Tiny Encryption Algorithm

TEA
	Two Feistel rounds (one cycle) from TEA
developer	Roger Needham , David Wheeler
Released	1994
Key length	128 bit (effectively 126 bit)
Block size	64 bit
structure	Feistel cipher
Round	variable, 64 recommended
Best known cryptanalysis
	Up to 21 laps are theoretically broken. Related key attacks can be carried out efficiently.

The TEA ( T iny E ncryption A lgorithm ) is a block cipher , which is known for its simple description and implementation (usually a few lines of code). Developed by David Wheeler and Roger Needham at Cambridge University , it was first presented at a workshop on fast encryption in 1994 . It is free from patents.

properties

TEA works on 64-bit blocks and uses a 128-bit long key. It represents a Feistel cipher with a suggested number of laps of 64. It is normally implemented in such a way that two laps represent one cycle. It has a very simple mechanism for generating the respective round key. The introduction of a so-called delta, which is defined as , prevents an attack that exploits the symmetry of the individual rounds. ${\ displaystyle \ lfloor ({\ sqrt {5}} - 1) \ cdot 2 ^ {31} \ rfloor}$

TEA has some weaknesses. Most of them stem from the fact that there are three equivalent keys for each key. Therefore the effective key length is only 126-bit (Kelsey et al., 1996, and Vikram Andem, 2003). This weakness was the hacking of Microsoft's game console Xbox exploited as these TEA as a hash function used. TEA is also prone to a related key attack that 2 ²³ chosen plaintexts in related keys needs.

Because of these weaknesses, there are a large number of suggestions for improvement, including XTEA .

Referral Code

The following is the adaptation of the reference implementation of the encryption and decryption routines in C , which was published as public domain by David Wheeler and Roger Needham:

  void encrypt(unsigned long v[2], unsigned long k[4]) {
      unsigned long v0 = v[0], v1 = v[1], sum = 0, i;           /* set up */
      unsigned long delta = 0x9E3779B9;                         /* a key schedule constant */
      unsigned long k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3]; /* cache key */
      for (i = 0; i<32; i++) {                                  /* basic cycle start */
          sum += delta;
          v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
          v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);   /* end cycle */
      }
      v[0] = v0; v[1] = v1;
  }

  void decrypt(unsigned long v[2], unsigned long k[4]) {
      unsigned long v0 = v[0], v1 = v[1], sum = 0xC6EF3720, i;  /* set up; sum is 32*delta */
      unsigned long delta = 0x9E3779B9;                         /* a key schedule constant */
      unsigned long k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3]; /* cache key */
      for(i = 0; i<32; i++) {                                   /* basic cycle start */
          v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
          v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
          sum -= delta;                                         /* end cycle */
      }
      v[0] = v0; v[1] = v1;
  }

literature

David J. Wheeler, Roger M. Needham: TEA, a tiny encryption algorithm. In: Bart Preneel (Ed.): Fast Software Encryption: Second International Workshop , Leuven, Belgium, December 14-16, 1994. Lecture Notes in Computer Science , Volume 1008, pp. 363-366.
Vikram Reddy Andem: A Cryptanalysis of the Tiny Encryption Algorithm. ( Memento from March 31, 2012 in the Internet Archive ) (PDF) Masters thesis, The University of Alabama, Tuscaloosa, 2003.
John Kelsey, Bruce Schneier , David Wagner : Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Lecture Notes in Computer Science , 1996, 1109, pages 237-251.
John Kelsey, Bruce Schneier, David Wagner: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X NewDES, RC2, and TEA. In: Lecture Notes in Computer Science , 1997, 1334, pp. 233–246.
Julio César Hernández, Pedro Isasi, Arturo Ribagorda: An application of genetic algorithms to the cryptoanalysis of one round TEA. In: Proceedings of the 2002 Symposium on Artificial Intelligence and its Application , 2002.
Julio César Hernández, José María Sierra, Pedro Isasi, Arturo Ribargorda: Finding efficient distinguishers for cryptographic mappings, with an application to the block cipher TEA. In: Proceedings of the 2003 Congress on Evolutionary Computation , 2003.
Julio César Hernández, José María Sierra, Arturo Ribagorda, Benjamín Ramos, JC Mex-Perera: Distinguishing TEA from a random permutation: Reduced round versions of TEA do not have the SAC or do not generate random numbers. In: Proceedings of the IMA Int. Conf. on Cryptography and Coding 2001 , 2001, pp. 374-377.
Dukjae Moon, Kyungdeok Hwang, Wonil Lee, Sangjin Lee, Jongin Lim: Impossible differential cryptanalysis of reduced round XTEA and TEA. In: Lecture Notes in Computer Science , 2002, 2365, pp. 49-60, ISSN 0302-9743 .
Seokhie Hong, Deukjo Hong, Youngdai Ko, Donghoon Chang, Wonil Lee, Sangjin Lee: Differential cryptanalysis of TEA and XTEA. In: Proceedings of ICISC 2003 .

Web links

Page with various TEA and XTEA implementations (English, with outdated information on the safety of TEA)