RC2
 Description
 Algorithm
 Block diagrams
 Mathematical functions
 Implementation
RC2 is also known as ARC2. The acronym RC is understood as "Rivest Cipher" or "Ron's Code".
RC2 is a block cipher, and the block size is 8 bytes (64 bits). This means that the input data is first divided into blocks of 8 bytes and then each of them is processed separately.
Each data block is treated as four words, each word has 16 bits (2 bytes). The array of four words is presented as R[0] R[1] R[2] R[3]. Both encryption and decryption take this array as input and modify the four words. The output is returned in the same array.
Key Expansion
Apart from the data, the RC2 cipher takes as input a secret user key. The key provided by the user may be of size from one byte up to 128 bytes. Let us denote the key size (in bytes) as Key_{size}. The first operation which RC2 then performs is to expand the key, to receive new 128 key bytes which will be used for encryption of decryption of all data bytes.
The user provides also a second value, denoted Key_{bitlimit}, which determine the maximum effective key size, provided in bits. This means, that no matter how many bytes of the secret key has been provided by the user, the cipher will operate on the key which effective size is Key_{bytelimit}, where:
Key_{bytelimit} = (Key_{bitlimit} + 7) / 8
Of course, the real strenght of the key will be even smaller, if the user provided less key bytes than Key_{bytelimit}.
In order to assure that only that many bites will be used to secure the data, the following bit mask is defined:
Key_{mask} = 255 mod 2^(8 + Key_{bitlimit}  8·Key_{bytelimit})
The 8  (8·Key_{bytelimit}  Key_{bitlimit}) least significant bits of Key_{mask} are set, the rest are zeros.
Key Words and Bytes
The mathematical operations that are performed on the key operate on both single bytes and whole words. So, for convenience, the numbers in the key may be presented as either 64 words:
K[0], K[1], ..., K[63]
or 128 separate bytes:
L[0], L[1], ..., L[127].
Note, that each part of the key array may be addressed by using either bytes or words. The following equation can be defined:
K[i] = L[2·i] + 256·L[2·i+1]
The loworder eight bits of each word is located before the highorder byte.
Key Expansion Algorithm
The first step of the key expansion algorithm is to fill the first Key_{size} bytes of key array with the bytes received from the user:
L[0], L[1], ..., L[Key_{size}1].
Then, the following steps are performed on the key data. T_{PI} mentioned below is a fixed array of size 256, filled randomly with values from 0 to 255:
 For i = Key_{size}, Key_{size}+1, and up until 127:
L[i] = T_{PI}[(L[i1] + L[iKey_{size}]) mod 256]  L[128Key_{bytelimit}] = T_{PI}[L[128Key_{bytelimit}] & Key_{mask}]
 For i = 127Key_{bytelimit}, down until 0:
L[i] = T_{PI}[L[i+1] XOR L[i+Key_{bytelimit}]]
The effective encryption key is determined by the bytes:
L[128Key_{bytelimit}], L[128Key_{bytelimit}+1]..., L[127]
The operation & performed in the second step above limits the effective size of the key down to just Key_{bitlimit} bits.
Encryption
The encryption procedure takes as input four words: R[0] R[1] R[2] R[3], which form one block of data. Every block of data will be encrypted by using the same 64 words of expanded secret key: K[0] K[1] ... K[63].
The following encryption steps are performed on every data block:
 Initialize the counter j to 0.
 Perform five Mixing Rounds.
 Perform one Mashing Round.
 Perform six Mixing Rounds.
 Perform one Mashing Round.
 Perform five Mixing Rounds.
Because every Mixing Round uses 4 key bytes, all 128 key bytes are used during encryption of one data block. The Mashing Rounds use key bytes in a more unpredicted manner.
Each Mixing Round consists of four Mixing operations, performed on four words of the data block:
Each Mashing Round consists of four Mashing operations, performed on four words of the data block:
Decryption
The decryption procedure takes as input four ciphertext words: R[0] R[1] R[2] R[3], which form one block of encrypted data. Every block of data will be decrypted by using the same 64 words of expanded secret key: K[0] K[1] ... K[63].
The following decryption steps are performed on every ciphertext block:
 Initialize the counter j to 63.
 Perform five RMixing Rounds.
 Perform one RMashing Round.
 Perform six RMixing Rounds.
 Perform one RMashing Round.
 Perform five RMixing Rounds.
Each RMixing Round consists of four RMixing operations, performed on four words of the encrypted data block:
Each RMashing Round consists of four RMashing operations, performed on four words of the encrypted data block:












