INTERNATIONAL DATA ENCRYPTION ALGORITHM (IDEA)

International Data Encryption Algorithm is one of the strongest cryptographic algorithms.

Although it is quite strong, IDEA is not as popular as DES for two primary reasons:

1) It is patented unlike DES and therefore must be licensed before it can be used in
commercial applications.
2) DES has a long history as compared to IDEA.

One popular e-mail privacy technology known as pretty good privacy (PGP) is based on IDEA.

 PRINCIPLE:
Technically IDEA is block cipher. Like DES, it also works on 64 bit plain text block. The key is
longer and consists of 128 bits. IDEA is reversible like DES, that is, same algorithm is used for
encryption and decryption. IDEA uses both diffusion and confusion for encryption.

 WORKING:

 The 64-bit input plaintext block P is divided into 4 portions, each of 16 bits, i.e. (P1 to P4).
 Thus, P1 to P4 are the inputs to the first round of the algorithm. There are eight such rounds.
 The key consist of 128 bits.
 In each round, six sub keys are generated from the original key. Each of the sub-keys is of 16
bits.
 These six sub-keys are applied to the four input blocks P1 to P4.
 Thus for the first round we will have the six keys K1 to K6. Similarly for the eighth round we
will have keys K43 to K48.
 The final steps consist of an output transformation, which uses just four sub-keys (K49 to
K52).
 The final output produced is the output produced by the output transformation step, which is
four blocks of cipher text named C1 to C4 (each of 16 bits). These are combined to form the
final 64 bit cipher text block.
 The general working is shown in Figure 1:

Compiled By: Prof. Radhika Kotecha

Reference: Cryptography and Network Security by Atul Kahate
 Figure 1: Broad level steps in IDEA encryption

Compiled By: Prof. Radhika Kotecha

Reference: Cryptography and Network Security by Atul Kahate
 ROUNDS:

 There are eight rounds in IDEA and each round involves a series of operations on the four
data blocks using six keys.
 There are several steps as shown in below which includes multiplications, addition and
XOR operations:

Step-1: Multiply* P1 and K1.

Step-2: Add* P2 and K2.

Step-3: Add* P3 and K3.

Step-4: Multiply* P4 and K4.

Step-5: XOR the results of step-1 and step-3.

Step-6: XOR the results of step-2 and step-4.

Step-7: Multiply* the results of step-5 with K5.

Step-8: Add* the results of step-6 and step-7.

Step-9: Multiply* the results of step-8 with K6.

Step-10: Add* the results of step-7 and step-9.

Step-11: XOR the results of step-1 and step-9.

Step-12: XOR the results of step-3 and step-9.

Step-13: XOR the results of step-2 and step-10.

Step-14: XOR the results of step-4 and step-10.

The asterisk (*) sign in the above mentioned steps indicates that the addition and multiplication
is not simple addition and multiplication but it is addition modulo 2^16 (i.e. addition modulo
65536) and multiplication modulo 2^16 + 1 (i.e. multiplication modulo 65537).

(Example: 5 mod 2 is 1 because remainder of 5/2 is 1)

Modulo arithmetic is required in IDEA because it simply ensures that even if the result of
addition and multiplication of two 16-bit numbers contains more than 16-bits, we bring back to
16-bits.

Compiled By: Prof. Radhika Kotecha

Reference: Cryptography and Network Security by Atul Kahate
Figure 2 shows the details of one round in a symbolic fashion:

Figure 2: Single round of IDEA

The input block are shown as P1 to P4, the sub keys are denoted by K1 to K6 and the output of
this step is denoted by R1 to R4 (and not C1 to C4, because this is not the final cipher text but it
is an intermediate output, which will be processed in further rounds as well as in output
transformation).

Compiled By: Prof. Radhika Kotecha

Reference: Cryptography and Network Security by Atul Kahate
 Sub key generation for a round:
As mentioned earlier, each of the eight rounds make use of six sub-keys (so, 8*6 = 48 sub-keys
are required for the round) and the final output transformation uses four sub-keys (making a total
of 48 + 4= 52 sub-keys overall). These 52 sub-keys are generated from an input key of 128 bits.
The explanation below is based on the understanding of sub-key generation process for the first
two rounds, whereas the sub-key generation for all the rounds is tabulated later:

First round:

Original Key(128 bits)

……..
K1 (bits 1-16) K2 (bits 17-32) … K6 (bits 81-96) Unused(bits 97-128)

Figure 3: Sub-key generation for the first round

 The initial key consists of 128 bits, from which 6 sub-keys K1 to K6 are generated for the
first round.
 Since K1 to K6 consists of 16 bit each, out of original 128 bits, the first 96 bits are used for
the first round.
 Thus at the end of the first round, bits 97 -128 of the original key are unused as shown in
Figure 3.

Second round:

 In the second round, firstly, the 32 unused bits (i.e. bits 97-128) of the first round are used.
 As each round requires 6 sub-keys K1 to K6, each of 16 bits, making a total of 96 bits.
 Thus, for the second round we still require (96-32 = 64) more bits.
 However, all the 128 bit of the original key are exhausted.
 For remaining 64 bits IDEA employs the technique of key shifting.
 At this stage, the original key is shifted left circularly by 25 bits.
 That is, the 26th bit of the original key moves to the first position and becomes the 128th bit
after the shift.
 The whole process is shown in the Figure 4:

Compiled By: Prof. Radhika Kotecha

Reference: Cryptography and Network Security by Atul Kahate
 Figure 4: Circular-left shift and its use in sub-key generation for round 2

Thus the same process goes on up to the last (8th) round. At the end of the last round, we have
no unused bits. They are used in the output transformation. Sub-key generation process for
each round is depicted in the Table 1:

Compiled By: Prof. Radhika Kotecha

Reference: Cryptography and Network Security by Atul Kahate
 Table 1: Sub-key Generation Process for each round

 Output Transformation:
The Output Transformation is the one time operation. It takes place at the end of the 8th round.

Step-1: Multiply* R1 and K1.

Step-2: Add* R2 and K2.

Step-3: Add* R3 and K3.

Step-4: Multiply* R4 and K4.

Figure 5: Details of the output transformation

Compiled By: Prof. Radhika Kotecha

Reference: Cryptography and Network Security by Atul Kahate
Output Transformation process:

R1 R2 R3 R4

K1 Multiply* Add* K3

K2 Add* Multiply* K4

C1 C2 C3 C4

Output Cipher Text (64 bits)

Figure 6: Output Transformation Process

As shown in Figure 6, a 64-bit value is divided into four sub-blocks (R1 to R4 each of 16 bits).
Also, four sub-keys are applied here instead of six. Assume that these four 16 bits sub-keys (K1
to K4) are available to output transformation. The output of this process is the final 64-bit cipher
text, which is the combination of the four cipher text blocks C1 to C4.

 Sub-Key Generation for the Output Transformation:

The process for the sub-key generation for the output transformation is exactly similar to sub-key
generation process for the eight rounds. At the end of the eighth round, the key was exhausted.
Hence, the key is again shifted by 25 bits. Post this shift operation, the first 64 bit of the key are
taken, and are called as sub-keys K1 to K4 for the final output transformation.

 IDEA Decryption:
The decryption process is exactly the same as encryption process. There are some alterations in
the generation and pattern of sub-keys. The decryption sub-keys are actually inverse of
encryption sub-keys.

 The Strength of IDEA:

IDEA uses 128-bit key, which is double than key size of DES. Thus, to break into IDEA, 2128
encryption operations are required.

Compiled By: Prof. Radhika Kotecha

Reference: Cryptography and Network Security by Atul Kahate