Wheeler & Needham’s Tiny Encryption Algorithm is a simple but powerful encryption algorithm (based on a ‘Feistel cipher’).

I’ve long been impressed by the combination of simplicity & effectiveness: while vulnerable to determined cryptanalysis such as related-key attack, TEA is a light-weight solution more appropriate for many applications than ‘industrial strength’ approaches such as AES.

This is a JavaScript implementation of the (corrected) ‘Block TEA’ or ‘large block’ version of the algorithm (also dubbed ‘xxtea’) with a wrapper to enable it to work on (Unicode) text strings.

This is a simple but highly effective DES-style encryption algorithm which can be useful for web applications which require security or encryption. It provides very secure cryptographically strong encryption in a few lines of concise, clear (JavaScript) code.

Wheeler & Needham say the Block TEA version is faster than the original (64-bit block version) when encrypting longer blocks (over 16 chars), and is more secure (‘a single bit change will change about one half of the bits of the entire block, leaving no place where the changes start’). It is also simpler to implement for encrypting arbitrary-length texts (being variable block size, it requires no ‘mode of operation’). For an implementation of the original algorithm, see tea.html.

TEA uses a 128-bit key, which could (for increased security) be an encrypted (or hashed) form of the supplied password. Here I simply convert the first 16 characters of the password into longs to generate the key. The password might be a user-supplied password, or an internal system password. A system password will be more secure if it avoids plain-text (e.g. ‘dVr4t%G§Uu-mz7+8’).

Wheeler & Needham’s original formulation (in C) of corrected block TEA (aka xxtea) was as follows:

#define MX (z>>5^y<<2) + (y>>3^z<<4)^(sum^y) + (k[p&3^e]^z); long btea(long* v, long n, long* k) { unsigned long z=v[n-1], y=v[0], sum=0, e, DELTA=0x9e3779b9; long m, p, q ; if (n > 1) { /* Coding Part */ q = 6+52/n ; while (q-- > 0) { sum += DELTA; e = sum >> 2&3 ; for (p=0; p<n-1; p++) y = v[p+1], z = v[p] += MX; y = v[0]; z = v[n-1] += MX; } return 0 ; } else if (n < -1) { /* Decoding Part */ n = -n ; q = 6+52/n ; sum = q*DELTA ; while (sum != 0) { e = sum>>2 & 3; for (p=n-1; p>0; p--) z = v[p-1], y = v[p] -= MX; z = v[n-1]; y = v[0] -= MX; sum -= DELTA; } return 0; } return 1; }

I needed to encrypt text, not binary data, so I have built on this so that it operates on text
rather than just on numeric arrays, and also rearranged it slightly so that *p* is not
referenced outside the *for* loop (valid in C, but not always in other languages).
The ciphertext is encoded
as Base64 so that it can be safely stored and/or transmitted without troublesome control
characters causing problems. The plaintext is first
converted to UTF-8
so that the script is multi-byte-character safe.

If you want to use the encrypted text in a URL, you can convert the standard base64 string
to base64url by
`var b64url = b64.replace(/+/, '-').replace(/\//, '_');`

*In other languages:* remember ** always** to use either

*or unsigned type declarations, according to features available in the language – signed right shift operations will fail; also, in strToLongs(), to avoid running off the end of the string, some languages may need the string to be padded to a multiple of 4 characters, with the equivalent of for (var p=0; p<3-(s.length-1)%4; p++) s += '\0';.*

**unsigned right-shift**operatorsFor an explanation of the operation of the TEA algorithm, and cryptography in general, an excellent
book is *Information Security Intelligence: Cryptographic Principles & Applications*
by Tom Calabrese (available from Amazon.com).
There is also a good article explaining TEA
operation and cryptanalysis by Matthew Russell from York University and a short article in
Wikipedia.

Note: if you are interested in cryptanalysis of TEA, bear in mind that there are
4 versions described in 3 documents: the original *TEA*,
then *Extensions to TEA* (addressing weaknesses in
TEA and also describing Block TEA), and *Corrections to
Block TEA* (aka xxtea). Block TEA is a variable-width block cipher with a number of
benefits over the original. This page implements the last of these, xxtea.

If you really want industrial-strength encryption, I have also implemented a version of AES.

For some security applications, a cryptographic hash is more appropriate than encryption – if you are interested in a hash function, see my implementation of SHA-1.

See below for the source code of the JavaScript implementation, also available on GitHub.

This should be straightforward to translate into other languages if required. If needed, I have base64 conversion routines and UTF-8 conversion routines, and David Chambers has written a good-looking btoa()/atob() polyfill (also useful for targeting IE9-).

I offer these formulæ & scripts for free use and adaptation as my contribution to the open-source info-sphere from which I have received so much. You are welcome to re-use these scripts [under a simple attribution license, without any warranty express or implied] provided solely that you retain my copyright notice and a link to this page.

If you would like to show your appreciation, I would most gratefully accept donations.

*Note*: this script was **revised** in **October 2009** to handle multi-byte UTF-8 character strings,
and to encapsulate it within a *Tea* namespace.
It was revised in **June 2014** to use `btoa()`

& `atob()`

for base64 encoding,
and `en/decodeURIComponent()`

& `un/escape()`

for UTF-8 encoding; the
previous version is available for reference.

If you have any queries or find any problems, contact me at ku.oc.epyt-elbavom@tpyrc-stpircs.

*© 2002-2014 Chris Veness*