XTEA is a modified version of the block cipher TEA, which was designed to prevent certain weaknesses pointed out by David Wagner in 1997. In particular, TEA's key schedule is very simple, and this lead to several attacks, which, while not fatal to the algorithm, made TEA seem rather weak. The main change made to TEA to produce XTEA was the use of a somewhat stronger key schedule. Like TEA, XTEA uses 32 simple rounds to encrypt a 64-bit block. Once again, the cipher was specified as a C function (and, once again, there were errors in the early versions, leading to confusion). If I may give some advice to the designers, should they ever happen to read this: Learn C's operator precedence rules, and including test vectors!


void tean(unsigned int v[2], unsigned int k[4])
   {
   cosnt int N = 32;
   unsigned int y=v[0], z=v[1], DELTA=0x9e3779b9;
   unsigned int limit=DELTA*N, sum=0;
   while(sum != limit)
      {
      y += (z<<4 ^ z>>5) + z ^ (sum + k[sum&3]);
      sum +=DELTA;
      z += (y<<4 ^ y>>5) + y ^ (sum + k[(sum>>11) &3]);
      }
   v[0]=y;
   v[1]=z;
   }

One little optimization which can be used (at the expense of running an actual key scheduling operation, which is not a big deal), is to precompute all of the sum + k[expr] expressions when the key is set. This provides roughly a 30% speedup (when I tried it in C++), and is very cheap in both memory and CPU time.