微型加密算法

本条目翻譯品質不佳。 翻譯者可能不熟悉中文或原文語言，也可能使用了機器翻譯，請協助翻譯本條目或重新編寫。明顯的機器翻譯請改掛{{Delete|G13}}提交刪除。

TEA加密

两轮Feistel结构(单周期)的TEA加密
概述
设计者	罗杰 李约瑟, 大卫 惠勒
首次发布	1994
继承算法	XTEA
密码细节
密钥长度	128 字节
块长度	64 字节
结构	Feistel network
重复回数	variable; recommended 64 Feistel rounds (32 cycles)
最佳公开破解
TEA suffers from equivalent keys (Kelsey et al., 1996) and can be broken using a related-key attack requiring 223 chosen plaintexts and a time complexity of 232.[1]

在加密技术中, 微型加密技术(TEA) 是一种块密码 易于描述和执行，通常只是少数几千代码而已。 其设计者是剑桥大学计算机实验室的大卫 惠勒与罗杰 李约瑟。这项技术于1994年最初提交给鲁汶的快速软件加密的研讨会上，并在该研讨会上演讲中首次发表。^[2]

此项技术开源。

属性 [编辑]

TEA操作处理在两个32位无符号整型上(可能源于一个64位数据)，并且使用一个128位的密钥。It has a Feistel structure with a suggested 64 rounds, typically implemented in pairs termed cycles. It has an extremely simple key schedule, mixing all of the key material in exactly the same way for each cycle. Different multiples of a magic constant are used to prevent simple attacks based on the symmetry of the rounds. The magic constant, 2654435769 or 9E3779B9₁₆ is chosen to be 2³²/ϕ, where ϕ is the golden ratio.^[2]

TEA has a few weaknesses. Most notably, it suffers from equivalent keys—each key is equivalent to three others, which means that the effective key size is only 126 bits.^[3] As a result, TEA is especially bad as a cryptographic hash function. This weakness led to a method for hacking Microsoft's Xbox game console, where the cipher was used as a hash function.^[4] TEA is also susceptible to a related-key attack which requires 2²³ chosen plaintexts under a related-key pair, with 2³² time complexity.^[1] Because of these weaknesses, the XTEA cipher was designed.

版本 [编辑]

The first published version of TEA was supplemented by a second version that incorporated extensions to make it more secure. Block TEA (sometimes referred to as XTEA) operates on arbitrary-size blocks in place of the 64-bit blocks of the original.

第三个版本(XXTEA),发表于1998年,进一步说明块TEA算法在安全加强方面的改进。

参考代码 [编辑]

以下为C语言中引用加密和解密例程的适应，由大卫惠勒同罗杰尼达姆共同发表。^[2]:

#include <stdint.h>
 
void encrypt (uint32_t* v, uint32_t* k) {
    uint32_t v0=v[0], v1=v[1], sum=0, i;           /* set up */
    uint32_t delta=0x9e3779b9;                     /* a key schedule constant */
    uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3];   /* cache key */
    for (i=0; i < 32; i++) {                       /* basic cycle start */
        sum += delta;
        v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
        v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);  
    }                                              /* end cycle */
    v[0]=v0; v[1]=v1;
}
 
void decrypt (uint32_t* v, uint32_t* k) {
    uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i;  /* set up */
    uint32_t delta=0x9e3779b9;                     /* a key schedule constant */
    uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3];   /* cache key */
    for (i=0; i<32; i++) {                         /* basic cycle start */
        v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
        v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
        sum -= delta;                                   
    }                                              /* end cycle */
    v[0]=v0; v[1]=v1;
}

请注意对多字节执行行为的参考。 原稿中并未指定出从二进制或者其他内容中如何派生出这些得到的数字

参阅 [编辑]

• RC4 - 一种流密码，如同TEA一般, 旨在被设计后易于执行。
• XTEA - 块TEA的继任者的第一个版本
• XXTEA -改进版本块TEA的继任者

Notes [编辑]

1. ^ ^{1.0 1.1} Kelsey, John; Schneier, Bruce; Wagner, David. Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X NewDES, RC2, and TEA. Lecture Notes in Computer Science. 1997, 1334: 233–246. doi:10.1007/BFb0028479. 
2. ^ ^{2.0 2.1 2.2} Wheeler; Needham, Roger M. TEA, 一种微型的加密算法. Lecture Notes in Computer Science (Leuven, Belgium: 快速软件加密: 第二国际研讨会). 1994-12-16, 1008: 363–366.  已忽略未知参数|姓= (帮助)
3. ^ Kelsey, John; Schneier, Bruce; Wagner, David. Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. Lecture Notes in Computer Science. 1996, 1109: 237–251. doi:10.1007/3-540-68697-5_19. 
4. ^ Michael Steil. 17 Mistakes Microsoft Made in the Xbox Security System. 

引用 [编辑]

• 安德姆, 维克拉姆 雷迪. 微型加密算法的安全性分析，硕士论文.  已忽略未知参数|位置= (帮助); 已忽略未知参数|发布者= (帮助); 已忽略未知参数|年份= (帮助)
• 埃尔南德斯, 胡利奥 塞萨尔; 伊萨西佩德罗; 里瓦戈达阿图罗. An application of genetic algorithms to the cryptoanalysis of one round TEA. Proceedings of the 2002 Symposium on Artificial Intelligence and its Application. 2002. 
• Hernández, Julio César; Sierra, José María; Isasi, Pedro; Ribargorda. Arturo. Finding efficient distinguishers for cryptographic mappings, with an application to the block cipher TEA. Proceedings of the 2003 Congress on Evolutionary Computation. 2003, 3: 2189. doi:10.1109/CEC.2003.1299943. 
• Hernández, Julio César; Sierra, José María; Ribagorda, Arturo; Ramos, Benjamín; Mex-Perera, J. C. Distinguishing TEA from a random permutation: Reduced round versions of TEA do not have the SAC or do not generate random numbers. Proceedings of the IMA Int. Conf. on Cryptography and Coding 2001. 2001: 374–377. doi:10.1007/3-540-45325-3_34. 
• Moon, Dukjae; Hwang, Kyungdeok; Lee, Wonil; Lee, Sangjin; Lim, Jongin. Impossible differential cryptanalysis of reduced round XTEA and TEA. Lecture Notes in Computer Science. 2002, 2365: 49–60. doi:10.1007/3-540-45661-9_4. 
• Hong, Seokhie; Hong, Deukjo; Ko, Youngdai; Chang, Donghoon; Lee, Wonil; Lee, Sangjin. Differential cryptanalysis of TEA and XTEA. In Proceedings of ICISC 2003. 2003. doi:10.1007/978-3-540-24691-6_30. 

外部链接 [编辑]

• A Cryptanalysis of the Tiny Encryption Algorithm
• A web page advocating TEA and providing a variety of implementations
• Test vectors for TEA
• A survey of TEA and XTEA and their cryptanalysis
• JavaScript implementation of XXTEA with Base64
• PHP implementation of XTEA
• JavaScript implementation of TEA
• JavaScript and PHP implementations of XTEA (English text)
• Ruby implementation of XXTEA with Base64
• LGPL Java/J2ME implementation of TEA
• Visual Basic.NET implementation of TEA
• A Bitsliced implementation of TEA
• AVR ASM implementation

Template:Cryptography navbox