IDEA

IDEA is another block cipher. It operates on 64-bit data blocks and the key is 128 bit long. It was
invented by Xuejia Lai and James Massey, and named IDEA (International Data Encryption
Algorithm) in 1990, after modifying and improving the initial proposal of the cipher based on the
seminal work on Differential cryptanalysis by Biham and Shamir.

The design principle behind IDEA is the “mixing of arithmetical operations from different algebraic
groups”. These arithmetical operations are easily implemented both in hardware and software.

The underlying operations are XOR, addition modulo 216, multiplication modulo 210+1.

The cipher obtains the much-needed non-linearity from the latter two arithmetical operations and
does not use an explicit S-Box.

Round Transformation of IDEA The 64-bit data is divided into four 16-bit blocks: X1, X2,
X3, X4. These four blocks are processed through eight rounds and transformed by the above
arithmetical operations among each other and with six 16-bit subkeys. In each round the
sequence of operations is as follows:
 1. Multiply X1 and the first subkey.
2. Add X2 and the second subkey.
3. Add X3 and the third subkey.
4. Multiply X4 and the fourth subkey.
5. XOR the results of step 1 and 3.
6. XOR the results of step 2 and 4.
7. Multiply the results of steps 5 with the fifth subkey.
8. Add the results of steps 6 and 7.
9. Multiply the results of steps 8 with the sixth subkey.
10. Add the results of steps 7 and 9.
11. XOR the results of steps 1 and 9.
12. XOR the results of steps 3 and 9.
13. XOR the results of steps 2 and 10.
14. XOR the results of steps 4 and 10.

The outputs of steps 11, 12, 13 and 14 are stored in four words of 16 bits each, namely Y1, Y2, Y3
and Y4. The blocks Y2 and Y3 are swapped, and the resultant four blocks are the output of a round
of IDEA. It may be noted that the last round of IDEA does not have the swap step.

Instead the last round has the following additional transformations:

1.
Multiply Y1 and the first subkey.
2.
Add Y2 and the second subkey.
3. Add Y3 and the third subkey.
4.
Multiply Y4 and the fourth subkey.
Finally, the ciphertext is the concatenation of the blocks Y1, Y2, Y3 and Y4.

Key Scheduling of IDEA

 IDEA has a very simple key scheduling. It takes the 128-bit key and divides it into eight 16-
bit blocks.
 The first six blocks are used for the first round, while the remaining two are to be used for the
second round.
 Then the entire 128-bit key is given a rotation for 25 steps to the left and again divided into
eight blocks.
 The first four blocks are used as the remaining subkeys for the second round, while the
last four blocks are to be used for the third round.
 The key is then again given a left shift by 25 bits, and the other subkeys are obtained. The
process is continued till the end of the algorithm.
 For decryption, the subkeys are reversed and are either the multiplicative or additive inverse
of the encryption subkeys. The all zero subkey is considered to represent 216 = –1 for the
modular multiplication operation, mod 216 +1. Thus, the multiplicative inverse of 0 is itself, as
–1 multiplied with –1 gives 1, the multiplicative identity in the group.
 Computing these keys may have its overhead, but it is a onetime
operation, at the beginning of the decryption process.
 IDEA has resisted several cryptanalytic efforts. The designers gave
argument to justify that only 4 rounds of the cipher make it immune
to differential cryptanalysis.
 Joan Daemen, Rene Govaerts and Joos Vandewalle showed that the
cipher had certain keys which can be easily discovered in a chosen
plaintext attack.
 They used the fact that the use of multiplicative subkeys with the value
of 1 or -1 gives rise to linear factors in the round function.
 A linear factor is a linear equation in the key, input and output bits
that hold for all possible input bits.
 The linear factors can be revealed by expressing the modulo 2 sum
of LSBs of the output subblocks of an IDEA round in terms of inputs
and key bits.