# The TEA algorithm - beware of dragons?

Kirby Urner urner at alumni.princeton.edu
Tue Aug 13 21:04:36 CEST 2002

```hal <hfeinstein at cox.net> wrote:

>Hi,
>
>I have been recommending the Tiny Encryption Algorithm (TEA, actually
>XTEA)
>for its small size, speed, etc;  however,  while no *practical* attacks
>are published I still wonder at its security.  Professional (mostly
>university based) cryptographers
>usually grin when I ask about TEA's security.  The better ones tell me
>to
>beware of dragons and recommend staying on the
>beaten path using the usual (but boring) IDEA, 3DES,RC4-128 etc.
>This advice, I'm sure, is sound.  But, they point to no new documented
>vulnerabilities.  Have researchers simply not devoted  time to
>assessing TEA (XTEA) as they did to DES or is it that they have nothing
>to report?   If there is nothing to report then is TEA safe?

Just for fun.

Usage:

<module 'tea' from 'D:\Program Files\Python22\tea.py'>
>>> tea.main()
Plaintext: The rain
[1416127776L, 1918986606L]
[3529750590L, 166105844L]
[1416127776L, 1918986606L]
Deciphered: The rain

==========

"""
Python implementation of Tiny Encryption Algorithm
for instructional purposes (i.e. it's slow -- you'll
want assembly language or C for production environments)

based on ANSI C implementation at

this version by K. Urner Aug 13 2002

Note:  Python typically uses long integers for bitwise
ops, but here long integers means open ended in size,
not 32 bit unsigned as per algorithm.  Shifting long
integers to the left just makes them bigger, whereas
the TEA algorithm pushes leftmost bits off a cliff.

So that's why I keep ANDing with 2^32-1 -- to chop
the long ints down to size (as if they were 32 bit
unsigned ints as per C).  I'm cross-posting this to
comp.lang.python because the Python gurus may want to
point out that this isn't the best way to do it.

"""

from binascii import hexlify, unhexlify

def main():
v=[0,0] # to be enciphered, 64 bits
k=[0,0,0,0] # key to use, 128 bits

# convert ascii to long integer
v[0] = mkbits("The ")
v[1] = mkbits("rain")

k[0] = mkbits("This")
k[1] = mkbits(" is ")
k[2] = mkbits("pass")
k[3] = mkbits("word")

print "Plaintext: " + mkwords(v[0]) + mkwords(v[1])

print v

c = encipher(v,k)
print c

d = decipher(c,k)
print d

print "Deciphered: " + mkwords(d[0]) + mkwords(d[1])

# a couple utility functions
def mkbits(thestr):
return long(eval('0x'+hexlify(thestr)))

def mkwords(thebits):
return unhexlify(hex(thebits)[2:-1])

def encipher(v,k):
y=v[0];z=v[1];sum=0;delta=0x9E3779B9;n=32
w=[0,0]
while(n>0):
y += (z << 4 ^ z >> 5) + z ^ sum + k[sum & 3]
y &= 4294967295L # maxsize of 32-bit integer
sum += delta
z += (y << 4 ^ y >> 5) + y ^ sum + k[sum>>11 & 3]
z &= 4294967295L
n -= 1

w[0]=y; w[1]=z
return w

def decipher(v,k):
y=v[0];z=v[1];sum=0xC6EF3720;delta=0x9E3779B9;n=32
w=[0,0]
# sum = delta<<5, in general sum = delta * n

while(n>0):
z -= (y << 4 ^ y >> 5) + y ^ sum + k[sum>>11 & 3]
z &= 4294967295L
sum -= delta
y -= (z << 4 ^ z >> 5) + z ^ sum + k[sum&3]
y &= 4294967295L
n -= 1

w[0]=y; w[1]=z
return w

```