Network Working Group H.J. Lee
Request for Comments: 4269 S.J. Lee
Obsoletes: 4009 J.H. Yoon
Category: Informational D.H. Cheon
The SEED Encryption Algorithm
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright (C) The Internet Society (2005).
This document describes the SEED encryption algorithm, which has been
adopted by most of the security systems in the Republic of Korea.
Included are a description of the encryption and the key scheduling
algorithm (Section 2), the S-boxes (Appendix A), and a set of test
vectors (Appendix B).
This document obsoletes RFC 4009.
Lee, et al. Informational [Page 1]RFC 4269 The SEED Encryption Algorithm December 20051. Introduction1.1. Changes from RFC 4009
This specification obsoletes RFC 4009, because RFC 4009 had ambiguous
function and SS-boxes definitions cryptographically. Thus, some
definitions have been changed, and for better understanding, the SEED
pseudo codes have been modified. This update is to provide clarity
and facilitate the development of interoperable implementations. The
SEED algorithm itself has not been changed.
This specification updates RFC 4009 in the following areas:
- Pseudo code changes. The pseudo code in Section 2 of RFC 4009
is insufficient for the explanation of the structure of SEED.
Thus, detailed pseudo code is introduced.
- Some corrections of errata, which are the definitions of R1', Z,
X, and SS-boxes.
1.2. SEED Overview
SEED is a 128-bit symmetric key block cipher that has been developed
by KISA (Korea Information Security Agency) since 1998. SEED is a
national standard encryption algorithm in the Republic of Korea
[TTASSEED] and is designed to use the S-boxes and permutations that
balance with the current computing technology. It has the Feistel
structure with 16-round and is strong against DC (Differential
Cryptanalysis), LC (Linear Cryptanalysis), and related key attacks,
balanced with security/efficiency trade-off.
The features of SEED are outlined as follows:
- The Feistel structure with 16-round
- 128-bit input/output data block size
- 128-bit key length
- A round function that is strong against known attacks
- Two 8x8 S-boxes
- Mixed operations of XOR and modular addition
SEED has been widely used in the Republic of Korea for confidential
services such as electronic commerce; e.g., financial services
provided in wired and wireless communication.
Lee, et al. Informational [Page 2]RFC 4269 The SEED Encryption Algorithm December 20051.3. Notation
The following notation is used in the description of the SEED
& bitwise AND
^ bitwise exclusive OR
+ addition in modular 2**32
- subtraction in modular 2**32
<< n left circular rotation by n bits
>> n right circular rotation by n bits
0x hexadecimal representation
2. The Structure of SEED
The input/output block size of SEED is 128 bits, and the key length
is also 128 bits. SEED has the 16-round Feistel structure. A
128-bit input is divided into two 64-bit blocks (L, R), and the right
64-bit block is an input to the round function F, with a 64-bit
subkey Ki generated from the key schedule. L is the most significant
64 bits of 128-bit input, and R is the least significant 64 bits.
A pseudo code for the structure of SEED is as follows:
Input : (L, R)
for i = 1 to 15
T = R;
R = L ^ F(Ki, R);
L = T;
L = L ^ F(K16, R), R=R
Output : (L, R)
Where T is a temporary.
2.1. The Round Function F
SEED uses two 8x8 S-boxes, permutations, rotations, and basic modular
operations such as exclusive OR (XOR) and additions to provide strong