The SEED Encryption Algorithm
RFC 4269
Document  Type 
RFC  Informational
(December 2005; No errata)
Obsoletes RFC 4009
Was draftleerfc4009bis (individual in sec area)



Last updated  20151014  
Stream  IETF  
Formats  plain text pdf html  
Stream  WG state  (None)  
Consensus  Unknown  
Document shepherd  No shepherd assigned  
IESG  IESG state  RFC 4269 (Informational)  
Telechat date  
Responsible AD  Russ Housley  
Send notices to  jhyoon@kisa.or.kr 
Network Working Group H.J. Lee Request for Comments: 4269 S.J. Lee Obsoletes: 4009 J.H. Yoon Category: Informational D.H. Cheon J.I. Lee KISA December 2005 The SEED Encryption Algorithm Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document describes the SEED encryption algorithm, which has been adopted by most of the security systems in the Republic of Korea. Included are a description of the encryption and the key scheduling algorithm (Section 2), the Sboxes (Appendix A), and a set of test vectors (Appendix B). This document obsoletes RFC 4009. Lee, et al. Informational [Page 1] RFC 4269 The SEED Encryption Algorithm December 2005 1. Introduction 1.1. Changes from RFC 4009 This specification obsoletes RFC 4009, because RFC 4009 had ambiguous function and SSboxes definitions cryptographically. Thus, some definitions have been changed, and for better understanding, the SEED pseudo codes have been modified. This update is to provide clarity and facilitate the development of interoperable implementations. The SEED algorithm itself has not been changed. This specification updates RFC 4009 in the following areas:  Pseudo code changes. The pseudo code in Section 2 of RFC 4009 is insufficient for the explanation of the structure of SEED. Thus, detailed pseudo code is introduced.  Some corrections of errata, which are the definitions of R1', Z, X, and SSboxes. 1.2. SEED Overview SEED is a 128bit symmetric key block cipher that has been developed by KISA (Korea Information Security Agency) since 1998. SEED is a national standard encryption algorithm in the Republic of Korea [TTASSEED] and is designed to use the Sboxes and permutations that balance with the current computing technology. It has the Feistel structure with 16round and is strong against DC (Differential Cryptanalysis), LC (Linear Cryptanalysis), and related key attacks, balanced with security/efficiency tradeoff. The features of SEED are outlined as follows:  The Feistel structure with 16round  128bit input/output data block size  128bit key length  A round function that is strong against known attacks  Two 8x8 Sboxes  Mixed operations of XOR and modular addition SEED has been widely used in the Republic of Korea for confidential services such as electronic commerce; e.g., financial services provided in wired and wireless communication. Lee, et al. Informational [Page 2] RFC 4269 The SEED Encryption Algorithm December 2005 1.3. Notation The following notation is used in the description of the SEED encryption algorithm: & bitwise AND ^ bitwise exclusive OR + addition in modular 2**32  subtraction in modular 2**32  concatenation << n left circular rotation by n bits >> n right circular rotation by n bits 0x hexadecimal representation 2. The Structure of SEED The input/output block size of SEED is 128 bits, and the key length is also 128 bits. SEED has the 16round Feistel structure. A 128bit input is divided into two 64bit blocks (L, R), and the right 64bit block is an input to the round function F, with a 64bit subkey Ki generated from the key schedule. L is the most significant 64 bits of 128bit input, and R is the least significant 64 bits. A pseudo code for the structure of SEED is as follows: Input : (L, R) for i = 1 to 15 T = R; R = L ^ F(Ki, R); L = T; L = L ^ F(K16, R), R=R Output : (L, R) Where T is a temporary. 2.1. The Round Function F SEED uses two 8x8 Sboxes, permutations, rotations, and basic modular operations such as exclusive OR (XOR) and additions to provide strongShow full document text