Tiny Encryption Algorithm
In
Fast Software Encryption workshop in Leuven in 1994, and first published in the proceedings of that workshop.[4]
The cipher is not subject to any patents.
Properties
TEA operates on two 32-bit
Feistel structure with a suggested 64 rounds, typically implemented in pairs termed cycles. It has an extremely simple key schedule, mixing all of the key material in exactly the same way for each cycle. Different multiples of a magic constant are used to prevent simple attacks based on the symmetry of the rounds. The magic constant, 2654435769 or 0x9E3779B9 is chosen to be ⌊232⁄𝜙⌋, where 𝜙 is the golden ratio (as a nothing-up-my-sleeve number).[4]
TEA has a few weaknesses. Most notably, it suffers from equivalent keys—each key is equivalent to three others, which means that the effective key size is only 126
chosen plaintexts under a related-key pair, with 232 time complexity.[2] Because of these weaknesses, the XTEA
cipher was designed.
Versions
The first published version of TEA was supplemented by a second version that incorporated extensions to make it more secure. Block TEA (which was specified along with XTEA) operates on arbitrary-size blocks in place of the 64-bit blocks of the original.
A third version (XXTEA), published in 1998, described further improvements for enhancing the security of the Block TEA algorithm.
Reference code
Following is an adaptation of the reference encryption and decryption routines in C, released into the public domain by David Wheeler and Roger Needham:[4]
#include <stdint.h>
void encrypt (uint32_t v[2], const uint32_t k[4]) {
uint32_t v0=v[0], v1=v[1], sum=0, i; /* set up */
uint32_t delta=0x9E3779B9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<32; i++) { /* basic cycle start */
sum += delta;
v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
} /* end cycle */
v[0]=v0; v[1]=v1;
}
void decrypt (uint32_t v[2], const uint32_t k[4]) {
uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i; /* set up; sum is (delta << 5) & 0xFFFFFFFF */
uint32_t delta=0x9E3779B9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<32; i++) { /* basic cycle start */
v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
} /* end cycle */
v[0]=v0; v[1]=v1;
}
Note that the reference implementation acts on multi-byte numeric values. The original paper does not specify how to derive the numbers it acts on from binary or other content.
See also
- RC4 – A stream cipher that, just like TEA, is designed to be very simple to implement.
- XTEA – First version of Block TEA's successor.
- XXTEA – Corrected Block TEA's successor.
- Treyfer – A simple and compact encryption algorithm with 64-bit key size and block size.
Notes
- ^ Matthew D. Russell (27 February 2004). "Tinyness: An Overview of TEA and Related Ciphers". Archived from the original on 12 August 2007.
- ^ ISBN 978-3-540-63696-0.
- ISBN 978-3-642-34046-8.
- ^ ISBN 978-3-540-60590-4.)
{{cite book}}: CS1 maint: location missing publisher (link - ISBN 978-3-540-61512-5. Archived from the original(PDF) on 8 February 2012. Retrieved 25 February 2008.
- ^ Michael Steil. "17 Mistakes Microsoft Made in the Xbox Security System". Archived from the original on 16 April 2009.
References
- Andem, Vikram Reddy (2003). "A Cryptanalysis of the Tiny Encryption Algorithm, Masters thesis" (PDF). Tuscaloosa: The University of Alabama.
- Hernández, Julio César; Isasi, Pedro; Ribagorda, Arturo (2002). "An application of genetic algorithms to the cryptoanalysis of one round TEA". Proceedings of the 2002 Symposium on Artificial Intelligence and Its Application.
- Hernández, Julio César; Sierra, José María; Isasi, Pedro; Ribargorda, Arturo (2003). "Finding efficient distinguishers for cryptographic mappings, with an application to the block cipher TEA". The 2003 Congress on Evolutionary Computation, 2003. CEC '03. Vol. 3. pp. 2189–2193. S2CID 62216777.
- Hernández, Julio César; Sierra, José María; Ribagorda, Arturo; Ramos, Benjamín; Mex-Perera, J. C. (2001). "Distinguishing TEA from a Random Permutation: Reduced Round Versions of TEA do Not Have the SAC or do Not Generate Random Numbers". Cryptography and Coding (PDF). Lecture Notes in Computer Science. Vol. 2260. pp. 374–377. ISBN 978-3-540-43026-1. Archived from the original(PDF) on 26 April 2012.
- Moon, Dukjae; Hwang, Kyungdeok; Lee, Wonil; Lee, Sangjin; Lim, Jongin (2002). "Impossible Differential Cryptanalysis of Reduced Round XTEA and TEA". Fast Software Encryption (PDF). Lecture Notes in Computer Science. Vol. 2365. pp. 49–60. ISBN 978-3-540-44009-3.
- Hong, Seokhie; Hong, Deukjo; Ko, Youngdai; Chang, Donghoon; Lee, Wonil; Lee, Sangjin (2004). "Differential Cryptanalysis of TEA and XTEA". Information Security and Cryptology - ICISC 2003. Lecture Notes in Computer Science. Vol. 2971. pp. 402–417. ISBN 978-3-540-21376-5.
External links
- Test vectors for TEA
- JavaScript implementation of XXTEA with Base64 Archived 28 April 2006 at the Wayback Machine
- PHP implementation of XTEA (German language)
- JavaScript implementation of XXTEA
- JavaScript and PHP implementations of XTEA (Dutch text)
- AVR ASM implementation
- SEA Scalable Encryption Algorithm for Small Embedded Applications (Standaert, Piret, Gershenfeld, Quisquater - July 2005 UCL Belgium & MIT USA)
