cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...

, XTEA (eXtended TEA) is a

block cipher In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called ''blocks''. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage a ...

designed to correct weaknesses in

TEA Tea is an aromatic beverage prepared by pouring hot or boiling water over cured or fresh leaves of '' Camellia sinensis'', an evergreen shrub native to East Asia which probably originated in the borderlands of south-western China and nor ...

. The

cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...

's designers were David Wheeler and

Roger Needham Roger Michael Needham (9 February 1935 – 1 March 2003) was a British computer scientist. Early life and education Needham was born in Birmingham, England, the only child of Phyllis Mary, ''née'' Baker (''c''.1904–1976) and Leonard Wil ...

of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished technical report in 1997 (Needham and Wheeler, 1997). It is not subject to any

patent A patent is a type of intellectual property that gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of time in exchange for publishing an sufficiency of disclosure, enabling discl ...

s. Like TEA, XTEA is a 64-bit block

Feistel cipher In cryptography, a Feistel cipher (also known as Luby–Rackoff block cipher) is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel, who did pioneering resear ...

with a 128-bit key and a suggested 64 rounds. Several differences from TEA are apparent, including a somewhat more complex key-schedule and a rearrangement of the shifts,

XOR Exclusive or, exclusive disjunction, exclusive alternation, logical non-equivalence, or logical inequality is a logical operator whose negation is the logical biconditional. With two inputs, XOR is true if and only if the inputs differ (one ...

s, and additions.

Implementations

This standard C source code, adapted from the reference code released into the

public domain The public domain (PD) consists of all the creative work to which no Exclusive exclusive intellectual property rights apply. Those rights may have expired, been forfeited, expressly Waiver, waived, or may be inapplicable. Because no one holds ...

by David Wheeler and Roger Needham, encrypts and decrypts using XTEA: #include /* take 64 bits of data in v and v and 128 bits of key - key */ void encipher(unsigned int num_rounds, uint32_t v uint32_t const key void decipher(unsigned int num_rounds, uint32_t v uint32_t const key The changes from the reference source code are minor: * The reference source code used the unsigned long type rather than the

64-bit In computer architecture, 64-bit integers, memory addresses, or other data units are those that are 64 bits wide. Also, 64-bit central processing units (CPU) and arithmetic logic units (ALU) are those that are based on processor registers, a ...

clean uint32_t. * The reference source code did not use const types. * The reference source code omitted redundant parentheses, using C precedence to write the round function as e.g.

v1 += (v0<<4 ^ v0>>5) + v0 ^ sum + k um>>11 & 3/code>;

The recommended value for the "num_rounds" parameter is 32, not 64, as each iteration of the loop does two Feistel-cipher rounds. To additionally improve speed, the loop can be unrolled by pre-computing the values of sum+key[].

 Cryptanalysis


In 2004, Ko et al. presented a related-key attack, related-key differential attack on 27 out of 64 rounds of XTEA, requiring 2^20.5 chosen plaintexts and a time complexity 



In theoretical computer science, the time complexity is the  computational complexity that describes the amount of computer time it takes to run an algorithm. Time complexity is commonly estimated by counting the number of elementary operations  ...
 of 2^115.15.

In 2009, Lu presented a related-key rectangle attack on 36 rounds of XTEA, breaking more rounds than any previously published cryptanalytic results for XTEA. The paper presents two attacks, one without and with a weak key assumption, which corresponds to 2^64.98 bytes of data and 2^126.44 operations, and 2^63.83 bytes of data and 2^104.33 operations respectively.

 Block TEA

Presented along with XTEA was a variable-width block cipher termed Block TEA, which uses the XTEA round function, but Block TEA applies it cyclically across an entire message for several iterations. Because it operates on the entire message, Block TEA has the property that it does not need a  mode of operation. An attack on the full Block TEA was described by Saarinen, which also details a weakness in Block TEA's successor, XXTEA 


In cryptography, Corrected Block TEA (often referred to as XXTEA) is a block cipher designed to correct weaknesses in the original  Block TEA.

XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work. See crypta ...
.

 See also

* Ascon Ascon and ASCON may refer to:
*  Ascon (cipher), a lightweight cipher
* Asconoid, a wall structure of sponges
* The original name of Ascaron 


Ascaron Entertainment was a video game developer based in Germany. Founded as Ascon by Holger Flöttmann  ...
 — A NIST 




The National Institute of Standards and Technology (NIST) is an agency of the  United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into  physical s ...
-select lightweight authenticated cipher.
* RC4 




In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...
 — A stream cipher 



 stream cipher is a  symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream ( keystream). In a stream cipher, each plaintext  digit is encrypted one at a time with the corresponding digit of the keystrea ...
 that, just like XTEA, is designed to be very simple to implement.
* TEA 






Tea is an  aromatic beverage prepared by pouring hot or  boiling water over  cured or fresh leaves of '' Camellia sinensis'', an evergreen shrub native to East Asia which probably originated in the borderlands of  south-western China and  nor ...
 — Block TEA's precursor.
* XXTEA 


In cryptography, Corrected Block TEA (often referred to as XXTEA) is a block cipher designed to correct weaknesses in the original  Block TEA.

XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work. See crypta ...
 — Block TEA's successor.

 References



 Further reading

*
*
* 

 External links

DataFlow Diagram
* ttp://www.cix.co.uk/~klockstone/teavect.htm Test vectors for TEA and XTEAbr>A Cryptanalysis of the Tiny Encryption AlgorithmPHP implementation of XTEAPascal/Delphi implementation of XTEAJavaScript implementation of XTEA (32 rounds)Linden Scripting Language (LSL) implementation of XTEA for Second Life scriptingPostgreSQL implementation of XTEA
{{Cryptography navbox ,  block

 Computer security in the United Kingdom
 Feistel ciphers
 Free ciphers
 History of computing in the United Kingdom
 University of Cambridge Computer Laboratory
 Articles with example C code