IDEA (International Data Encryption Algorithm) [LMM92] is the second version of a block cipher designed and presented by Lai and Massey [LM91a]. It is a 64-bit iterative block cipher with a 128-bit key and eight rounds. While the cipher is not Feistel (see Question 56), decryption is carried out in the same manner as encryption once the decryption subkeys have been calculated from the encryption subkeys. The cipher structure was designed to be easily implemented in both software and hardware, and the security of IDEA relies on the use of three incompatible types of arithmetic operations on 16-bit words. The speed of IDEA in software is similar to that of DES.
One of the principles during the design of IDEA was to facilitate analysis of its strength against differential cryptanalysis (see Question 58); IDEA is considered to be immune from differential cryptanalysis. In addition, no linear cryptanalytic attacks on IDEA have been reported and there is no known algebraic weakness in IDEA. The most significant cryptanalytic result is due to Daemen [DGV94]. He discovered a large class of 251 weak keys (see Question 60) for which the use of such a key during encryption could be detected and the key recovered. However, since there are 2128 possible keys, this result has no impact on the practical security of the cipher for encryption. IDEA is generally considered secure and both the cipher development and its theoretical basis have been openly and widely discussed.