22-08-2013, 04:55 PM
International Data Encryption Algorithm
Data Encryption.doc (Size: 133.5 KB / Downloads: 149)
Introduction
The Data Encryption Standard (DES) algorithm has been a popular secret key encryption algorithm and is used in many commercial and financial applications.
Although introduced in 1976, it has proved resistant to all forms of cryptanalysis. However, its key size is too small by current standards and its entire 56 bit key space can be searched in approximately 22 hours [1].
International Data Encryption Algorithm (IDEA) is a block cipher designed by Xuejia Lai and James L. Massey of ETH-Zürich and was first described in 1991. It is a minor revision of an earlier cipher, PES (Proposed Encryption Standard); IDEA was originally called IPES (Improved PES). IDEA was used as the symmetric cipher in early versions of the Pretty Good Privacy cryptosystem.
IDEA was to develop a strong encryption algorithm, which would replace the DES procedure developed in the U.S.A. in the seventies. It is also interesting in that it entirely avoids the use of any lookup tables or S-boxes. When the famous PGP email and file encryption product was designed by Phil Zimmermann, the developers were looking for maximum security. IDEA was their first choice for data encryption based on its proven design and its great reputation.
Description of IDEA
The block cipher IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a 128-bit key. The fundamental innovation in the design of this algorithm is the use of operations from three different algebraic groups. The substitution boxes and the associated table lookups used in the block ciphers available to-date have been completely avoided. The algorithm structure has been chosen such that, with the exception that different key sub-blocks are used, the encryption process is identical to the decryption process.
Key Generation
The 64-bit plaintext block is partitioned into four 16-bit sub-blocks, since all the algebraic operations used in the encryption process operate on 16-bit numbers. Another process produces for each of the encryption rounds, six 16-bit key sub-blocks from the 128-bit key. Since a further four 16-bit key-sub-blocks are required for the subsequent output transformation, a total of 52 (= 8 x 6 + 4) different 16-bit sub-blocks have to be generated from the 128-bit key.
The key sub-blocks used for the encryption and the decryption in the individual rounds are shown in Table 1.
Encryption
The functional representation of the encryption process is shown in Figure 1. The process consists of eight identical encryption steps (known as encryption rounds) followed by an output transformation. The structure of the first round is shown in detail.
Weak keys for IDEA
According to Daemon’s report [6], large classes of weak keys have been found for the block cipher algorithm IDEA. IDEA has a 128-bit key and encrypts blocks of 64 bits. For a class of 223 keys IDEA exhibits a linear factor. For a certain class of 235 keys the cipher has a global characteristic with probability 1. For another class of 251 keys only two encryptions and solving a set of 16 nonlinear boolean equations with 12 variables is sufficient to test if the used key belongs to this class. If it does, its particular value can be calculated efficiently. It is shown that the problem of weak keys can be eliminated by slightly modifying the key schedule of IDEA.
In [4], two new attacks on a reduced number of rounds of IDEA are presented: truncated differential attack and differential-linear attack. The truncated differential attack finds the secret key of 3.5 rounds of IDEA in more than 86% of all cases using an estimated number of 256 chosen plaintexts and a workload of about 267 encryptions of 3.5 rounds of IDEA. With 240 chosen plaintexts the attack works for 1% of all keys. The differential-linear attack finds the secret key of 3 rounds of IDEA. It needs at most 229 chosen pairs of plaintext and a workload of about 244 encryptions with 3 rounds of IDEA.
Implementation
Although IDEA involves only simple 16-bit operations, software implementations of this algorithm still cannot offer the encryption rate required for on-line encryption in high-speed networks. Software implementation running on a Sun Enterprise E4500 machine with twelve 400MHz Ultra-Hi processor, performs 2.30 x 106 encryptions per second or a equivalent encryption rate of 147.13Mb/sec, still cannot be applied to applications such as encryption for 155Mb/sec Asynchronous Transfer Mode (ATM) networks.
Hardware implementations offer significant speed improvements over software implementations by exploiting parallelism among operators. In addition, they are likely to be cheaper, have lower power consumption and smaller footprint than a high speed software implementation. The first VLSI implementation of IDEA was developed and verified by Bonnenberg et. al. in 1992 using a 1.5 CMOS technology [7]. This implementation had an encryption rate of 44Mb/sec. In 1994, VINCI, a 177Mb/sec VLSI implementation of the IDEA algorithm in 1.2 CMOS technology, was reported by Curiger et. al. [5, 11]. A 355Mb/sec implementation in 0.8 technology of IDEA was reported in 1995 by Wolter et. al. [10]. The fastest single chip implementation of which we are aware is a 424Mb/sec implementation of 0.7 technology by Salomao et. al. [9]. A commercial implementation of IDEA called the IDEACrypt coprocessor, developed by Ascom achieves 300Mb/sec [2].
Conclusion
As electronic communications grow in importance, there is also an increasing need for data protection. Encryption ensures that:
– Only authorized persons can access information.
– Data cannot be amended or manipulated by unauthorized persons.
– Unbreakable crypt system warrants military strength security level.
When PGP (Pretty Good Privacy) was designed, the developers were looking for maximum security. IDEA was their first choice for data encryption based on its proven design and its great reputation. Today, there are hundreds of IDEA-based security solutions available
RSA Security goes on to say that IDEA was analyzed to measure its strength against differential cryptanalysis. The analysis concluded that IDEA is immune to that technique. In fact, there are no linear cryptanalytic attacks on IDEA, and there are no known algebraic weaknesses in IDEA. The only weakness of note was discovered by Daemen: using any of a class of 251 weak keys during encryption results in easy detection and recovery of the key. However, since there are 2128 possible keys, this result has no impact on the practical security of the cipher for encryption provided the encryption keys are chosen at random. IDEA is generally considered to be a very secure cipher and both the cipher development and its theoretical basis have been openly and widely discussed.