Scribd
Upload
62 views7 pages

XTEA Password-Based Encryption Report

This report presents a password-based encryption method utilizing the XTEA encryption algorithm in CTR mode, designed for secure data transmission. It incorporates PBKDF2 for key derivation, enhancing security against brute-force attacks. The document includes pseudocode and a complete Python program for encryption and decryption processes, along with security considerations.

Uploaded by

adithyavenkatesh82
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views7 pages

XTEA Password-Based Encryption Report

This report presents a password-based encryption method utilizing the XTEA encryption algorithm in CTR mode, designed for secure data transmission. It incorporates PBKDF2 for key derivation, enhancing security against brute-force attacks. The document includes pseudocode and a complete Python program for encryption and decryption processes, along with security considerations.

Uploaded by

adithyavenkatesh82
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

RAMAIAH INSTITUTE OF TECHNOLOGY

MSRIT NAGAR, BENGALURU, 560054

A REPORT ON

PASSWORD BASED XTEA-CTR


Submitted in partial fulfilment of the OTHER COMPONENT
requirements as a part of the Information Security subject with code
IS72 for the VII Semester of degree of Bachelor of Engineering in
Information Science and Engineering

Submitted by
Hemanth Bhagwat - 1MS22IS048
Aakash J N - 1MS22IS001

Under the Guidance of


Faculty In-charge
[Link] V

Assistant Professor
Dept. of ISE

Department of Information Science and Engineering


Ramaiah Institute of Technology
2025 – 2026
XTEA Encryption and Decryption Technique
Introduction
XTEA (eXtended Tiny Encryption Algorithm) is a lightweight block cipher designed
to offer security with minimal computational cost. It uses a Feistel-like network and
provides a 64-bit block size with a 128-bit key. Its design improves upon the
weaknesses of TEA by enhancing the key schedule and overall round function.

How XTEA Encryption Works


XTEA processes data in two 32-bit halves: v0 and v1. The encryption function
operates for 32 rounds. In each round:
• A running value 'sum' is incremented by a constant DELTA = 0x9E3779B9 •
Key words are selected using bits of 'sum'
• v0 and v1 are transformed using XOR, addition modulo 2³², and bit shifting

These operations together achieve high levels of diffusion and confusion, ensuring
that small changes in plaintext or key produce large, unpredictable changes in
ciphertext.

CTR-like Mode of Operation


Although XTEA is a block cipher, we use a CTR-like mode to turn it into a secure
streaming cipher. We generate:
• A random 8-byte nonce.

• A counter that increments for each block.

The nonce + counter value is encrypted using XTEA to produce a keystream block,
which is

XORed with plaintext. This method eliminates padding and allows encryption of data of
any size.

Password-Based Key Derivation (PBKDF2)


Instead of using the raw password directly as a key, PBKDF2-HMAC-SHA256 is used to
derive a strong 128-bit key. PBKDF2 applies thousands of iterations and a random 16-
byte salt to defend against dictionary and brute-force attacks.

This ensures:

• Same password generates different keys (due to salt)

• Much harder for attackers to guess the key


Pseudocode
FUNCTION Encrypt(plaintext, password):

salt = random(16 bytes) key = PBKDF2(password,


salt, 150000 iterations, 16 bytes) nonce = random(8
bytes) keystream = XTEA_CTR(key, nonce,
len(plaintext)) ciphertext = plaintext XOR keystream
return Base64(salt || nonce || ciphertext)

FUNCTION Decrypt(encoded, password):

raw = Base64Decode(encoded) extract salt,


nonce, ciphertext key = PBKDF2(password, salt)
keystream = XTEA_CTR(key, nonce,
len(ciphertext)) plaintext = ciphertext XOR
keystream return UTF8(plaintext)
Security Notes
• XTEA is secure for learning, but modern algorithms like AES are recommended for real
systems.

• Reusing the same nonce + key pair is dangerous in CTR mode.

• This implementation provides confidentiality only — ciphertext modification will not be


detected.

To add security, include an HMAC-SHA256 for integrity.


Complete Python Program

Below is the full Python program for XTEA text-based encryption and decryption:

#!/usr/bin/env python3 import os,


base64, hashlib, struct, sys

def xtea_encrypt_block(v_tuple, k_tuple, cycles=32):


v0, v1 = v_tuple
mask = 0xFFFFFFFF
delta = 0x9E3779B9
sum_ = 0 for _ in
range(cycles):
v0 = (v0 + ((((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum_ + k_tuple[sum_ & 3]))) & mask
sum_ = (sum_ + delta) & mask v1 = (v1 + ((((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum_
+ k_tuple[(sum_ >> 11) & 3]))) & mask return v0, v1

def encrypt_block_bytes(block8, key16):


v0, v1 = [Link](">II", block8) k
= [Link](">IIII", key16) v0e, v1e
= xtea_encrypt_block((v0, v1), k) return
[Link](">II", v0e, v1e)

def keystream_bytes_xtea(key16, nonce8, length):


out = bytearray() nonce_int =
int.from_bytes(nonce8, "big") blocks =
(length + 7) // 8 for i in range(blocks):
counter = (nonce_int + i) &
0xFFFFFFFFFFFFFFFF block =
counter.to_bytes(8, "big") ks =
encrypt_block_bytes(block, key16)
[Link](ks) return bytes(out[:length])

