Nothing Special   »   [go: up one dir, main page]

XTEA

XTEA

Infobox block cipher
name = XTEA


caption = Two Feistel rounds (one cycle) of XTEA
designers = Roger Needham, David Wheeler
publish date = 1997
derived from = TEA
derived to = Corrected Block TEA
key size = 128 bits
block size = 64 bits
structure = Feistel network
rounds = variable; recommended 64 Feistel rounds (32 cycles)
cryptanalysis = A related-key differential attack can break 26 out of 64 rounds of XTEA, requiring 220.5 chosen plaintexts and a time complexity of 2115.15 (Ko et al, 2004).

In cryptography, XTEA (eXtended TEA) is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished technical report in 1997 (Needham and Wheeler, 1997). It is not subject to any patents.

Like TEA, XTEA is a 64-bit block Feistel network with a 128-bit key and a suggested 64 rounds. Several differences from TEA are apparent, including a somewhat more complex key-schedule and a rearrangement of the shifts, XORs, and additions.

Presented along with XTEA was a variable-width block cipher termed "Block TEA", which uses the XTEA round function but applies it cyclically across an entire message for several iterations. Because it operates on the entire message, Block TEA has the property that it does not need a mode of operation. An attack on the full Block TEA was described in (Saarinen, 1998), which also details a weakness in Block TEA's successor, XXTEA.

As of 2004, the best attack reported on XTEA is a related-key differential attack on 26 out of 64 rounds of XTEA, requiring 220.5 chosen plaintexts and a time complexity of 2115.15 (Ko et al, 2004).

The unusually small size of the XTEA algorithm would make it a viable option in situations where there are extreme constraints e.g. legacy hardware systems (perhaps embedded) where the amount of available RAM is minimal.

Implementations

This standard C source code, released into the public domain by David Wheeler and Roger Needham, encrypts and decrypts using XTEA:

void encipher(unsigned int num_rounds, unsigned long* v, unsigned long* k) { unsigned long v0=v [0] , v1=v [1] , i; unsigned long sum=0, delta=0x9E3779B9; for(i=0; i> 5)) + v1) ^ (sum + k [sum & 3] ); sum += delta; v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k [(sum>>11) & 3] ); } v [0] =v0; v [1] =v1;}

void decipher(unsigned int num_rounds, unsigned long* v, unsigned long* k) { unsigned long v0=v [0] , v1=v [1] , i; unsigned long delta=0x9E3779B9, sum=delta*num_rounds; for(i=0; i> 5)) + v0) ^ (sum + k [(sum>>11) & 3] ); sum -= delta; v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k [sum & 3] ); } v [0] =v0; v [1] =v1;}

This code is not 64-bit clean: it will operate incorrectly (and in 128-bit blocks) on platforms where unsigned longs are 64 bits. If portability is a concern, these must be changed to a guaranteed 32-bit type, such as uint32_t from stdint.h. In Java, use the data type 'int' and the operator >>> instead of >>.

The recommended value for the "num_rounds" parameter is 32, not 64, as each iteration of the loop does two Feistel-network rounds. To additionally improve speed, the loop can be unrolled by pre-computing the values of sum+k [] .

ee also

* RC4 - A stream cipher that, just like XTEA, is designed to be very simple to implement.
* XXTEA - Block TEA's successor.
* TEA - Block TEA's precursor.

References

*Youngdai Ko, Seokhie Hong, Wonil Lee, Sangjin Lee, and Jongin Lim. "Related key differential attacks on 26 rounds of XTEA and full rounds of GOST." In "Proceedings of FSE '04", Lecture Notes in Computer Science, 2004. Springer-Verlag.
*Seokhie Hong, Deukjo Hong, Youngdai Ko, Donghoon Chang, Wonil Lee, and Sangjin Lee. "Differential cryptanalysis of TEA and XTEA." In "Proceedings of ICISC 2003", 2003b.
*Dukjae Moon, Kyungdeok Hwang, Wonil Lee, Sangjin Lee, and Jongin Lim. "Impossible differential cryptanalysis of reduced round XTEA and TEA." Lecture Notes in Computer Science, 2365: 49-60, 2002. ISSN 0302-9743.
*Roger M. Needham and David J. Wheeler. "Tea extensions." Technical report, Computer Laboratory, University of Cambridge, October 1997 [http://www.cix.co.uk/~klockstone/xtea.pdf (PDF)] .
* Vikram Reddy Andem. A Cryptanalysis of the Tiny Encryption Algorithm, Masters thesis, The University of Alabama, Tuscaloosa, 2003.
*Markku-Juhani Saarinen. "Cryptanalysis of Block TEA." Unpublished manuscript, October 1998. Can be found on the author's homepage or in the sci.crypt.research Usenet archive.

