Clever Geek Handbook

Encryption TEA, XTEA, XXTEA

The content of the article

  • Description of the TEA encryption algorithm





  • TEA implementation





  • Eliminate critical TEA errors and get XTEA (Block TEA)





  • XTEA implementation





  • Better yet: XXTEA (Corrected Block TEA)





  • Cryptanalysis of encryption algorithms





Introduction

Let's consider some definitions used in the article. There are two types of encryption: symmetric and asymmetric .





In symmetric encryption algorithms, the same key is used to encrypt data and to decode them. This key should be known only by the sender and the recipient, otherwise the data in the hands of attackers is essentially not encrypted. A person, knowing the key, who should not know, can decrypt the ciphertext and find out that you asked a friend to buy pasta in the store.





In asymmetric encryption algorithms, not one key is already used, but two: public and private . Data is encrypted with a public key, decrypted only with a private one. The public key can be distributed to everyone, but the private key must be kept secret.





TEA, XTEA, XXTEA . , , , .





, , .





.





TEA

TEA a.k.a. Tiny Encryption Algorithm -- . , , .





. 64 , 32 : K_0, K_1, K_2, K_3. 64, . : 32 2 . -- . . :





\ delta = \ left (\ sqrt {5} - 1 \ right) \ cdot 2 ^ {31}-- , . ,





X \ ll Y-- X Y ( )





X \oplus Y-- - XOR





X \boxplus Y-- 2^{32}





n- , : \left( L_n, R_n \right), \left( L_{n+1}, R_{n+1} \right) :





: L_{n+1} = R_n





: n = 2 \cdot i, ~~~ i \in [1; 32] R_{n+1} = L_n \boxplus \left( \left\{ \left[ R_n \ll 4 \right] \boxplus K_2 \right\} \oplus \left\{ R_n \boxplus i \cdot \delta \right\} \oplus \left\{ \left[ R_n \gg 5 \right] \boxplus K_3 \right\} \right)





: n = 2 \cdot i - 1, ~~~ i \in [1; 32] R_{n+1} = L_n \boxplus \left( \left\{ \left[ R_n \ll 4 \right] \boxplus K_0 \right\} \oplus \left\{ R_n \boxplus i \cdot \delta \right\} \oplus \left\{ \left[ R_n \gg 5 \right] \boxplus K_1 \right\} \right)





, . :





- TEA
- TEA

TEA

, TEA . : David J. Wheeler Roger M. Needham. -- .





  • k[0], k[1], k[2], k[3] -- ,





  • v[0], v[1] -- ,





  • encode -- (true), , (false), 





void tea(long* v, long* k, bool encode) {
  unsigned long y = v[0];
  unsigned long z = v[1];
  unsigned long sum = 0;
  unsigned long delta = 0x9e3779b9;
  unsigned long n = 32;
  
  if(encode) {
    
    // encoding
  
    while(n-- > 0) {
      sum += delta;
      y += ((z << 4) + k[0]) ^ (z + sum) ^ ((z >> 5) + k[1]);
      z += ((y << 4) + k[2]) ^ (y + sum) ^ ((y >> 5) + k[3]);
    }
  
  } else {
    
    // decoding
  
    sum = delta << 5;
  
    while(n-- > 0) {
      z -= ((y << 4) + k[2]) ^ (y + sum) ^ ((y >> 5) + k[3]);
      y -= ((z << 4) + k[0]) ^ (z + sum) ^ ((z >> 5) + k[1]);
      sum -= delta;
    }
  }
  
  v[0] = y;
  v[1] = z;
  
  return;
}

XTEA

TEA , , XTEA.





XTEA a.k.a. eXtended TEA -- , TEA. David J. Wheeler Roger M. Needham. TEA, 64 . , TEA , . XTEA . ( 4).





. n- n \in [1; 64] , :\left( L_n, R_n \right), \left( L_{n+1}, R_{n+1} \right) :





: L_{n+1} = R_n





: n = 2 \cdot i, ~~~ i \in [1; 32] R_{n+1} = L_n \boxplus \left( \left\{ \left[ R_n \ll 4 \oplus R_n \gg 5 \right] \boxplus R_n \right\} \oplus \left\{ i \cdot \delta \boxplus K_{\left( i \cdot \delta \gg 11 \right) \wedge 3} \right\} \right)





: n = 2 \cdot i - 1, ~~~ i \in [1; 32] R_ {n + 1} = L_n \ boxplus \ left (\ left \ {\ left [R_n \ ll 4 \ oplus R_n \ gg 5 \ right] \ boxplus R_n \ right \} \ oplus \ left \ {\ left (i - 1 \ right) \ cdot \ delta \ boxplus K _ {\ left (\ left (i - 1 \ right) \ cdot \ delta \ right) \ wedge 3} \ right \} \ right)





:





XTEA block diagram
- XTEA

XTEA

, David J. Wheeler Roger M. Needham . , ( ), .





