Tiny Encryption Algorithm


Tiny Encryption Algorithm

Infobox block cipher
name = TEA


caption = Two Feistel rounds (one cycle) of TEA
designers = Roger Needham, David Wheeler
publish date = 1994
derived from =
derived to = XTEA
key size = 128 bits
block size = 64 bits
structure = Feistel network
rounds = variable; recommended 64 Feistel rounds (32 cycles)
cryptanalysis = TEA suffers from equivalent keys (Kelsey et al, 1996) and can be broken using a related-key attack requiring 223 chosen plaintexts and a time complexity of 232.

In cryptography, the Tiny Encryption Algorithm (TEA) is a block cipher notable for its simplicity of description and implementation (typically a few lines of code). It was designed by David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and first presented at the Fast Software Encryption workshop in 1994. [cite journal | first = David J. | last = Wheeler | coauthors = Needham, Roger M. | url = http://citeseer.ist.psu.edu/102148.html
title = TEA, a tiny encryption algorithm | publisher = Fast Software Encryption: Second International Workshop | volume = 1008 | journal = Lecture Notes in Computer Science | pages = 363–366 | location = Leuven, Belgium | date = 1994-12-16
]

The cipher is not subject to any patents.

Properties

TEA operates on 64-bit blocks and uses a 128-bit key. It has a Feistel structure with a suggested 64 rounds, typically implemented in pairs termed "cycles". It has an extremely simple key schedule, mixing all of the key material in exactly the same way for each cycle. Different multiples of a magic constant are used to prevent simple attacks based on the symmetry of the rounds. The magic constant, 2654435769 or mathrm{9E3779B9_{16 is chosen to be lfloor 2^{32}/phi floor where phi, is the golden ratio.

TEA has a few weaknesses. Most notably, it suffers from equivalent keys — each key is equivalent to three others, which means that the effective key size is only 126 bits. cite journal | first = John | last = Kelsey | coauthors = Schneier, Bruce; Wagner, David | url = http://www.schneier.com/paper-key-schedule.pdf
title = Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES | journal = Lecture Notes in Computer Science | volume = 1109 | pages = 237–251 | date = 1996 | doi = 10.1007/3-540-68697-5_19
] As a result, TEA is especially bad as a cryptographic hash function. This weakness led to a method for hacking Microsoft's Xbox game console, where the cipher was used as a hash function. [cite web |url=http://www.xbox-linux.org/wiki/17_Mistakes_Microsoft_Made_in_the_Xbox_Security_System#Startup_Security.2C_Take_Two |title=17 Mistakes Microsoft Made in the Xbox Security System |author=Michael Steil ] TEA is also susceptible to a related-key attack which requires 223 chosen plaintexts under a related-key pair, with 232 time complexity.cite journal | first = John | last = Kelsey | coauthors = Schneier, Bruce; Wagner, David | title = Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X NewDES, RC2, and TEA | url = http://citeseer.ist.psu.edu/318172.html
journal = Lecture Notes in Computer Science | volume = 1334 | pages = 233–246 | date = 1997 | doi = 10.1007/BFb0028479
] Because of these weaknesses, a number of revisions of TEA have been designed.

The unusually small size of the TEA algorithm would make it a viable option in situations where there are extreme constraints, e.g., legacy hardware systems (perhaps embedded) where the amount of available RAM is minimal.

Versions

The first published version of TEA was supplemented by a second version that incorporated extensions to make it more secure. "Block TEA" (sometimes referred to as XTEA) operates on arbitrary-size blocks in place of the 64-bit blocks of the original.

A third version (XXTEA), published in 1998, described further improvements for enhancing the security of the Block TEA algorithm.

Reference code

Following is an adaptation of the reference encryption and decryption routines in C, released into the public domain by David Wheeler and Roger Needham:


#include

void encrypt (uint32_t* v, uint32_t* k) { uint32_t v0=v [0] , v1=v [1] , sum=0, i; /* set up */ uint32_t delta=0x9e3779b9; /* a key schedule constant */ uint32_t k0=k [0] , k1=k [1] , k2=k [2] , k3=k [3] ; /* cache key */ for (i=0; i < 32; i++) { /* basic cycle start */ sum += delta; v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1); v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3); } /* end cycle */ v [0] =v0; v [1] =v1;}

void decrypt (uint32_t* v, uint32_t* k) { uint32_t v0=v [0] , v1=v [1] , sum=0xC6EF3720, i; /* set up */ uint32_t delta=0x9e3779b9; /* a key schedule constant */ uint32_t k0=k [0] , k1=k [1] , k2=k [2] , k3=k [3] ; /* cache key */ for (i=0; i<32; i++) { /* basic cycle start */ v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3); v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1); sum -= delta; } /* end cycle */ v [0] =v0; v [1] =v1;}

Note that the reference implementation is bound to specific microprocessor architecture meaning that byte order considerations are important when cyphertext is shared and processed on different systems. The original paper does not specify any details about microprocessor architecture and so anyone implementing a system using TEA would need to make those specifications for themselves.

ee also

* RC4 - A stream cipher that, just like TEA, is designed to be very simple to implement.
* XTEA - First version of Block TEA's successor.
* XXTEA - Corrected Block TEA's successor.

