The SEED Cipher Algorithm and Its Use with IPsec
RFC 4196

Document Type RFC - Proposed Standard (October 2005; No errata)
Was draft-lee-ipsec-cipher-seed (individual in sec area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4196 (Proposed Standard)
Telechat date
Responsible AD Russ Housley
Send notices to
Network Working Group                                           H.J. Lee
Request for Comments: 4196                                     J.H. Yoon
Category: Standards Track                                       S.L. Lee
                                                                J.I. Lee
                                                            October 2005

            The SEED Cipher Algorithm and Its Use with IPsec

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).


   This document describes the use of the SEED block cipher algorithm in
   the Cipher Block Chaining Mode, with an explicit IV, as a
   confidentiality mechanism within the context of the IPsec
   Encapsulating Security Payload (ESP).

1.  Introduction

1.1.  SEED

   SEED is a national industrial association standard [TTASSEED] and is
   widely used in South Korea for electronic commerce and financial
   services that are operated on wired and wireless communications.

   SEED is a 128-bit symmetric key block cipher that has been developed
   by KISA (Korea Information Security Agency) and a group of experts
   since 1998.  The input/output block size of SEED is 128-bit and the
   key length is also 128-bit.  SEED has the 16-round Feistel structure.
   A 128-bit input is divided into two 64-bit blocks, and the right 64-
   bit block is an input to the round function with a 64-bit subkey that
   is generated from the key scheduling.

   SEED is easily implemented in various software and hardware, and it
   can be effectively adopted to a computing environment with restricted
   resources, such as mobile devices and smart cards.

Lee, et al.                 Standards Track                     [Page 1]
RFC 4196               The Use of SEED with IPsec           October 2005

   SEED is robust against known attacks including DC (Differential
   cryptanalysis), LC (Linear cryptanalysis), and related key attacks.
   SEED has gone through wide public scrutinizing procedures.  It has
   been evaluated and is considered cryptographically secure by credible
   organizations such as ISO/IEC JTC 1/SC 27 and Japan CRYPTREC
   (Cryptography Research and Evaluation Committees)[ISOSEED][CRYPTREC].

   The remainder of this document specifies the use of SEED within the
   context of IPsec ESP.  For further information on how the various
   pieces of ESP fit together to provide security services, please refer
   to [ARCH], [ESP], and [ROAD].

1.2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
   "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase,
   as shown) are to be interpreted as described in RFC 2119 [KEYWORDS].

2.  The SEED Cipher Algorithm

   All symmetric block cipher algorithms share common characteristics
   and variables, including mode, key size, weak keys, block size, and
   rounds.  The following sections contain descriptions of the relevant
   characteristics of SEED.

   The algorithm specification and object identifiers are described in
   [ISOSEED] [SEED].  The SEED homepage,, contains a wealth of
   information about SEED, including a detailed specification,
   evaluation report, test vectors, and so on.

2.1.  Mode

   NIST has defined 5 modes of operation for the Advanced Encryption
   Standard (AES) [AES] and other FIPS-approved ciphers [MODES]: CBC
   (Cipher Block Chaining), ECB (Electronic Codebook), CFB (Cipher
   FeedBack), OFB (Output FeedBack), and CTR (Counter).  The CBC mode is
   well-defined and well-understood for symmetric ciphers, and is
   currently required for all other ESP ciphers.  This document
   specifies the use of the SEED cipher in the CBC mode within ESP.
   This mode requires an Initialization Vector (IV) that is the same
   size as the block size.  Use of a randomly generated IV prevents
   generation of identical ciphertext from packets that have identical
   data that spans the first block of the cipher algorithm's block size

   The IV is XOR'd with the first plaintext block before it is
   encrypted.  Then for successive blocks, the previous ciphertext block
   is XOR'd with the current plaintext before it is encrypted.
Show full document text