Overview
TheInternationalDataEncryptionAlgorithm(IDEA,InternationalDataEncryptionAlgorithm)wasdevelopedbyresearchersXuejiaLaiandJamesL.MasseyatZurich’sETH,ownedbyaSwisscompanyAscomSystecpatent.IDEAisimplementedasaniterativeblockcipher,usinga128-bitkeyand8cycles.Bypayingroyalties(usuallyabout$6.00percopy),IDEAcanbewidelyusedallovertheworld.Thesefeesareapplicableinsomeregions,butnotinotherregions.IDEAisconsideredextremelysafe.Witha128-bitkey,thenumberoftestsrequiredinabruteforceattackwillincreasesignificantlycomparedwithDES,andevenweakkeytestingisallowed.Moreover,italsoshowsthatitisparticularlyresistanttoprofessionalformsofanalyticalattacks.
FeaturesofIDEAalgorithm
SimilartoDES,IDEAalgorithmisalsoadatablockencryptionalgorithm.Ithasdesignedaseriesofencryptionrounds,andeachroundofencryptionusesacompleteencryptionkey.Asubkeygeneratedinthekey.ThedifferencefromDESisthatitusessoftwaretoachievethesamespeedashardware.
SinceIDEAwasproposedanddevelopedoutsidetheUnitedStates,itavoidsmanyrestrictionsonencryptiontechnologyintheUnitedStates.Therefore,booksaboutIDEAalgorithmsandimplementationtechnologiescanbefreelypublishedandexchanged.ItcangreatlypromotethedevelopmentandperfectionofIDEA.Butbecausethealgorithmhasn'tappearedforalongtime,therearenotmanyattacksagainstit,andithasnotpassedthetestofalongtime.Therefore,itsadvantagesanddisadvantagescannotbejudgedyet.
IntroductiontoAlgorithms
IntroductiontoIDEAEncryptionAlgorithm
IDEA(InternationalDataEncryptionAlgorithm)belongstothecategoryofBlockCipherincryptography.IDEAusesakeywithalengthof128bitsandadatablocksizeof64bits.Theoreticallyspeaking,IDEAisa"strong"encryptionalgorithm,andtherehasbeennoeffectiveattackalgorithmonthisalgorithmsofar.
Asearlyas1990,XuejiaLaiandothersputforwardtheblockcipherproposalPES(ProposedEncryptionStandard)attheEuroCrypt’90annualmeeting.AttheEuroCrypt’91annualmeeting,XuejiaLaiandothersproposedarevisedversionofPES(ImprovedPES).CurrentlyIPEShasbeencommercializedandrenamedIDEA.IDEAhasbeenpatentedbytheSwisscompanyAscom,andthecompanymustapplyforalicensetousetheIDEAalgorithmforcommercialpurposes.
IDEAisaniterativealgorithmcomposedof8similarcircles(Round)andanoutputtransformation(OutputTransformation).EachcircleofIDEAconsistsofthreefunctions:modulo(2^16+1)multiplication,modulo2^16addition,andbitwiseXOR.
Beforeencryption,IDEAexpandsthe128-bitkeyto52encryptionkeysEK(EncryptionKey)throughKeyExpansion,andthencalculatesthedecryptionkeyDK(DecryptionKey)byEK).EKandDKaredividedinto8groupsofhalfkeys,eachgroupis6bytesinlength,thefirst8groupsofkeysareusedfor8-roundencryption,andthelasthalfgroupofkeys(4Byte)isusedforoutputtransformation.IDEA'sencryptionprocessanddecryptionprocessarethesame,butusedifferentkeys(EKforencryptionandDKfordecryption).
Theprocessofkeyexpansionisasfollows:
1.Usethe128-bitkeyasthefirsteightsub-keysofEK;
2.Shiftthefirst8bytetotheleftby25bittogetthenextsixsubkeys,andloopthisprocess7times;
3.Inthe7thcycle,takethefirst4bytesasthelast4bitsofEK;
4.Sofarthe52byteEKhasbeengenerated.
TheprocessofkeyexpansionisshowninTable1.Inordertoclearlyseetherelationshipofeach8Byte,each8ByteisdividedbythicklinesinTable1.
IDEAalgorithmisarelativelynewalgorithm,anditssecurityresearchisalsoongoing.SoonaftertheIDEAalgorithmwasannounced,somescholarspointedout:IDEA’skeyexpansionalgorithmisflawed,resultinginalargenumberofweakkeyclassesintheIDEAalgorithm,butthisweaknessisachievedbysimplymodifyingthekeyexpansionalgorithm(addinganexclusiveORoperator))Canbeovercome.Atthe1997EuroCrypt'97annualmeeting,JohnBorstandothersproposedtwoattackalgorithmsforIDEAwithreducedlaps:TruncateDiffrentialAttackon3.5-circleIDEAanddifferentialattackon3-circleIDEA.DiffrentialLinearAttack.Buttheauthoralsopointedoutatthesametimethatthesetwoattackalgorithmsareunlikelytoachieveasubstantialattackeffectontheentire8.5circleofIDEAalgorithm.Nonewattackalgorithmhasappearedyet.Itisgenerallybelievedthattheonlyeffectivewaytoattacktheentire8.5circleofIDEAalgorithmistosearchthe128-bitkeyspaceexhaustively.
Applicationexamples
Atpresent,IDEAhasalargenumberofapplicationexamplesintheproject.PGP(PrettyGoodPrivacy)usesIDEAasitspacketencryptionalgorithm;SecureSocketLayerSSL(SecureSocketLayer)alsoincludesIDEAinitsencryptionalgorithmlibrarySSLRef;Ascom,theowneroftheIDEAalgorithmpatent,hasalsolaunchedaseriesofsecurityproductsbasedontheIDEAalgorithm,including:IDEA-basedExchangesecurityplug-ins,IDEAencryptionchips,IDEAencryptionSoftwarepackages,etc.TheapplicationandresearchofIDEAalgorithmisbecomingmoreandmoremature.