微型加密算法
在密码学中,微型加密算法(Tiny Encryption Algorithm,TEA)是一种易于描述和执行的块密码,通常只需要很少的代码就可实现。其设计者是剑桥大学计算机实验室的大卫·惠勒与罗杰·尼达姆。这项技术最初于1994年提交给鲁汶的快速软件加密的研讨会上,并在该研讨会上演讲中首次发表。[2]
 两轮Feistel结构(单周期)的TEA加密 | |
| 概述 | |
|---|---|
| 设计者 | 大卫·惠勒,罗杰·尼达姆 |
| 首次发布 | 1994年 |
| 继承算法 | XTEA |
| 密码细节 | |
| 密钥长度 | 128位 |
| 分组长度 | 64位 |
| 结构 | Feistel network |
| 重复回数 | variable; recommended 64 Feistel rounds (32 cycles) |
| 最佳公开破解 | |
| TEA suffers from equivalent keys (Kelsey et al., 1996) and can be broken using a related-key attack requiring 223 chosen plaintexts and a time complexity of 232.[1] | |
此项技术开源。
属性
TEA操作处理在两个32位无符号整型上(可能源于一个64位数据),并且使用一个128位的密钥。
版本
TEA的第三个版本XXTEA,发表于1998年,进一步提高了TEA算法的安全性。
参考代码
此处引用C语言中加密和解密的改编例程,由大卫·惠勒同罗杰·尼达姆共同发表[2]:
#include <stdint.h>
void encrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i < 32; i++) { /* basic cycle start */
sum += delta;
v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
} /* end cycle */
v[0]=v0; v[1]=v1;
}
void decrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<32; i++) { /* basic cycle start */
v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
} /* end cycle */
v[0]=v0; v[1]=v1;
}
请留意这个参考实现对多字节的处理。原稿中并未指定出如何从二进制或者其他内容中派生出这些得到的数字。
参阅
参考文献
- ^ Kelsey, John; Schneier, Bruce; Wagner, David. Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X NewDES, RC2, and TEA. Lecture Notes in Computer Science. 1997, 1334: 233–246. doi:10.1007/BFb0028479.
- ^ 2.0 2.1 Wheeler, David J.; Needham, Roger M. TEA, a tiny encryption algorithm. Lecture Notes in Computer Science (Leuven, Belgium: Fast Software Encryption: Second International Workshop). 1994-12-16, 1008: 363–366.
引用
- 安德姆, 维克拉姆 雷迪. 微型加密算法的安全性分析,硕士论文 (PDF). 塔斯卡卢萨: 阿拉巴马大学. 2003. (原始内容 (PDF)存档于2012-03-31).
- Hernández, Julio César; Isasi, Pedro; Ribagorda, Arturo. An application of genetic algorithms to the cryptoanalysis of one round TEA. Proceedings of the 2002 Symposium on Artificial Intelligence and its Application. 2002.
- Hernández, Julio César; Sierra, José María; Isasi, Pedro; Ribargorda. Arturo. Finding efficient distinguishers for cryptographic mappings, with an application to the block cipher TEA. Proceedings of the 2003 Congress on Evolutionary Computation. 2003, 3: 2189. doi:10.1109/CEC.2003.1299943.
- Hernández, Julio César; Sierra, José María; Ribagorda, Arturo; Ramos, Benjamín; Mex-Perera, J. C. Distinguishing TEA from a random permutation: Reduced round versions of TEA do not have the SAC or do not generate random numbers (PDF). Proceedings of the IMA Int. Conf. on Cryptography and Coding 2001. 2001: 374–377. doi:10.1007/3-540-45325-3_34. [永久失效链接]
- Moon, Dukjae; Hwang, Kyungdeok; Lee, Wonil; Lee, Sangjin; Lim, Jongin. Impossible differential cryptanalysis of reduced round XTEA and TEA (PDF). Lecture Notes in Computer Science. 2002, 2365: 49–60. doi:10.1007/3-540-45661-9_4.
- Hong, Seokhie; Hong, Deukjo; Ko, Youngdai; Chang, Donghoon; Lee, Wonil; Lee, Sangjin. Differential cryptanalysis of TEA and XTEA. In Proceedings of ICISC 2003. 2003. doi:10.1007/978-3-540-24691-6_30.
外部链接
- A Cryptanalysis of the Tiny Encryption Algorithm
- A web page advocating TEA and providing a variety of implementations
- Test vectors for TEA
- A survey of TEA and XTEA and their cryptanalysis
- JavaScript implementation of XXTEA with Base64
- PHP implementation of XTEA
- JavaScript implementation of TEA
- JavaScript and PHP implementations of XTEA (English text)
- Ruby implementation of XXTEA with Base64
- LGPL Java/J2ME implementation of TEA
- Visual Basic.NET implementation of TEA
- A Bitsliced implementation of TEA
- AVR ASM implementation