References

Other References

*
*
*
*
*
*

External links

* [http://www.cs.ua.edu/SecurityResearchGroup/VRAndem.pdf A Cryptanalysis of the Tiny Encryption Algorithm]
* [http://143.53.36.235:8080/tea.htm A web page advocating TEA and providing a variety of implementations]
** [http://www.babelfish.nl/?view=actFlaw A note on the JavaScript implementations at that site]
* [http://www.cix.co.uk/~klockstone/teavect.htm Test vectors for TEA]
* [http://www-users.cs.york.ac.uk/~matthew/TEA/TEA.html A survey of TEA and XTEA and their cryptanalysis]
* [http://www.farfarfar.com/scripts/encrypt/ JavaScript implementation of XXTEA with Base64]
* [http://www.php-einfach.de/sonstiges_generator_xtea.php PHP implementation of XTEA]
* [http://www.movable-type.co.uk/scripts/TEA.html JavaScript implementation of TEA]
* [http://www.babelfish.nl/?view=actTEA JavaScript and PHP implementations of XTEA (English text)]
* [http://www.coolcode.cn/?p=128 JavaScript and PHP implementation of XXTEA]
* [http://www.jools.net/projects/ruby/crypto/ Ruby implementation of XXTEA with Base64]
* [http://www.winterwell.com/software/TEA.php LGPL Java/J2ME implementation of TEA]


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Tiny Encryption Algorithm — (ou TEA) est un algorithme de chiffrement par bloc connu pour la simplicité de sa description et de son implémentation (généralement quelques lignes de codes). Il fut conçu par David Wheeler et Roger Needham, du laboratoire informatique de… …   Wikipédia en Français

  • Tiny Encryption Algorithm — TEA Zwei Feistel Runden (ein Zyklus) von TEA Entwickler Roger Needham, David Wheeler Veröffentlicht 1994 Schlüssellänge …   Deutsch Wikipedia

  • Tiny Encryption Algorithm — En criptografía, el Tiny Encryption Algorithm (TEA) (Algoritmo Diminuto de Cifrado) es un algoritmo para el cifrado por bloques notable por su simplicidad de descripción e implementación (generalmente unas pocas líneas de código). Fue diseñado… …   Wikipedia Español

  • Tiny Encryption Algorithm — En criptografía, el Tiny Encryption Algorithm (TEA) (Algoritmo Diminuto de Encriptación) es un algoritmo para el cifrado de bloque notable por su simplicidad de descripción e implementación (generalmente unas pocas líneas de código). Fue diseñado …   Enciclopedia Universal

  • Extended Tiny Encryption Algorithm — XTEA Zwei Feistel Runden (ein Zyklus) von XTEA Entwickler Roger Needham, David Wheeler Veröffentlicht 1997 Abgeleitet von …   Deutsch Wikipedia

  • Extended Tiny Encryption Algorithm — (XTEA (eXtended TEA) es un algoritmo criptográfico utilizado para el cifrado por bloques, al igual que el algoritmo TEA (presentado en 1994), pero corrigiendo las deficiencias de éste último. Sus diseñadores fueron David Wheeler y Roger Needham… …   Wikipedia Español

  • Data Encryption Algorithm — DES Eine Feistel Runde (F Funktion) Entwickler IBM Veröffentlicht 1975 Abgeleitet von Lucifer …   Deutsch Wikipedia

  • Tiny — may refer to:* Tiny (car), a British cyclecar manufactured by Nanson, Barker Co at Esholt, Yorkshire between 1912 and 1915 * Tiny, Ontario, a township in south central Ontario, CanadaPeople: * Tiny Tim (musician) (1932 1996), American musician *… …   Wikipedia

  • Fast Data Encipherment Algorithm — FEAL Eine Feistel Runde von FEAL Entwickler Akihiro Shimizu und Shoji Miyaguchi, beide von NTT Veröffentlicht FEAL 4 1987; FEAL N/NX 1990 Schlüssellänge 64 Bit (FEAL), 128 Bits (F …   Deutsch Wikipedia

  • XTEA — Zwei Feistel Runden (ein Zyklus) von XTEA Entwickler Roger Needham, David Wheeler Veröffentlicht 1997 Abgeleitet von …   Deutsch Wikipedia