igor - Fotolia
What is the REESSE3+ block cipher, and how does it differ from IDEA? Is it a viable symmetric key cryptosystem to use in the enterprise?
The International Data Encryption Algorithm (IDEA) is a symmetric-key block cipher and has been around quite a while; it was first described in 1991.
Symmetric-key ciphers use the same key -- or secret -- for encrypting and decrypting data such as a message or file. Symmetric-key encryption can use either stream ciphers or block ciphers; a stream cipher encrypts data one bit at a time while a block cipher works on larger chunks or blocks of data, encrypting each block as a single unit.
IDEA operates on 64-bit blocks using a 128-bit key, and consists of a series of eight identical transformations (a "round") and an output transformation (a "half-round"). Other well-known block ciphers include AES, which works on 128-bit blocks, and Blowfish, which works on 64-bit blocks. Although IDEA is quite old now, it is still a highly regarded algorithm and is used in Pretty Good Privacy v2.0 and is an optional algorithm in the OpenPGP standard.
Truly widespread adoption of IDEA was hampered by the fact that it was only free for non-commercial use as it was patented in a number of countries. For example, the IDEA cipher suite has been removed from the TLS 1.2 standard not because of concerns over any weaknesses in the algorithm, but because most TLS implementations either do not support it, do not enable it by default or do not negotiate it when other algorithms such as AES are available. However, researchers in China have put forward a paper describing a block cipher based on IDEA called the REESSE3+ block cipher.
There are two obvious differences between IDEA and REESSE3+ that make the latter less susceptible to a brute force attack and ensure security when gigabytes of data are encrypted with a given key; the block length is extended to 128-bits from 64-bits, and the key length is extended to 256-bits from 128-bits.
Other changes are more complicated. The round function used in REESSE3+ has been updated and is more complex than that of IDEA, containing seven modular multiplications and seven modular additions. A round consists of various processing steps including substitution, transposition and mixing of the input plaintext to transform it into the final output of ciphertext. The more complex the round function is, the more efficiently the statistical structure of the plaintext is dispersed throughout the ciphertext -- diffusion. Despite the round function being more complex than IDEA's, the researchers claim the speed of encryption is improved by performing 26 operations -- not 28 -- per 128-bit block.
As computers become more powerful, older encryption algorithms become less secure; new algorithms that are open to public scrutiny and comment are always welcome. It is too soon to say whether REESSE3+ will become a widely accepted and used encryption algorithm, so enterprises should continue to use encryption standards that have wide industry approval (such as AES) and ensure systems are configured to use them correctly.
Finally, REESSE3+ is not the only algorithm to be based on IDEA. IDEA NXT has two configurations: NXT64 operates on 64-bit blocks using a 128-bit key and has 16 rounds, while the NXT128 operates on 125-bit blocks using a 256-bit key and also has 16 rounds.
Ask the Expert:
Have a question about application security? Send it via email today. (All questions are anonymous.)
Gain a further understanding of cryptography topics including algorithms, protocols, components and more
Dig Deeper on Disk and file encryption tools
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading