In cryptography

Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

, the Tiny Encryption Algorithm (TEA) is a block cipher

Block cipher

In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...

 notable for its simplicity of description and implementation

Implementation

Implementation is the realization of an application, or execution of a plan, idea, model, design, specification, standard, algorithm, or policy.-Computer Science:...

, typically a few lines of code. It was designed by David Wheeler and Roger Needham

Roger Needham

Roger Michael Needham, CBE, FRS, FREng was a British computer scientist.-Early life:He attended Doncaster Grammar School for Boys in Doncaster ....

 of the Cambridge Computer Laboratory; it was first presented at the Fast Software Encryption

Fast Software Encryption

Fast Software Encryption, often abbreviated FSE, is a workshop for cryptography research, focused on symmetric-key cryptography with an emphasis on fast, practical techniques, as opposed to theory...

 workshop in Leuven

Leuven

Leuven is the capital of the province of Flemish Brabant in the Flemish Region, Belgium...

 in 1994, and first published in the proceedings of that workshop.

The cipher is not subject to any patent

Patent

A patent is a form of intellectual property. It consists of a set of exclusive rights granted by a sovereign state to an inventor or their assignee for a limited period of time in exchange for the public disclosure of an invention....

s.

Properties

TEA operates on 64-bit blocks

Block size (cryptography)

In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...

 and uses a 128-bit key

Key (cryptography)

In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...

. It has a Feistel structure with a suggested 64 rounds, typically implemented in pairs termed cycles. It has an extremely simple key schedule

Key schedule

[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...

, mixing all of the key material in exactly the same way for each cycle. Different multiples of a magic constant

Magic number (programming)

In computer programming, the term magic number has multiple meanings. It could refer to one or more of the following:* A constant numerical or text value used to identify a file format or protocol; for files, see List of file signatures...

 are used to prevent simple attacks based on the symmetry

Symmetry

Symmetry generally conveys two primary meanings. The first is an imprecise sense of harmonious or aesthetically pleasing proportionality and balance; such that it reflects beauty or perfection...

 of the rounds. The magic constant, 2654435769 or 9E3779B9₁₆ is chosen to be 2³²/ϕ, where ϕ is the golden ratio

Golden ratio

In mathematics and the arts, two quantities are in the golden ratio if the ratio of the sum of the quantities to the larger quantity is equal to the ratio of the larger quantity to the smaller one. The golden ratio is an irrational mathematical constant, approximately 1.61803398874989...

.

TEA has a few weaknesses. Most notably, it suffers from equivalent keys—each key is equivalent to three others, which means that the effective key size is only 126 bit

Bit

A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...

s. As a result, TEA is especially bad as a cryptographic hash function

Cryptographic hash function

A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...

. This weakness led to a method for hacking Microsoft

Microsoft

Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

's Xbox

Xbox

The Xbox is a sixth-generation video game console manufactured by Microsoft. It was released on November 15, 2001 in North America, February 22, 2002 in Japan, and March 14, 2002 in Australia and Europe and is the predecessor to the Xbox 360. It was Microsoft's first foray into the gaming console...

 game console, where the cipher was used as a hash function. TEA is also susceptible to a related-key attack

Related-key attack

In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the keys is known to the attacker...

 which requires 2²³ chosen plaintexts under a related-key pair, with 2³² time complexity. Because of these weaknesses, the XTEA

XTEA

In cryptography, XTEA is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished technical report in 1997...

 cipher was designed.

Versions

The first published version of TEA was supplemented by a second version that incorporated extensions to make it more secure. Block TEA (sometimes referred to as XTEA

XTEA

In cryptography, XTEA is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished technical report in 1997...

) operates on arbitrary-size blocks in place of the 64-bit blocks of the original.

A third version (XXTEA

XXTEA

In cryptography, Corrected Block TEA is a block cipher designed to correct weaknesses in the original Block TEA.XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work...

), published in 1998, described further improvements for enhancing the security of the Block TEA algorithm.

Reference code

Following is an adaptation of the reference encryption and decryption routines in C

C (programming language)

C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....

, released into the public domain by David Wheeler and Roger Needham:

1. include

void encrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i < 32; i++) { /* basic cycle start */
sum += delta;
v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
} /* end cycle */
v[0]=v0; v[1]=v1;
}

void decrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<32; i++) { /* basic cycle start */
v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
} /* end cycle */
v[0]=v0; v[1]=v1;
}


Note that the reference implementation is bound to a specific processor microarchitecture

Microarchitecture

In computer engineering, microarchitecture , also called computer organization, is the way a given instruction set architecture is implemented on a processor. A given ISA may be implemented with different microarchitectures. Implementations might vary due to different goals of a given design or...

 meaning that byte order considerations are important when ciphertext is shared and processed on different systems. The original paper does not specify any details about microprocessor architecture and so anyone implementing a system using TEA would need to make those specifications for themselves.

See also

• RC4
  RC4
  In cryptography, RC4 is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer and WEP...
  
   - A stream cipher
  Stream cipher
  In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
  
   that, just like TEA, is designed to be very simple to implement.
• XTEA
  XTEA
  In cryptography, XTEA is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished technical report in 1997...
  
   - First version of Block TEA's successor.
• XXTEA
  XXTEA
  In cryptography, Corrected Block TEA is a block cipher designed to correct weaknesses in the original Block TEA.XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work...
  
  - Corrected Block TEA's successor.

External links

• A Cryptanalysis of the Tiny Encryption Algorithm
• A web page advocating TEA and providing a variety of implementations
• Test vectors for TEA
• A survey of TEA and XTEA and their cryptanalysis
• JavaScript implementation of XXTEA with Base64
• PHP implementation of XTEA
• JavaScript implementation of TEA
• JavaScript and PHP implementations of XTEA (English text)
• Ruby implementation of XXTEA with Base64
• LGPL Java/J2ME implementation of TEA
• Visual Basic.NET implementation of TEA
• A Bitsliced implementation of TEA