External links

* [http://commons.wikimedia.org/wiki/
]
* [http://143.53.36.235:8080/tea.htm A web page advocating TEA and XTEA and providing a variety of implementations]
* [http://www.cix.co.uk/~klockstone/teavect.htm Test vectors for TEA and XTEA]
* [http://www.cs.ua.edu/SecurityResearchGroup/VRAndem.pdf A Cryptanalysis of the Tiny Encryption Algorithm]
* [http://www-users.cs.york.ac.uk/~matthew/TEA/TEA.html A survey of TEA and XTEA and their cryptanalysis] (DEAD)
* [http://www.farfarfar.com/scripts/encrypt/ JavaScript implementation of XXTEA with Base64]
* [http://www.php-einfach.de/sonstiges_generator_xtea.php PHP implementation of XTEA]
* [http://www.irnis.net/soft/xted/ Pascal/Delphi implementation of XTEA]
* [http://www.coolcode.cn/?p=128 JavaScript and PHP implementation of XXTEA]
* [http://pear.php.net/package/Crypt_XXTEA PHP-library for XXTEA: Crypt_XXTEA (from the PEAR-project)]
* [http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496737 Python implementation of XTEA]
* [http://www.jools.net/projects/ruby/crypto/ Ruby implementation of XXTEA with Base64]
* [http://www.movable-type.co.uk/scripts/TEAblock.html Annotated JavaScript implementation of Block TEA (xxtea)]
* [http://wiki.secondlife.com/wiki/XTEA_Strong_Encryption_Implementation Linden Scripting Language (LSL) implementation of XTEA for Second Life scripting]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • XTEA — Создатель: Дэвид Уилер и Роджер Нидхэм Создан: 1997 г …   Википедия

  • XTEA — Zwei Feistel Runden (ein Zyklus) von XTEA Entwickler Roger Needham, David Wheeler Veröffentlicht 1997 Abgeleitet von …   Deutsch Wikipedia

  • XTEA — En cryptographie, XTEA (eXtended TEA) est un algorithme de chiffrement conçu pour corriger les faiblesses de TEA. David Wheeler et Roger Needham, de l université de Cambridge, ont conçu cet algorithme qui fut proposé dans un rapport technique non …   Wikipédia en Français

  • Extended Tiny Encryption Algorithm — XTEA Zwei Feistel Runden (ein Zyklus) von XTEA Entwickler Roger Needham, David Wheeler Veröffentlicht 1997 Abgeleitet von …   Deutsch Wikipedia

  • TEA — Эту статью следует викифицировать. Пожалуйста, оформите её согласно правилам оформления статей. У этого термина существуют и другие значения, см. TEA (значения) …   Википедия

  • Extended Tiny Encryption Algorithm — (XTEA (eXtended TEA) es un algoritmo criptográfico utilizado para el cifrado por bloques, al igual que el algoritmo TEA (presentado en 1994), pero corrigiendo las deficiencias de éste último. Sus diseñadores fueron David Wheeler y Roger Needham… …   Wikipedia Español

  • XXTEA — Corrected Block TEA (XXTEA) One round of XXTEA General Designers David Wheeler, Roger Needham First published October 1998 Derived from …   Wikipedia

  • Tiny Encryption Algorithm — Infobox block cipher name = TEA caption = Two Feistel rounds (one cycle) of TEA designers = Roger Needham, David Wheeler publish date = 1994 derived from = derived to = XTEA key size = 128 bits block size = 64 bits structure = Feistel network… …   Wikipedia

  • Tiny Encryption Algorithm — En criptografía, el Tiny Encryption Algorithm (TEA) (Algoritmo Diminuto de Cifrado) es un algoritmo para el cifrado por bloques notable por su simplicidad de descripción e implementación (generalmente unas pocas líneas de código). Fue diseñado… …   Wikipedia Español

  • XXTEA — Создатель: Дэвид Вилер Создан: 1998 г. Опубликован: 1998 г …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”