Movable Type Home Page

Movable Type Scripts

Block TEA (Tiny Encryption Algorithm)

Wheeler & Needham’s Tiny Encryption Algorithm is a simple but powerful encryption algorithm (based on a ‘Feistel cipher’).

I’ve long been impressed by the combination of simplicity & effectiveness: while vulnerable to determined cryptanalysis such as related-key attack, TEA is a light-weight solution more appropriate for some applications than ‘industrial strength’ approaches such as AES.

This is a JavaScript implementation of the (corrected) ‘Block TEA’ or ‘large block’ version of the algorithm (also dubbed ‘xxtea’) with a wrapper to enable it to work on (Unicode) text strings.

This is a simple but highly effective DES-style encryption algorithm which can be useful for web applications which require security or encryption. It provides secure cryptographically strong encryption in a few lines of concise, clear (JavaScript) code.

Functional demo: enter password & plaintext (or previously-encrypted text)

Wheeler & Needham say the Block TEA version is faster than the original (64-bit block version) when encrypting longer blocks (over 16 chars), and is more secure (‘a single bit change will change about one half of the bits of the entire block, leaving no place where the changes start’). It is also simpler to implement for encrypting arbitrary-length texts (being variable block size, it requires no ‘mode of operation’). For an implementation of the original algorithm, see tea.html.

TEA uses a 128-bit key, which could (for increased security) be an encrypted (or hashed) form of the supplied password. Here I simply convert the first 16 characters of the password into longs to generate the key. The password might be a user-supplied password, or an internal system password. A system password will be more secure if it avoids plain-text (e.g. ‘dVr4t%G§Uu-mz7+8’).

Wheeler & Needham’s original formulation (in C) of corrected block TEA (aka xxtea) was as follows:

#define MX (z>>5^y<<2) + (y>>3^z<<4)^(sum^y) + (k[p&3^e]^z);

long btea(long* v, long n, long* k) {
  unsigned long z=v[n-1], y=v[0], sum=0, e, DELTA=0x9e3779b9;
  long m, p, q ;
  if (n > 1) {          /* Coding Part */
    q = 6+52/n ;
    while (q-- > 0) {
      sum += DELTA;
      e = sum >> 2&3 ;
      for (p=0; p<n-1; p++) y = v[p+1], z = v[p] += MX;
      y = v[0];
      z = v[n-1] += MX;
    return 0 ;
  } else if (n < -1) {  /* Decoding Part */
    n = -n ;
    q = 6+52/n ;
    sum = q*DELTA ;
    while (sum != 0) {
      e = sum>>2 & 3;
      for (p=n-1; p>0; p--) z = v[p-1], y = v[p] -= MX;
      z = v[n-1];
      y = v[0] -= MX;
      sum -= DELTA;
    return 0;
  return 1;

I needed to encrypt text, not binary data, so I have built on this so that it operates on text rather than just on numeric arrays, and also rearranged it slightly so that p is not referenced outside the for loop (valid in C, but not always in other languages). The ciphertext is encoded as Base64 so that it can be safely stored and/or transmitted without troublesome control characters causing problems. The plaintext is first converted to UTF-8 so that the script is multi-byte-character safe.

If you want to use the encrypted text in a URL, the Base64 ‘+’, ‘/’, ‘=’ characters can cause problems if not escaped, so you can convert the standard base64 string to base64url by
    const b64url = b64.replace(/+/g, '-').replace(/\//g, '_').replace(/=/g, '.');
(and the reverse before decrypting the encrypted text, of course).

In other languages: remember always to use either unsigned right-shift operators or unsigned type declarations, according to features available in the language – signed right shift operations will fail; also, in strToLongs(), to avoid running off the end of the string, some languages may need the string to be padded to a multiple of 4 characters, with the equivalent of for (var p=0; p<3-(s.length-1)%4; p++) s += '\0';.

For an explanation of the operation of the TEA algorithm, and cryptography in general, an excellent book is Information Security Intelligence: Cryptographic Principles & Applications by Tom Calabrese (available from There is also a good article explaining TEA operation and cryptanalysis by Matthew Russell from York University and a short article in Wikipedia.

Note: if you are interested in cryptanalysis of TEA, bear in mind that there are 4 versions described in 3 documents: the original TEA, then Extensions to TEA (addressing weaknesses in TEA and also describing Block TEA), and Corrections to Block TEA (aka xxtea). Block TEA is a variable-width block cipher with a number of benefits over the original. This page implements the last of these, xxtea.

If you really want industrial-strength encryption, I have also implemented a version of AES.

For some security applications, a cryptographic hash is more appropriate than encryption – if you are interested in a hash function, see my implementation of SHA-1.

See below for the source code of the JavaScript implementation, also available on GitHub.

This should be straightforward to translate into other languages if required. If needed, I have base64 conversion routines and UTF-8 conversion routines, and David Chambers has written a good-looking btoa()/atob() polyfill (also useful for targeting IE9-).

OSI MIT License I offer these formulæ & scripts for free use and adaptation as my contribution to the open-source info-verse. You are welcome to re-use these scripts [under an MIT licence, without any warranty express or implied] provided solely that you retain my copyright notice and a link to this page.

Note: this script was revised in October 2009 to handle multi-byte UTF-8 character strings, and to encapsulate it within a Tea namespace. It was revised in June 2014 to use btoa() & atob() for base64 encoding, and en/decodeURIComponent() & un/escape() for UTF-8 encoding; the previous version is available for reference.

If you have any queries or find any problems, contact me at ku.oc.epyt-elbavom@tpyrc-stpircs.

© 2002-2017 Chris Veness