TEA (cipher)
   HOME

TheInfoList



OR:

In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, the Tiny Encryption Algorithm (TEA) is a
block cipher In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called ''blocks''. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage a ...
notable for its simplicity of description and
implementation Implementation is the realization of an application, execution of a plan, idea, scientific modelling, model, design, specification, Standardization, standard, algorithm, policy, or the Management, administration or management of a process or Goal ...
, typically a few lines of code. It was designed by David Wheeler and
Roger Needham Roger Michael Needham (9 February 1935 – 1 March 2003) was a British computer scientist. Early life and education Needham was born in Birmingham, England, the only child of Phyllis Mary, ''née'' Baker (''c''.1904–1976) and Leonard Wil ...
of the Cambridge Computer Laboratory; it was first presented at the
Fast Software Encryption The International Association for Cryptologic Research (IACR) is a non-profit scientific organization that furthers research in cryptology and related fields. The IACR was organized at the initiative of David Chaum at the CRYPTO '82 conference. ...
workshop in
Leuven Leuven (, , ), also called Louvain (, , ), is the capital and largest City status in Belgium, city of the Provinces of Belgium, province of Flemish Brabant in the Flemish Region of Belgium. It is located about east of Brussels. The municipalit ...
in 1994, and first published in the proceedings of that workshop. The cipher is not subject to any
patent A patent is a type of intellectual property that gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of time in exchange for publishing an sufficiency of disclosure, enabling discl ...
s.


Properties

TEA operates on two 32-bit unsigned integers (could be derived from a 64-bit data
block Block or blocked may refer to: Arts, entertainment and media Broadcasting * Block programming, the result of a programming strategy in broadcasting * W242BX, a radio station licensed to Greenville, South Carolina, United States known as ''96.3 ...
) and uses a 128-bit key. It has a
Feistel structure In cryptography, a Feistel cipher (also known as Luby–Rackoff block cipher) is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel, who did pioneering research ...
with a suggested 64 rounds, typically implemented in pairs termed ''cycles''. It has an extremely simple
key schedule In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of '' rounds''. The setup for each round is generally the same, except for round-specific fixed va ...
, mixing all of the key material in exactly the same way for each cycle. Different multiples of a
magic constant The magic constant or magic sum of a magic square is the sum of numbers in any row, column, or diagonal of the magic square. For example, the magic square shown below has a magic constant of 15. For a normal magic square of order ''n'' – that is ...
are used to prevent simple attacks based on the
symmetry Symmetry () in everyday life refers to a sense of harmonious and beautiful proportion and balance. In mathematics, the term has a more precise definition and is usually used to refer to an object that is Invariant (mathematics), invariant und ...
of the rounds. The magic constant, 2654435769 or 0x9E3779B9 is chosen to be , where is the
golden ratio In mathematics, two quantities are in the golden ratio if their ratio is the same as the ratio of their summation, sum to the larger of the two quantities. Expressed algebraically, for quantities and with , is in a golden ratio to if \fr ...
(as a
nothing-up-my-sleeve number In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need random ...
). TEA has a few weaknesses. Most notably, it suffers from equivalent keys—each key is equivalent to three others, which means that the effective key size is only 126
bit The bit is the most basic unit of information in computing and digital communication. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represented as ...
s. As a result, TEA is especially bad as a
cryptographic hash function A cryptographic hash function (CHF) is a hash algorithm (a map (mathematics), map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptography, cryptographic application: ...
. This weakness led to a method for hacking
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
's
Xbox Xbox is a video gaming brand that consists of four main home video game console lines, as well as application software, applications (games), the streaming media, streaming service Xbox Cloud Gaming, and online services such as the Xbox networ ...
game console A video game console is an electronic device that outputs a video signal or image to display a video game that can typically be played with a game controller. These may be home consoles, which are generally placed in a permanent location conne ...
, where the cipher was used as a hash function. TEA is also susceptible to a
related-key attack In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the ...
which requires 223
chosen plaintext Chosen or The Chosen may refer to: Books *The Chosen (Potok novel), ''The Chosen'' (Potok novel), a 1967 novel by Chaim Potok * ''The Chosen'', a 1997 novel by L. J. Smith (author), L. J. Smith *The Chosen (Pinto novel), ''The Chosen'' (Pinto nov ...
s under a related-key pair, with 232 time complexity. Because of these weaknesses, the
XTEA In cryptography, XTEA (eXtended TEA) is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished ...
cipher was designed.


Versions

The first published version of TEA was supplemented by a second version that incorporated extensions to make it more secure. ''Block TEA'' (which was specified along with
XTEA In cryptography, XTEA (eXtended TEA) is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished ...
) operates on arbitrary-size blocks in place of the 64-bit blocks of the original. A third version (
XXTEA In cryptography, Corrected Block TEA (often referred to as XXTEA) is a block cipher designed to correct weaknesses in the original Block TEA. XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work. See crypta ...
), published in 1998, described further improvements for enhancing the security of the Block TEA algorithm.


Reference code

Following is an adaptation of the reference encryption and decryption routines in C, released into the public domain by David Wheeler and Roger Needham: #include void encrypt (uint32_t v const uint32_t k void decrypt (uint32_t v const uint32_t k Note that the reference implementation acts on multi-byte numeric values. The original paper does not specify how to derive the numbers it acts on from binary or other content.


See also

*
RC4 In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...
– A
stream cipher stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream ( keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystrea ...
that, just like TEA, is designed to be very simple to implement. *
XTEA In cryptography, XTEA (eXtended TEA) is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished ...
– First version of Block TEA's successor. *
XXTEA In cryptography, Corrected Block TEA (often referred to as XXTEA) is a block cipher designed to correct weaknesses in the original Block TEA. XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work. See crypta ...
– Corrected Block TEA's successor. * Treyfer – A simple and compact encryption algorithm with 64-bit key size and block size.


Notes


References

* * * * * *


External links


Test vectors for TEA

JavaScript implementation of XXTEA with Base64

PHP implementation of XTEA (German language)



JavaScript and PHP implementations of XTEA (Dutch text)

AVR ASM implementation

SEA Scalable Encryption Algorithm for Small Embedded Applications (Standaert, Piret, Gershenfeld, Quisquater - July 2005 UCL Belgium & MIT USA)
{{Cryptography navbox , block Broken block ciphers Computer security in the United Kingdom Feistel ciphers Free ciphers History of computing in the United Kingdom University of Cambridge Computer Laboratory Articles with example C code