International Data Encryption Algorithm
IDEA | |
---|---|
An encryption round of IDEA | |
General | |
Designer(s) | James Massey, Xuejia Lai |
First published | 1991 |
Derived from | PES |
Cipher(s) based on this design | MESH |
Algorithm detail | |
Block size(s) | 64 bits |
Key size(s) | 128 bits |
Structure | Substitution-permutation network |
Number of rounds | 8.5 |
Best cryptanalysis | |
A collision attack requiring 2^{24} chosen plaintexts breaks 5 rounds with a complexity of 2^{126} (Demirci et al, 2003). |
IDEA was designed under a research contract with the Hasler Foundation, which became part of Ascom-Tech AG. IDEA is patented (US patent 5,214,703) but is free for non-commercial use. The patents will expire in 2010–2011.
Table of contents |
2 Security 3 References 4 External links |
How it works
IDEA operates on 64-bit blocks using a 128-bit key, and consists of eight identical transformations (a round, see the illustration) and an output transformation (the half-round). The processes for encryption and decryption are similar. IDEA derives much of its security by interleaving operations from different groups — modular addition and multiplication, and bitwise eXclusive OR (XOR) — which are algebraically "incompatible" in some sense. In more detail, these operators, which all deal with 16-bit quantities, are:
- Bitwise eXclusive OR (denoted with a blue '+' in a circle).
- Addition modulo 2^{16} (denoted with a green '+' in a box).
- Multiplication modulo 2^{16}+1, where the all-zero word (0x0000) is interpreted as 2^{16} (denoted by a red dotted circle).
Security
The designers analysed IDEA to measure its strength against differential cryptanalysis and concluded that it is immune under certain assumptions. No successful linear or algebraic weaknesses have been reported. Some classes of weak keys have been found — e.g. (Daemen et al, 1994) — but these are of little concern in practice, being so rare as to be unnecessary to avoid explicitly. As of 2004, the best attack which applies to all keys breaks 5 out of 8.5 rounds (Demirci et al, 2003).Bruce Schneier thought highly of IDEA in 1996, writing, "In my opinion, it is the best and most secure block algorithm available to the public at this time." (Applied Cryptography, 2nd ed.) However, by 1999 he was no longer recommending IDEA due to the availability of faster algorithms, some progress in its cryptanalysis, and the issue of patents [1].
References
- J. Daemen, R. Govaerts, and J. Vandewalle, Weak keys for IDEA, Crypto '93. pp224–231.
- Hüseyin Demirci, Erkan Türe, Ali Aydin Selçuk, A New Meet in the Middle Attack on The IDEA Block Cipher, 10th Annual Workshop on Selected Areas in Cryptography, 2003.
- X. Lai, J.L. Massey and S. Murphy, Markov ciphers and differential cryptanalysis, Advances in Cryptology — Eurocrypt '91, Springer-Verlag (1992), pp17–38.
External links
Block ciphers |
Algorithms: 3-Way | AES | Blowfish | Camellia | CAST-128 | CAST-256 | CMEA | DEAL | DES | DES-X | FEAL | G-DES | GOST | IDEA | Iraqi | KASUMI | KHAZAD | Khufu and Khafre; | LOKI89/91 | LOKI97 | Lucifer | MacGuffin | Madryga | MAGENTA | MARS | MISTY1 | MMB | NewDES | RC2 | RC5 | RC6 | Red Pike; | S-1 | SAFER | Serpent | SHARK | Skipjack | Square | TEA | Triple DES; | Twofish | XTEA |
Design: Feistel network; | Key schedule; | Product cipher; | S-box | SPN Attacks: Brute force; | Linear / Differential cryptanalysis | Mod n; | XSL Standardisation: AES process; | CRYPTREC | NESSIE Misc: Avalanche effect | Block size; | IV | Key size; | Modes of operation; | Piling-up lemma; | Weak key; |