TEA, a Tiny Encryption Algorithm

We give a short routine which is based on a Feistel iteration and uses a large number of rounds to get security with simplicity. Introduction We design a short program which will run on most machines and encypher safely. It uses a large number of iterations rather than a complicated program. It is hoped that it can easily be translated into most languages in a compatible way. The rst program is given below. It uses little set up time and does a weak non linear iteration enough rounds to make it secure. There are no preset tables or long set up times. It assumes 32 bit words. Encode Routine Routine, written in the C language, for encoding with key k[0] k[3]. Data in v[0] and v[1]. void code(long* v, long* k) { unsigned long y=v[0],z=v[1], sum=0, /* set up */ delta=0x9e3779b9, /* a key schedule constant */ n=32 ; while (n-->0) { /* basic cycle start */ sum += delta ; y += ((z<<4)+k[0]) ^ (z+sum) ^ ((z>>5)+k[1]) ; z += ((y<<4)+k[2]) ^ (y+sum) ^ ((y>>5)+k[3]) ; } /* end cycle */ v[0]=y ; v[1]=z ; } Basics of the routine It is a Feistel type routine although addition and subtraction are used as the reversible operators rather than XOR. The routine relies on the alternate use of XOR and ADD to provide nonlinearity. A dual shift causes all bits of the key and data to be mixed repeatedly. The number of rounds before a single bit change of the data or key has spread very close to 32 is at most six, so that sixteen cycles may su ce and we suggest 32. The key is set at 128 bits as this is enough to prevent simple search techniques being e ective. The top 5 and bottom four bits are probably slightly weaker than the middle bits. These bits are generated from only two versions of z (or y) instead of three, plus the other y or z. Thus the convergence rate to even di usion is slower. However the shifting evens this out with perhaps a delay of one or two extra cycles. The key scheduling uses addition, and is applied to the unshifted z rather than the other uses of the key. In some tests k[0] etc. were changed by addition, but this version is simpler and seems as e ective. The number delta, derived from the golden number is used where