RSA Laboratories

The Rules

Challenges are no longer active

Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key. The padding method used will be that specified in the RSA Laboratories' Public Key Cryptography Standards (PKCS) #7 document.

In particular, if the total plaintext to be encrypted is s bytes in length then, since both DES and the version of RC5 used in this contest have a block size of eight bytes, the plaintext will be padded with exactly 8-(s mod 8) bytes, each of which take the value 8-(s mod 8). As an example, if the complete plaintext requires exactly one additional byte to produce an integral number of plaintext blocks, then it is padded with the byte that has hexadecimal value 0x01. If the plaintext needs exactly two additional bytes, then it is padded with the bytes 0x02 0x02, and so forth. Finally, if the text needs no additional bytes to produce an integral number of plaintext blocks, then it is padded with eight bytes, each containing the value 0x08. This means that plaintexts with a length in bytes equal to a multiple of eight, are padded with the string 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08.

Encryption of the padded plaintext will take place in CBC mode (cipher-block chaining mode), with a randomly-generated key and a randomly generated IV (initial value).

For example, if the mystery text for a DES challenge were "Clipper chips go well with salsa!" (thanks to Kazuo Ohta for introducing us to Clipper chips at Crypto!), then, after adding in the known header bytes and performing padding, the actual plaintext to be encrypted would be the following eight 64-bit blocks, in this order (shown in hexadecimal):

      54 68 65 20 75 6e 6b 6e 6f 77 6e 20 6d 65 73 73
      61 67 65 20 69 73 3a 20 43 6c 69 70 70 65 72 20
      63 68 69 70 73 20 67 6f 20 77 65 6c 6c 20 77 69
      74 68 20 73 61 6c 73 61 21 07 07 07 07 07 07 07

The ciphertext produced, of course, would depend on the key and the IV that is used for the encryption. For this example, the ciphertext would also consist of eight 64-bit blocks.