Tea

Designers:

David Wheeler, Roger Needham

Published:

1994

References:

[Def, Impl] David Wheeler, R. Needham,

"TEA, a Tiny Encryption Algorithm,"

• Fast Software Encryption, Cambridge Security Workshop Proceedings, Volume 809 of Lecture Notes in Computer Science (R. Anderson, ed.), pp. 363-366. Springer-Verlag, 1994.
• "Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA",
• ICICS '97 Proceedings, Springer-Verlag, November 1997.
• Key length: 128 bits.

Block size:

Test vectors.

Comment:

Big-endian byte order should be used when converting the plaintext, ciphertext, and key to 32-bit words. Note that this may not match some other TEA implementations.

Security comment:

TEA is vulnerable to related-key attacks, and therefore it should only be used with keys that are generated by a strong PRNG, or by a source of bits that are sufficiently uncorrelated (such as the output of a hash function). Also see XTEA, which was designed to be resistant to these attacks.