  • v -- 2





  • k -- 4





  • N -- ( 32)





  • long -- 32 





void xtea(long* v, long* k, long N) {
  unsigned long y = v[0];
  unsigned long z = v[1];
  unsigned long delta = 0x9e3779b9;
  
  if(N > 0) {
    
    // encoding
    
    unsigned long limit = delta * N;
    unsigned long sum = 0;
    
    while(sum != limit) {
      y += (z << 4 ^ z >> 5) + z ^ sum + k[sum & 3];
      sum += delta;
      z += (y << 4 ^ y >> 5) + y ^ sum + k[sum >> 11 & 3];
    }
    
  } else {
    
    // decoding
    
    unsigned long sum = delta * (-N);
    
    while (sum) {
      z -= (y << 4 ^ y >> 5) + y ^ sum + k[sum >> 11 & 3];
      sum -= delta;
      y -= (z << 4 ^ z >> 5) + z ^ sum + k[sum & 3];
    }
    
  }
  
  v[0] = y;
  v[1] = z;
  
  return;
}

XTEA : XTEA-1, XTEA-2, XTEA-3. . .





XXTEA

XXTEA a.k.a. Corrected Block TEA (.. XTEA Block TEA) -- , XTEA. , David J. Wheeler Roger M. Needham, . , , , :





  • ,





  • (, ), ,





  • ,





  • " ", ,





  • , , 60 , , DES





, XXTEA . , , , , . . n- :





LR . \ delta , . ( ): K _ {\ left [\ left (\ delta \ cdot n \ gg 2 \ right) \ oplus n \ right] ~ \ text {mod} ~ 4}. :





  • \ alpha = \ left (L \ ll 2 ~ \ oplus ~ R \ gg 5 \ right) \ boxplus \ left (L \ gg 3 ~ \ oplus ~ R \ ll 4 \ right)





  • \ beta = \ left (\ delta \ cdot n ~ \ oplus ~ L \ right) \ boxplus \ left (K _ {\ left [\ left (\ delta \ cdot n \ gg 2 \ right) \ oplus n \ right] ~ \ text {mod} ~ 4} ~ \ oplus ~ R \ right)





: \ left (\ alpha ~ \ oplus ~ \ beta \ right) \ boxplus \ left (LR \ right), ~~~ LR - \ text {whole word}





-:





XXTEA block diagram
- XXTEA

XXTEA

, -- David J. Wheeler Roger M. Needham. .





  • v -- 2





  • k -- 4





  • N --





  • long -- 32 





#define MX (z >> 5 ^ y << 2) + (y >> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z)

long xxtea(long* v, long * k, long N) {
  unsigned long z = v[N - 1];
  unsigned long y = v[0];
  unsigned long sum = 0;
  unsigned long e = 0;
  unsigned long delta = 0x9e3779b9;
  
  long m = 0;
  long p = 0;
  long q = 0;
  
  if(N > 1) {
    
    // encoding
    
    q = 6 + 52 / N;
    
    while(q-- > 0) {
      sum += delta;
      e = sum >> 2 & 3;
      for(p = 0; p < N - 1; p++) {
        y = v[p + 1];
        z = v[p] += MX;
      }
      y = v[0];
      z = v[N - 1] += MX;
    }
    
    return 0;
  } else if(N < -1) {
    
    // decoding
    
    N = -N;
    q = 6 + 52 / N;
    sum = q * delta;
    
    while(sum != 0) {
      e = sum >> 2 & 3;
      for(p = N - 1; p > 0; p--) {
        z = v[p - 1];
        y = v[p] -= MX;
      }
      z = v[N - 1];
      y = v[0] -= MX;
    }
    
    return 0;
  }
  
  return 1;
}

TEA, XTEA, XXTEA

TEA . 17 2 ^ {123}. " " TEA , ( ). : , .





XTEA, , , TEA. - ( XOR) XTEA , TEA. XTEA -- .





XXTEA . E. Yarrkov 2010 XXTEA . . 212 , 6 , . E. Yarrkov , .





  • Roger M. Needham and David J. Wheeler: TEA, a Tiny Encryption Algorithm





  • A. Roger M. Needham and David J. Wheeler: TEA extensions





  • David J. Wheeler, Roger M. Needham: Correction to XTEA





  • Elias Yarrkov: Cryptoanalysis of XXTEA











More articles:


All Articles