| • Science | • People | • Locations | • Timeline |
| IDEA | |
|---|---|
| An encryption round of IDEA | |
| General | |
| Designer(s) | James Massey , Xuejia Lai |
| First published | 1991 |
| Derived from | PES |
| Cipher(s) based on this design | MESH |
| Algorithm detail | |
| Block size(s) | 64 bits |
| Key size(s) | 128 bits |
| Structure | Substitution-permutation network |
| Number of rounds | 8.5 |
| Best cryptanalysis | |
| A collision attack requiring 224 chosen plaintexts breaks 5 rounds with a complexity of 2126 (Demirci et al, 2003). | |
In cryptography, the International Data Encryption Algorithm (IDEA) is a block cipher designed by Xuejia Lai and James L. Massey of ETH-Zürich and was first described in 1991. It is a minor revision of an earlier cipher, PES (Proposed Encryption Standard); IDEA was originally called IPES (Improved PES). IDEA was used as the symmetric cipher in early versions of the Pretty Good Privacy cryptosystem.
IDEA was designed under a research contract with the Hasler Foundation, which became part of Ascom-Tech AG. IDEA is patented (US patent 5,214,703) but is free for non-commercial use. The patents will expire in 2010– 2011.
IDEA operates on 64-bit blocks using a 128-bit key, and consists of eight identical transformations (a round, see the illustration) and an output transformation (the half-round). The processes for encryption and decryption are similar. IDEA derives much of its security by interleaving operations from different groups — modularModular arithmetic Group theory In mathematics, modular arithmetic is a system of arithmetic for certain equivalence classes of integers, called congruence classes . In modular arithmetic, numbers 'wrap around' after they reach a certain value (the modulu addition and multiplication, and bitwise eXclusive OR (XOR) — which are algebraically "incompatible" in some sense. In more detail, these operators, which all deal with 16-bit quantities, are:
The designers analysed IDEA to measure its strength against differential cryptanalysisDifferential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultan and concluded that it is immune under certain assumptions. No successful linearIn cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear cryptanalysis is one of two widely applicab or algebraic weaknesses have been reported. Some classes of weak keyIn cryptography, a weak key is a key which when used with a specific cipher, makes the cipher behave in some undesirable way. Weak keys usually represent a very small fraction of the overall keyspace, which usually means that if one generates a random keys have been found — e.g. (Daemen et al, 1994) — but these are of little concern in practice, being so rare as to be unnecessary to avoid explicitly. As of 2004, the best attack which applies to all keys breaks 5 out of 8.5 rounds (Demirci et al, 2003).
Bruce SchneierBruce Schneier (born January 15, 1963) is an American cryptographer, computer security expert, and writer. He is the author of several books on computer security and cryptography, and is the founder and chief technology officer of Counterpane Internet Sec thought highly of IDEA in 1996, writing, "In my opinion, it is the best and most secure block algorithm available to the public at this time." (Applied Cryptography, 2nd ed.) However, by 1999 he was no longer recommending IDEA due to the availability of faster algorithms, some progress in its cryptanalysis, and the issue of patents [1].