NICK HOFFMAN

Abstract. In this paper, a simpliﬁed version of the International Data Encryption Algorithm (IDEA) is described. This simpliﬁed version, like simpliﬁed versions of DES [8] [12] and AES [6] [7] that have appeared in print, is intended to help students understand the algorithm by providing a version that permits examples to be worked by hand. IDEA is useful teaching tool to help students bridge the gap between DES and AES.

1. Introduction The International Data Encryption Algorithm (IDEA) is a symmetric-key, block cipher. It was published in 1991 by Lai, Massey, and Murphy [3]. IDEA is a modiﬁcation of the Proposed Encryption Standard (PES) that was published in 1990 by Lai and Massy [1]; PES was designed as a replacement for the Data Encryption Standard (DES). The algorithm was modiﬁed and published in 1991 after Biham and Shamir described the technique of diﬀerential cryptanalysis. The new algorithm was called the Improved Proposed Encryption Standard (IPES); its name changed to IDEA in 1992. IDEA is a candidate block cipher to the NESSIE Project. NESSIE is a project within the Information Societies Technology (IST) Program of the European Commission [3]. In the Second Edition (1996) of Applied Cryptography Bruce Schneier [9] describes IDEA as “... the best and most secure block algorithm available to the public at this time;” however, in 1999 [10] he began to recommend newer algorithms because IDEA “...isn’t very fast ... [and] IDEA is patented.” Although IDEA did not replace DES, it was incorporated into Pretty Good Privacy (PGP). The algorithm is patented and licensed by MediaCrypt. MediaCrypt now oﬀers a successor algorithm IDEA NXT. 2. Description of the Encryption Algorithm IDEA encrypts a 64-bit block of plaintext to 64-bit block of ciphertext. It uses a 128-bit key. The algorithm consists of eight identical rounds and a “half” round ﬁnal transformation. Today, because of 128-bit cryptosystems like AES, IDEA is obsolete, but its algorithm can be a useful teaching tool to help students bridge the gap between DES, which uses XOR but no algebraic operations, and AES, which requires understanding of algebraic operations on ﬁnite ﬁelds. IDEA uses algebraic operations, but it is only necessary to understand modular addition and modular multiplication to understand the IDEA algorithm. Key words and phrases. IDEA, symmetric-key ciphers, block ciphers. 1

2

NICK HOFFMAN

The algebraic idea behind IDEA is the mixing of three incompatible algebraic operations on 16-bit blocks: bitwise XOR, addition modulo 216 , and multiplication modulo 216 + 1. There are 216 possible 16-bit blocks: 0000000000000000, ..., 1111111111111111, which represent the integers 0, ..., 216 − 1. Each operation with the set of possible 16-bit blocks is an algebraic group. Bitwise XOR is bitwise addition modulo 2, and addition modulo 216 is the usual group operation. Some spin must be put on the elements – the 16-bit blocks – to make sense of multiplication modulo 216 + 1, however. 0 (i.e., 0000000000000000) is not an element of the multiplicative group because it has no inverse, but by thinking of the elements of the group instead as 0000000000000001, ..., 1111111111111111, 0000000000000000, which now represent the integers 1, ..., 216 − 1, 216 , everything works for multiplication. 216 ≡ −1 mod 216 + 1, and 0000000000000000 is its own inverse under multiplication modulo 216 + 1. For a description of IDEA, we follow Schneier [9], who breaks the encryption algorithm into fourteen steps. (Another source for the algorithm is [5].) For each of the eight complete rounds, the 64-bit plaintext block is split into four 16-bit sub-blocks: X1 , X2 , X3 , X4 . The 64-bit input block is the concatenation of the subblocks: X1 X2 X3 X4 , where denotes concatenation. Each complete round requires six subkeys. The 128-bit key is split into eight 16-bit blocks, which become eight subkeys. The ﬁrst six subkeys are used...