def xor_bytes(a, b): return bytes(x ^ y for x, y in zip(a, b))

def derive_key(password, salt):


return hashlib.pbkdf2_hmac("sha256", [Link](), salt, 150000, dklen=16)

def encrypt_text(text, password):


salt = [Link](16) nonce
= [Link](8) key =
derive_key(password, salt)
data = [Link]("utf-8") ks
= keystream_bytes_xtea(key,
nonce, len(data)) ciphertext =
xor_bytes(data, ks) return
base64.b64encode(salt + nonce
+ ciphertext).decode()

def decrypt_text(b64, password): raw =


base64.b64decode(b64) salt = raw[:16] nonce =
raw[16:24] ciphertext = raw[24:] key =
derive_key(password, salt) ks =
keystream_bytes_xtea(key, nonce, len(ciphertext))
return xor_bytes(ciphertext, ks).decode("utf-8")

def menu():
print("=== XTEA Text Encryption/Decryption ===")
while True:
cmd = input("\nEncrypt (E) / Decrypt (D) / Exit (X):
").lower() if cmd == 'e':
msg = input("Enter message: ") pwd =
input("Enter password: ") print("\nEncrypted
Base64:\n", encrypt_text(msg, pwd)) elif cmd == 'd':
ct = input("Enter Base64 text: ")
pwd = input("Enter password: ")
try:
print("\nDecrypted message:\n", decrypt_text(ct,
pwd)) except: print("Error: Wrong password
or corrupted data.") elif cmd == 'x':
break

if __name__ == "__main__":
menu()

Working
Encryption:
Decryption:

False Password/ Decryption code:

Common questions

Powered by AI

Using a CTR-like mode transforms the XTEA block cipher into a secure stream cipher by generating a keystream that is XORed with the plaintext. This is done by encrypting a nonce + counter value combination for each block, which produces a unique keystream block. Such a transformation allows for the encryption of data of any size without requiring padding, effectively turning the block cipher into a stream cipher suitable for variable-length plaintexts .

The potential drawbacks of using XTEA in real-world applications include its limited design to provide only confidentiality without integrity protection. Unlike more modern algorithms like AES, XTEA is considered secure mainly for learning purposes. Additionally, the implementation provides confidentiality only, meaning ciphertext modification detection is absent unless augmented with additional security features like HMAC-SHA256 for integrity .

The program includes a Base64 encoding step after the encryption process to convert the binary data (salt, nonce, and ciphertext) into a textual format that can be easily stored and transferred over systems that handle only text, such as emails or JSON files. Base64 encoding ensures that the encrypted data is represented in ASCII characters, making it compatible with text-based communication channels .

The pseudocode for the encryption function implements the XTEA-CTR mode in several steps. First, a random 16-byte salt is generated, and a strong 128-bit key is derived from the password using PBKDF2 with the salt and 150,000 iterations. A random 8-byte nonce is then generated, and a keystream is produced by encrypting the nonce with XTEA and incrementing a counter for each block. The keystream is XORed with the plaintext to generate ciphertext, which is then encoded with Base64 along with the salt and nonce to form the final output .

The decryption function begins by Base64 decoding the encoded input to extract the salt, nonce, and ciphertext. It then derives the encryption key using PBKDF2 with the provided password and the extracted salt. Using the derived key and extracted nonce, a keystream of appropriate length is generated through XTEA-CTR. The function fetches the original plaintext by XORing the keystream with the ciphertext. The resulting data is then converted from bytes to a UTF-8 encoded string .

The XTEA encryption algorithm achieves high levels of diffusion and confusion through its use of XOR operations, addition modulo 2³², and bit shifting. The repeated application of these operations over 32 rounds creates significant diffusion by ensuring that small changes in the plaintext or key result in unpredictable changes in the ciphertext. The network structure and iterative transformation contribute to the confusion, making it difficult to deduce the key and original plaintext from the ciphertext .

Using a unique nonce for each encryption operation in the CTR mode is crucial because reusing the same nonce + key pair can lead to vulnerabilities. In CTR mode, the nonce acts as a seed for generating a keystream. If reused, the same keystream will be generated, allowing attackers to derive information about plaintexts by analyzing patterns in repeated ciphertext blocks. This compromises the security of the encryption process .

XTEA improves upon the weaknesses of the original TEA algorithm by enhancing both the key schedule and the overall round function. It uses a Feistel-like network to operate on a 64-bit block size with a 128-bit key, enabling a higher level of security by ensuring that small changes in plaintext or key produce large, unpredictable changes in ciphertext. This is achieved through the use of XOR operations, addition modulo 2³², and bit shifting .

PBKDF2 is used in the encryption process of XTEA-CTR to derive a strong 128-bit key from a user password. It enhances security by applying thousands of iterations and a random 16-byte salt when generating the key. This process significantly increases the difficulty of dictionary and brute-force attacks, as attackers would need to recompute the key for each possible password attempt, making it harder to guess the key. The use of a salt ensures that the same password generates different keys, adding another layer of complexity .

When implementing XTEA-based encryption, ensuring data integrity requires additional measures since XTEA provides confidentiality only and does not detect ciphertext modification. To address this, an HMAC-SHA256 can be used to verify the integrity of the ciphertext. This involves computing a hash of the encrypted data and verifying it upon decryption to ensure that no tampering has occurred during transmission or storage .

You might also like