International Data Encryption Algorithm

The International Data Encryption Algorithm (IDEA ) was developed in 1990 as a joint project between ETH Zurich and the Ascom Systec AG by James L. Massey and Xueija Lai. IDEA is a symmetric algorithm and one of the block ciphers. The algorithm was developed by a revision of a previous cryptosystem called PES ( Proposed Encryption Standard ), at first he was called IPES (Improved PES) and was considered as a replacement for DES considered.

The Ascom Systec AG held the patents to IDEA. The corresponding European Patent EP 0482154 B1 was registered with effect for the EPC contracting states, Germany, France, Italy, Liechtenstein, Netherlands, Austria, Sweden, Switzerland, Spain and the United Kingdom, and is extinguished on May 16, 2011. The corresponding U.S. Patent No. 5,214,703 has also disappeared on May 16, 2011.


IDEA uses a series of eight identical transformations, which each correspond to one round, and an output transformation, which corresponds to a half a lap. The decryption process corresponding to the encoding process in reverse. When encrypting the plaintext is divided into large blocks of 64 bits and cut the key into pieces of 16 bits each. The encryption is done by combining the following three operations:

  • (⊕ is shown with a blue circled plus) The Boolean operation XOR, also called " exclusive or"
  • ( ⊞ shown with a green framed Plus) The addition modulo 216.
  • ( ⊙ shown with a red circled point) The multiplication modulo 216 1, where all NULL -word values ​​( 0x0000 ) can be interpreted as a value of 216.

The combination of these three operations from different algebraic groups to ensure a high level of security. The procedure is optimized to resist attacks by differential cryptanalysis. After eight rounds comes a final half lap, the output transformation, the use of which is shown in the illustration below.

Key Schedule

Each of the eight rounds uses six 16 -bit subkeys, during the final half lap which four are used, which adds up to 52 subkey for 8.5 rounds. The first eight subkeys are extracted directly from the key, the key K1 is formed of the first round of the 16 least significant bits. After that, the key is rotated 25 bits to the left and turn extracted from the rotated key eight subkeys. This is repeated until after a total of six rotations every 52 subkeys were formed.


The developers IDEA analyzed to measure his strength against differential cryptanalysis, and came to the conclusion that the algorithm under certain conditions is immune to this type of attack. It was further discovered no linear or algebraic weaknesses. The best attack on IDEA is a plaintext attack and dates from the year 2011. This stops the algorithm when it is reduced to 6 rounds, and requires 16 plaintext blocks and less than 2112 operations.

Bruce Schneier in 1996 had a high opinion of IDEA and wrote in the book (Applied Cryptography, 2nd ed ) " In my opinion, it is the best and most secure block algorithm available to the public at this time. " German: "In my view, it is the best and safest block cipher, which is available to the public at the moment. " in 1999, he recommended the algorithm, however, in favor of faster algorithms, advances in cryptanalysis and the problems with software patents no further.

The simple key schedule makes IDEA with a class of weak keys to attack. Keys, which contain a large number of bits with the value 0, lead to a weak encryption. However, these have little practical importance, since they are rare and therefore do not need to be explicitly bypassed in the creation of random keys. There was a small change proposed to solve the problem: Each part key is to be linked during the XOR operation with a 16 -bit constant with the value 0x0DAE. Larger classes of weak keys have been discovered in 2002.