The RSA Data Security Secret-Key Challenge
RSA Laboratories is pleased to announce the establishment of a series of new cryptographic contests. The goal of the contests described here is to quantify the security offered by the government-endorsed data encryption standard (DES) and other secret-key ciphers with keys of various sizes. The information obtained from these contests is anticipated to be of value to researchers and developers alike as they estimate the strength of an algorithm or application against exhaustive key-search.

It is widely agreed that 56-bit keys, such as those offered by the government's DES standard, offer marginal protection against a committed adversary. By inertia as much as anything else, however, DES is still used for many applications. Theoretical studies have been performed showing that it is possible to build for a modest sum a specialized computer "DES cracker" that could crack keys in mere hours by exhaustive search. However, no one is known to have built such a machine in the private sector, and it is generally unknown whether or not one has been built by any government, either.

The successful factorizations achieved as part of the RSA Factoring Challenge (launched by RSA Data Security, Inc. in 1991) show that for some types of problems, it is possible to recruit spare cycles on a large number of machines distributed around the Internet. Therefore, by offering a suitable incentive, it might well be possible to recruit sufficient computational power across the Internet to exhaustively search the DES keyspace (or the keyspace of a cipher with a comparable keysize) in a matter of weeks.

The RSA Secret-Key Challenge consists of one DES challenge and twelve contests based around the block cipher RC5. DES has a fixed key of length 56 bits, and the ciphertext produced by DES-encrypting some unknown plaintext will be posted as part of the DES challenge.

RC5 is a fully parameterized block cipher, and twelve RC5 contests will be posted. As well as having a variable key size, RC5 also has a variable block size and a variable number of rounds; however, all the RC5 contests posted as part of the RSA Secret-Key Challenge will use 12-round RC5 with a 32-bit word size. The different RC5 contests will involve secret keys of different lengths. The first RC5 contest will consist of some unknown plaintext encrypted using a 40-bit key; the second will consist of some unknown plaintext encrypted using a 48-bit key; and so forth to the twelfth contest, which will consist of some unknown plaintext message encrypted using a 128-bit key.

For each contest, the unknown plaintext message is preceded by three known blocks of text that contain the 24-character phrase "The unknown message is: ". While the mystery text that follows will clearly be known to a few employees of RSA Data Security, the secret key itself used for the encryption was generated at random and never revealed to the challenge administrators. The goal of each contest is for participants to recover the secret randomly-generated key that was used in the encryption.

In addition to the "real" contests, thirteen "pseudo-contests" will be posted. These pseudo-contests have no prizes attached to them and the solutions to each pseudo-contest is not secret. The pseudo-contests are only supplied so that contest participants can test out their software in a "contest" scenario with a known solution. RSA Data Security requests that participants not submit solutions to the practice contests, except possibly to test out the formatting of output produced by their software.