IDEA is the second version of a block cipher designed by [Xuejia Lai]? and [James L. Massey]?. RSA Security [1] describes it this way:

- [IDEA] is a 64-bit iterative block cipher with a 128-bit key. The encryption process requires eight complex rounds. Decryption is carried out in the same manner as encryption once the decryption subkeys have been calculated from the encryption subkeys. The cipher structure was designed to be easily implemented in both software and hardware, and the security of IDEA relies on the use of three incompatible types of arithmetic operations on 16-bit words. However some of the arithmetic operations used in IDEA are not that fast in software. As a result the speed of IDEA in software is similar to that of DES. [2]

RSA Security goes on to say that IDEA was analyzed to measure its strength against differential cryptanalysis. The analysis concluded that IDEA is immune to that technique. In fact, (says RSA Security), there are *no* linear cryptanalytic attacks on IDEA, *and* there are *no known* algebraic weaknesses in IDEA. The only weakness of note was discovered by Daemen [DGV94]: using a (large) class of 2^{51} weak keys during encryption results in easy detection and recovery of the key. "However, since there are 2^{128} possible keys, this result has no impact on the practical security of the cipher for encryption provided the encryption keys are chosen at random. IDEA is generally considered to be a very secure cipher and both the cipher development and its theoretical basis have been openly and widely discussed." *[ibid.]*

IDEA encryption is faster and generally considered to be more secure than DES encryption. But IDEA is newer and therefore not as extensively tested, and it is patented which restricts its commercial use. The patent will expire in 2011.

**Further Reading**

[LM92] X. Lai, J.L. Massey and S. Murphy, Markov ciphers and differential cryptanalysis, *Advances in Cryptology - Eurocrypt '91*, Springer-Verlag (1992), 17-38.

[DGV94] J. Daemen, R. Govaerts, and J. Vandewalle, Weak keys for IDEA, Advances in Cryptology - Crypto '93, Springer-Verlag (1994), 224-231.