
s pending for the algorithm and for many years required a license fee for commercial use of the cipher which was waived for non-commercial uses. However, the algorithm was made free for any use on October 6, 2008.
A small bias in the output of Rabbit exists, resulting in a distinguisher with 2247 complexity discovered by Jean-Philippe Aumasson in December 2006. Even though this distinguisher was improved to 2158 in 2008, it's not a threat to Rabbit's security because its complexity is significantly higher than the brute-force of the key space (2128).
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
first presented in February 2003 at the 10th FSE workshop. In May 2005, it was submitted to the eSTREAM
ESTREAM
eSTREAM is a project to "identify new stream ciphers suitable for widespread adoption", organised by the EU ECRYPT network. It was set up as a result of the failure of all six stream ciphers submitted to the NESSIE project. The call for primitives was first issued in November 2004. The project was...
project of the ECRYPT
ECRYPT
ECRYPT is a 4-year European research initiative launched on 1 February 2004.The stated objective is to, "intensify the collaboration of European researchers in information security, and more in particular in cryptology and digital watermarking.ECRYPT list five core research areas, termed "virtual...
network.
Rabbit was designed by Martin Boesgaard, Mette Vesterager, Thomas Pedersen, Jesper Christiansen and Ove Scavenius.
Rabbit uses a 128-bit key and a 64-bit initialization vector. The cipher was designed with high performance in software in mind, where fully optimized implementations achieve an encryption speed of up to 3.7 CPB
Cycles per byte
Cycles per byte is a unit of measurement which indicates the number of clock cycles a microprocessor will perform per byte of data processed in an algorithm. It is commonly used as a partial indicator of real-world performance in cryptographic functions....
on a Pentium 3, and of 9.7 CPB
Cycles per byte
Cycles per byte is a unit of measurement which indicates the number of clock cycles a microprocessor will perform per byte of data processed in an algorithm. It is commonly used as a partial indicator of real-world performance in cryptographic functions....
on an ARM7. However, the cipher also turns out to be very fast and compact in hardware.
The core component of the cipher is a bitstream generator which encrypts 128 message bits per iteration. The cipher's strength rests on a strong mixing of its inner state between two consecutive iterations. The mixing function is entirely based on arithmetical operations that are available on a modern processor, i.e., no S-boxes
Substitution box
In cryptography, an S-Box is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext — Shannon's property of confusion...
or lookup tables are required to implement the cipher.
The authors of the cipher have provided a full set of cryptanalytic white papers on the Cryptico
Cryptico
Cryptico is a privately-owned company specialized in cryptography. The company provides software for encryption and message authentication. It licenses implementations of the Rabbit stream cipher and the Badger message authentication code...
home page. It is also described in RFC 4503. Cryptico had patent
Patent
A patent is a form of intellectual property. It consists of a set of exclusive rights granted by a sovereign state to an inventor or their assignee for a limited period of time in exchange for the public disclosure of an invention....
s pending for the algorithm and for many years required a license fee for commercial use of the cipher which was waived for non-commercial uses. However, the algorithm was made free for any use on October 6, 2008.
Security
Rabbit claims 128-bit security against attackers whose target is one specific key. If, however, the attacker targets a large number of keys at once and does not really care which one he breaks, then the small IV size results in a reduced security level of 96 bit. This is due to generic TMD trade-off attacks.A small bias in the output of Rabbit exists, resulting in a distinguisher with 2247 complexity discovered by Jean-Philippe Aumasson in December 2006. Even though this distinguisher was improved to 2158 in 2008, it's not a threat to Rabbit's security because its complexity is significantly higher than the brute-force of the key space (2128).