# Tiny Encryption Algorithm

Last updated

General Two Feistel rounds (one cycle) of TEA  Roger Needham, David Wheeler 1994 XTEA 128 bits 64 bits Feistel network variable; recommended 64 Feistel rounds (32 cycles) TEA suffers from equivalent keys (see text; Kelsey et al., 1996) and can be broken using a related-key attack requiring 223 chosen plaintexts and a time complexity of 232.  The best structural cryptanalysis of TEA in the standard single secret key setting is the zero-correlation cryptanalysis breaking 21 rounds in 2121.5 time with less than the full code book 

In cryptography, the Tiny Encryption Algorithm (TEA) is a block cipher notable for its simplicity of description and implementation, typically a few lines of code. It was designed by David Wheeler and Roger Needham of the Cambridge Computer Laboratory; it was first presented at the Fast Software Encryption workshop in Leuven in 1994, and first published in the proceedings of that workshop. 

## Contents

The cipher is not subject to any patents.

## Properties

TEA operates on two 32-bit unsigned integers (could be derived from a 64-bit data block) and uses a 128-bit key. It has a Feistel structure with a suggested 64 rounds, typically implemented in pairs termed cycles. It has an extremely simple key schedule, mixing all of the key material in exactly the same way for each cycle. Different multiples of a magic constant are used to prevent simple attacks based on the symmetry of the rounds. The magic constant, 2654435769 or 0x9E3779B9 is chosen to be ⌊232𝜙⌋, where 𝜙 is the golden ratio (as a nothing-up-my-sleeve number). 

TEA has a few weaknesses. Most notably, it suffers from equivalent keys—each key is equivalent to three others, which means that the effective key size is only 126 bits.  As a result, TEA is especially bad as a cryptographic hash function. This weakness led to a method for hacking Microsoft's Xbox game console, where the cipher was used as a hash function.  TEA is also susceptible to a related-key attack which requires 223 chosen plaintexts under a related-key pair, with 232 time complexity.  Because of these weaknesses, the XTEA cipher was designed.

## Versions

The first published version of TEA was supplemented by a second version that incorporated extensions to make it more secure. Block TEA (which was specified along with XTEA) operates on arbitrary-size blocks in place of the 64-bit blocks of the original.

A third version (XXTEA), published in 1998, described further improvements for enhancing the security of the Block TEA algorithm.

## Reference code

Following is an adaptation of the reference encryption and decryption routines in C, released into the public domain by David Wheeler and Roger Needham: 

`#include<stdint.h>voidencrypt(uint32_tv,constuint32_tk){uint32_tv0=v,v1=v,sum=0,i;/* set up */uint32_tdelta=0x9E3779B9;/* a key schedule constant */uint32_tk0=k,k1=k,k2=k,k3=k;/* cache key */for(i=0;i<32;i++){/* basic cycle start */sum+=delta;v0+=((v1<<4)+k0)^(v1+sum)^((v1>>5)+k1);v1+=((v0<<4)+k2)^(v0+sum)^((v0>>5)+k3);}/* end cycle */v=v0;v=v1;}voiddecrypt(uint32_tv,constuint32_tk){uint32_tv0=v,v1=v,sum=0xC6EF3720,i;/* set up; sum is (delta << 5) & 0xFFFFFFFF */uint32_tdelta=0x9E3779B9;/* a key schedule constant */uint32_tk0=k,k1=k,k2=k,k3=k;/* cache key */for(i=0;i<32;i++){/* basic cycle start */v1-=((v0<<4)+k2)^(v0+sum)^((v0>>5)+k3);v0-=((v1<<4)+k0)^(v1+sum)^((v1>>5)+k1);sum-=delta;}/* end cycle */v=v0;v=v1;}`

Note that the reference implementation acts on multi-byte numeric values. The original paper does not specify how to derive the numbers it acts on from binary or other content.

4. Wheeler, David J.; Needham, Roger M. (16 December 1994). "TEA, a tiny encryption algorithm". Fast Software Encryption. Lecture Notes in Computer Science. Vol. 1008. Leuven, Belgium. pp. 363–366. doi:10.1007/3-540-60590-8_29. ISBN   978-3-540-60590-4.`{{cite book}}`: CS1 maint: location missing publisher (link)