XTEA
Encyclopedia
In cryptography
, XTEA (eXtended TEA) is a block cipher
designed to correct weaknesses in TEA
. The cipher
's designers were David Wheeler and Roger Needham
of the Cambridge Computer Laboratory
, and the algorithm was presented in an unpublished technical report in 1997 (Needham and Wheeler, 1997). It is not subject to any patent
s.
Like TEA, XTEA is a 64-bit block
Feistel network with a 128-bit key and a suggested 64 rounds. Several differences from TEA are apparent, including a somewhat more complex key-schedule
and a rearrangement of the shifts, XORs, and additions.
Presented along with XTEA was a variable-width block cipher termed Block TEA, which uses the XTEA round function but applies it cyclically across an entire message for several iterations. Because it operates on the entire message, Block TEA has the property that it does not need a mode of operation
. An attack on the full Block TEA was described in (Saarinen, 1998), which also details a weakness in Block TEA's successor, XXTEA
.
, the best attack reported on XTEA is a related-key
differential attack on 27 out of 64 rounds of XTEA, requiring 220.5 chosen plaintexts and a time complexity
of 2115.15 (Ko et al., 2004).
source code, adapted from the reference code released into the public domain
by David Wheeler and Roger Needham, encrypts and decrypts using XTEA:
The changes from the reference source code are minor:
The recommended value for the "num_rounds" parameter is 32, not 64, as each iteration of the loop does two Feistel-network rounds. To additionally improve speed, the loop can be unrolled by pre-computing the values of sum+key[].
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, XTEA (eXtended TEA) is a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
designed to correct weaknesses in TEA
Tiny Encryption Algorithm
In cryptography, the Tiny Encryption Algorithm is a block cipher notable for its simplicity of description and implementation, typically a few lines of code...
. The cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
's designers were David Wheeler and Roger Needham
Roger Needham
Roger Michael Needham, CBE, FRS, FREng was a British computer scientist.-Early life:He attended Doncaster Grammar School for Boys in Doncaster ....
of the Cambridge Computer Laboratory
University of Cambridge Computer Laboratory
The Computer Laboratory is the computer science department of the University of Cambridge. As of 2007, it employs 35 academic staff, 25 support staff, 35 affiliated research staff, and about 155 research students...
, and the algorithm was presented in an unpublished technical report in 1997 (Needham and Wheeler, 1997). It is not subject to any patent
Patent
A patent is a form of intellectual property. It consists of a set of exclusive rights granted by a sovereign state to an inventor or their assignee for a limited period of time in exchange for the public disclosure of an invention....
s.
Like TEA, XTEA is a 64-bit block
Block size (cryptography)
In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...
Feistel network with a 128-bit key and a suggested 64 rounds. Several differences from TEA are apparent, including a somewhat more complex key-schedule
Key schedule
[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...
and a rearrangement of the shifts, XORs, and additions.
Presented along with XTEA was a variable-width block cipher termed Block TEA, which uses the XTEA round function but applies it cyclically across an entire message for several iterations. Because it operates on the entire message, Block TEA has the property that it does not need a mode of operation
Block cipher modes of operation
In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
. An attack on the full Block TEA was described in (Saarinen, 1998), which also details a weakness in Block TEA's successor, XXTEA
XXTEA
In cryptography, Corrected Block TEA is a block cipher designed to correct weaknesses in the original Block TEA.XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work...
.
, the best attack reported on XTEA is a related-key
Related-key attack
In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the keys is known to the attacker...
differential attack on 27 out of 64 rounds of XTEA, requiring 220.5 chosen plaintexts and a time complexity
Time complexity
In computer science, the time complexity of an algorithm quantifies the amount of time taken by an algorithm to run as a function of the size of the input to the problem. The time complexity of an algorithm is commonly expressed using big O notation, which suppresses multiplicative constants and...
of 2115.15 (Ko et al., 2004).
Implementations
This standard CC (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
source code, adapted from the reference code released into the public domain
Public domain
Works are in the public domain if the intellectual property rights have expired, if the intellectual property rights are forfeited, or if they are not covered by intellectual property rights at all...
by David Wheeler and Roger Needham, encrypts and decrypts using XTEA:
The changes from the reference source code are minor:
- The reference source code used the
unsigned long
type rather than the 64-bit64-bit64-bit is a word size that defines certain classes of computer architecture, buses, memory and CPUs, and by extension the software that runs on them. 64-bit CPUs have existed in supercomputers since the 1970s and in RISC-based workstations and servers since the early 1990s...
cleanuint32_t
. - The reference source code did not use
const
types. - The reference source code omitted redundant parentheses, using C precedence to write the round function as e.g.
v1 += (v0<<4 ^ v0>>5) + v0 ^ sum + k[sum>>11 & 3]
;
The recommended value for the "num_rounds" parameter is 32, not 64, as each iteration of the loop does two Feistel-network rounds. To additionally improve speed, the loop can be unrolled by pre-computing the values of sum+key[].
See also
- RC4RC4In cryptography, RC4 is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer and WEP...
— A stream cipherStream cipherIn cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
that, just like XTEA, is designed to be very simple to implement. - XXTEAXXTEAIn cryptography, Corrected Block TEA is a block cipher designed to correct weaknesses in the original Block TEA.XXTEA is vulnerable to a chosen-plaintext attack requiring 259 queries and negligible work...
— Block TEA's successor. - TEATiny Encryption AlgorithmIn cryptography, the Tiny Encryption Algorithm is a block cipher notable for its simplicity of description and implementation, typically a few lines of code...
— Block TEA's precursor.
External links
- DataFlow Diagram
- A web page advocating TEA and XTEA and providing a variety of implementations
- Test vectors for TEA and XTEA
- A Cryptanalysis of the Tiny Encryption Algorithm
- PHP implementation of XTEA
- Pascal/Delphi implementation of XTEA
- Java implementation of XTEA (32 rounds)
- Python implementation of XTEA
- Linden Scripting Language (LSL) implementation of XTEA for Second Life scripting
- Verilog implementation of XTEA