4

I was reading this paper on RC6 and formally, the algorithm is defined for an arbitrary word size $w$, even though only $w=32$ was considered for the AES submission. Now the paper explicitly mentions the choice $w=24$, among others. Later on in the paper, it says:

"The base-two logarithm of $w$ will be denoted by $\operatorname{lg}w$."

As part of the encryption routine, the following step is performed: $$ t = (B\times(2B+1)) \lll \operatorname{lg} w $$ This makes perfect sense for $w=32$ as $32$ is a power of two and $\operatorname{lg} w$ will be an integer, by which you can rotate another integer. However, for $w=24$, this formally asks me to rotate the value by approximately $4.584962500721156$ bits, which I find rather puzzling.

My question is: What is the correct interpretation of $\operatorname{lg} w$ for implementations of RC6 that allow other values for $w$, specifically when $w$ is not a power of two?

Jesko Hüttenhain
  • 143
  • 4

1 Answers1

4

From RC6 and RC5 Test Vectors For Multiple Block Sizes (draft-krovetz-rc6-rc5-vectors-00)

/* Calculate floor(base-2 log of x) for any x>0.                   */
static int lg2(int x) {
    int ans=0;
    for ( ; x!=1; x>>=1)
        ans++;
    return ans;
}

So the return is the LSB of the integer part;

log_w = (unsigned int)log2(w);

Test it here,

kelalaka
  • 49,797
  • 12
  • 123
  • 211