Jump to content

Talk:Tiny Encryption Algorithm

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Efficiency versus simplicity

[edit]

I'm pondering whether it's better to replace the current version, which is tuned for efficiency, with the simplest possible version, which is probably this:

void encrypt(unsigned long* v, unsigned long* k) {
    unsigned long delta=0x9e3779b9, sum=0, i;           /* a key schedule constant */
    for (i=0; i < 32; i++) {                            /* basic cycle start */
        sum += delta;
        v[0] += (v[1]<<4)+k[0] ^ v[1]+sum ^ (v[1]>>5)+k[1];
        v[1] += (v[0]<<4)+k[2] ^ v[0]+sum ^ (v[0]>>5)+k[3];    /* end cycle */
    }
}

Since storing array entries in registers is a very difficult optimization to perform safely, I suspect compilers will tend to produce slow code for this. On the other hand, I just killed another 3 lines, and it's nicer to look at. Thoughts on this? Derrick Coetzee 01:53, 24 Sep 2004 (UTC)

I've verified that gcc produces much worse code for this version on both RISC and CISC platforms. I think the version on the page should probably stay. Derrick Coetzee 01:58, 24 Sep 2004 (UTC)
Do this will not change anything ..
I would expect part of the slow down to be from alias analysis; gcc has no way of knowing from the above code that v and k don't point to overlapping memory addresses, so it can't just store v[0] and v[1] in registers. Try using the restricted flag for the arguments. 198.205.32.93 17:11, 22 November 2006 (UTC)[reply]
I would prefer to see this in the article. As the lead section says "[...] a block cipher notable for its simplicity of description and implementation", I think we should have the simplest possible example for illustrative purposes, to demonstrate its simplicty. We can just add a note saying "for a more efficient implementation, refer to ...". -- intgr 19:26, 22 November 2006 (UTC)[reply]

I would like to see this simpler version in the article. The wiki article should provide an explanation for the algorithm and easy to follow code. If you need it to be quick, perform some optimisations appropriate to the platform you are using, they are not directly relevant to the algorithm. —Preceding unsigned comment added by 91.143.178.131 (talk) 15:20, 22 July 2009 (UTC)[reply]

Isn't this a useless argument? Why not have both? hif (talk) 18:53, 17 October 2009 (UTC)[reply]

The current code doesn't even explain what v, k and v1 are, and the v1 parameter even appears to be incorrect. It's the address of an int, and the address is then mangled instead of the value stored at the address. I would definitely use the simplified code which is at least correct, and is clearer. If people want to optimize, they will.131.107.0.73 (talk) 20:16, 30 October 2009 (UTC)[reply]

Agreed. The October 12 change looks dubious. 83.77.147.71 (talk) 12:30, 31 October 2009 (UTC)[reply]
I would just like to note that I have verified the current implementation, and these functions do produce the proper output for me on a 32-bit little-endian architecture using two different compilers. I appreciate that the code is on the page. It saved me some research time whether it is encyclopedic or not. Azurecrane (talk) 19:21, 2 September 2011 (UTC)[reply]

Endianness?

[edit]

TEA, XTEA, and XXTEA appear to be sensitive to endianness. They take blocks of (presumably 32-bit) longs; however, most messages in practice are defined as a stream of bytes, not longs. Have the authors specified an ordering for bytes within 32-bit units, or have they left it unspecified on purpose? And what happens to the reference code on a platform where longs are 64-bit? --Damian Yerrick (talk | stalk) 01:15, 6 July 2007 (UTC)[reply]

This is indeed something that the article should answer; I've been wondering the same. -- intgr [talk] 14:56, 21 October 2007 (UTC)[reply]

Completely public domain

[edit]

What does "completely in the public domain" mean? What is difference between AES and TEA in this matter? --89.172.45.103 12:35, 21 October 2007 (UTC)[reply]

There is no difference; there are various implementations of AES in the public domain and neither are subject to patents. In fact, nearly all popular ciphers are unencumbered these days. This looks like a silly attempt to promote TEA; I have toned down this statement. -- intgr [talk] 14:55, 21 October 2007 (UTC)[reply]

Broken Reference Code

[edit]

I had to implement TEA a while ago and remember that the reference code (as provided here) was broken. :( Further poking around lead me to this page ( http://www.thescripts.com/forum/thread215505.html ) which says:

"Okay, Ben, I've done my homework now, and I can safely say that
you've been misled by sloppy academic types. :-) The original paper
on TEA, by Wheeler & Needham, is WRONG WRONG WRONG with respect to
the reference implementation they provide. They left out several
crucial pairs of parentheses, and both you and I were confused by
that. Rightly so."


My (tested, working version) has the following for encoding and decoding respectively (with extra parentheses for fixed operator precedence):

encode:

for (int i=0; i<kNumRounds; ++i)
{
	s += kDelta;
	y += (z << 4) + (k0 ^ z) + (s ^ (z >> 5)) + k1;
	z += (y << 4) + (k2 ^ y) + (s ^ (y >> 5)) + k3;
}

decode:

for (int i=0; i<kNumRounds; ++i)
{
	z -= (y << 4) + (k2 ^ y) + (s ^ (y >> 5)) + k3;
	y -= (z << 4) + (k0 ^ z) + (s ^ (z >> 5)) + k1;
		s -= kDelta;
}


However I have no test data to confirm that this is actually TEA, rather than just something similar to it (the reference code doesn't even encrypt and decrypt to the same result). It looks like someone has already fixed up the XTEA page since theres a comment about "It is also important to note that some modern programming languages have a slightly different operators order of precedence. Therefore, the interpretation of the original code will lead to different results, making different implementations of the encryption incompatible. This can be corrected with the use of a few parenthesis to enforce precedence order."

Can someone confirm my results before changing the code in the article? 217.18.21.2 14:22, 12 November 2007 (UTC)[reply]

I believe your implementation is incorrect. TEA Paper has the code with parenthesis and shows the XORs outside of the additions. Linux kernel code shows the same. The figure for this article and the figure shown in Thesis on TEA both show the XOR as being outside of the additions. (The code in that last reference lacks parenthesis, though.) Astgtciv (talk) 13:58, 20 November 2009 (UTC)[reply]

Not encyclopaedic content

[edit]

Despite being useful to any people out there who wish to write implementations of TEA, the C code currently given on the page represents original research and cannot be cited or attested to. The page already links to a reference implementation of the algorithm. Therefore, I recommend the removal of the example implementation. —Preceding unsigned comment added by Waves00 (talkcontribs) 18:39, 8 September 2009 (UTC)[reply]

Maybe I'm being naive, but I feel that whatever aids comprehension should be placed on the page (with caveats if necessary). If the original implementation in the paper is misleading, why can't we point that out? hif (talk) 18:53, 17 October 2009 (UTC)[reply]

We can only point it out if we can attribute it to a reliable source. -- intgr [talk] 14:41, 31 October 2009 (UTC)[reply]

Block TEA

[edit]

The "Versions" section implies that XTEA and Block TEA are the same thing. The XTEA article (main section, third paragraph) implies that they are related, but not identical. Could someone who knows the difference please resolve the conflict? 24.89.3.219 (talk) 17:58, 28 October 2015 (UTC)[reply]

Resolved
 – Clarified the article. -- intgr [talk] 18:30, 2 November 2015 (UTC)[reply]