IDEA by How Shen Chang 2004 FALL
IDEA by How Shen Chang 2004 FALL
IDEA by How Shen Chang 2004 FALL
Algorithm
By
How-Shen Chang
1
Overview
• DES algorithm has been a popular secret key
encryption algorithm and is used in many
commercial and financial applications. However,
its key size is too small by current standards and
its entire 56 bit key space can be searched in
approximately 22 hours
• IDEA is a block cipher designed by Xuejia Lai
and James L. Massey in 1991
• It is a minor revision of an earlier cipher, PES
(Proposed Encryption Standard)
• IDEA was originally called IPES (Improved PES)
and was developed to replace DES
2
Overview (cont’)
• It entirely avoids the use of any lookup
tables or S-boxes
• IDEA was used as the symmetric cipher in
early versions of the Pretty Good Privacy
cryptosystem
3
Detailed description of IDEA
• IDEA operates with 64-bit plaintext and
cipher text blocks and is controlled by a
128-bit key
• Completely avoid substitution boxes and
table lookups used in the block ciphers
• The algorithm structure has been chosen
such that when different key sub-blocks
are used, the encryption process is
identical to the decryption process
4
Key generation
• The 64-bit plaintext block
is partitioned into four 16-
bit sub-blocks
• six 16-bit key are
generated from the 128-
bit key. Since a further
four 16-bit key-sub-blocks
are required for the
subsequent output
transformation, a total of
52 (= 8 x 6 + 4) different
16-bit sub-blocks have to
be generated from the
128-bit key.
5
Key generation process
• First, the 128-bit key is partitioned into eight 16-
bit sub-blocks which are then directly used as
the first eight key sub-blocks
• The 128-bit key is then cyclically shifted to the
left by 25 positions, after which the resulting
128-bit block is again partitioned into eight 16-bit
sub-blocks to be directly used as the next eight
key sub-blocks
• The cyclic shift procedure described above is
repeated until all of the required 52 16-bit key
sub-blocks have been generated
6
Encryption of the key sub-blocks
• The key sub-blocks used for the encryption and
the decryption in the individual rounds are
shown in Table 1
7
Encryption
• the first four 16-bit key sub-blocks
are combined with two of the 16-
bit plaintext blocks using addition
modulo 216, and with the other two
plaintext blocks using
multiplication modulo 216 + 1
• At the end of the first encryption
round four 16-bit values are
produced which are used as input
to the second encryption round
• The process is repeated in each of
the subsequent 7 encryption
rounds
• The four 16-bit values produced at
the end of the 8th encryption
round are combined with the last
four of the 52 key sub-blocks
using addition modulo 216 and
multiplication modulo 216 + 1 to
form the resulting four 16-bit
ciphertext blocks
8
Decryption
• The computational process used for decryption
of the ciphertext is essentially the same as that
used for encryption
• The only difference is that each of the 52 16-bit
key sub-blocks used for decryption is the inverse
of the key sub-block used during encryption
• In addition, the key sub-blocks must be used in
the reverse order during decryption in order to
reverse the encryption process
9
Modes of operation
• IDEA supports all modes of operation such as:
– Electronic Code Book (ECB) mode
– Cipher Block Chaining (CBC)
– Cipher Feedback (CFB)
– Output Feedback (OFB) modes
• For plaintext exceeding this fixed size, the
simplest approach is to partition the plaintext into
blocks of equal length and encrypt each
separately. This method is named Electronic
Code Book (ECB) mode. However, Electronic
Code Book is not a good system to use with
small block sizes (for example, smaller than 40
bits)
10
Implementation
• Although IDEA involves only simple 16-bit
operations, software implementations of this
algorithm still cannot offer the encryption rate
required for on-line encryption in high-speed
networks
– Software implementation running on a Sun Enterprise
E4500 machine with twelve 400MHz Ultra-Hi
processor, performs an encryption rate of
147.13Mb/sec, still cannot be applied to applications
such as encryption for 155Mb/sec Asynchronous
Transfer Mode (ATM) networks
11
Implementation (cont’)
• Hardware implementations offer significant
speed improvements over software
implementations
• In addition, they are likely to be cheaper, have
lower power consumption and smaller footprint
than a high speed software implementation
• A high performance implementation of the IDEA
presented by Leong uses a novel bit-serial
architecture to perform multiplication modulo 2 16
+ 1; the implementation occupies a minimal
amount of hardware
12
Implementation (cont’)
• The bit-serial architecture enabled the
algorithm to be deeply pipelined to achieve
a system clock rate of 125MHz
• An implementation on a Xilinx Virtex X
CV300-4 was successfully tested,
delivering a throughput of 500Mb/sec.
With a X CV1000-6 device, the estimated
performance is 2.35Gb/sec
13
Leong’s experiment result
14
Applications of IDEA
• Today, there are hundreds of IDEA-based
security solutions available in many market
areas, ranging from Financial Services, and
Broadcasting to Government
• The IDEA algorithm can easily be embedded in
any encryption software. Data encryption can be
used to protect data transmission and storage.
Typical fields are:
– Audio and video data for cable TV, pay TV, video
conferencing, distance learning
– Sensitive financial and commercial data
– Email via public networks
– Smart cards
15
Conclusion
• As electronic communications grow in
importance, there is also an increasing need for
data protection
• When PGP was designed, the developers were
looking for maximum security. IDEA was their
first choice for data encryption
• The fundamental criteria for the development of
IDEA were military strength for all security
requirements and easy hardware and software
implementation
16