The SEED Encryption Algorithm
RFC 4269

Document Type RFC - Informational (December 2005; No errata)
Obsoletes RFC 4009
Was draft-lee-rfc4009bis (individual in sec area)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4269 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to
Network Working Group                                           H.J. Lee
Request for Comments: 4269                                      S.J. Lee
Obsoletes: 4009                                                J.H. Yoon
Category: Informational                                       D.H. Cheon
                                                                J.I. Lee
                                                           December 2005

                     The SEED Encryption Algorithm

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).


   This document describes the SEED encryption algorithm, which has been
   adopted by most of the security systems in the Republic of Korea.
   Included are a description of the encryption and the key scheduling
   algorithm (Section 2), the S-boxes (Appendix A), and a set of test
   vectors (Appendix B).

   This document obsoletes RFC 4009.

Lee, et al.                  Informational                      [Page 1]
RFC 4269             The SEED Encryption Algorithm         December 2005

1.  Introduction

1.1. Changes from RFC 4009

   This specification obsoletes RFC 4009, because RFC 4009 had ambiguous
   function and SS-boxes definitions cryptographically.  Thus, some
   definitions have been changed, and for better understanding, the SEED
   pseudo codes have been modified.  This update is to provide clarity
   and facilitate the development of interoperable implementations.  The
   SEED algorithm itself has not been changed.

   This specification updates RFC 4009 in the following areas:

     -  Pseudo code changes.  The pseudo code in Section 2 of RFC 4009
        is insufficient for the explanation of the structure of SEED.
        Thus, detailed pseudo code is introduced.

     -  Some corrections of errata, which are the definitions of R1', Z,
        X, and SS-boxes.

1.2.  SEED Overview

   SEED is a 128-bit symmetric key block cipher that has been developed
   by KISA (Korea Information Security Agency) since 1998.  SEED is a
   national standard encryption algorithm in the Republic of Korea
   [TTASSEED] and is designed to use the S-boxes and permutations that
   balance with the current computing technology.  It has the Feistel
   structure with 16-round and is strong against DC (Differential
   Cryptanalysis), LC (Linear Cryptanalysis), and related key attacks,
   balanced with security/efficiency trade-off.

   The features of SEED are outlined as follows:

     -  The Feistel structure with 16-round
     -  128-bit input/output data block size
     -  128-bit key length
     -  A round function that is strong against known attacks
     -  Two 8x8 S-boxes
     -  Mixed operations of XOR and modular addition

   SEED has been widely used in the Republic of Korea for confidential
   services such as electronic commerce; e.g., financial services
   provided in wired and wireless communication.

Lee, et al.                  Informational                      [Page 2]
RFC 4269             The SEED Encryption Algorithm         December 2005

1.3.  Notation

   The following notation is used in the description of the SEED
   encryption algorithm:

      &             bitwise AND
      ^             bitwise exclusive OR
      +             addition in modular 2**32
      -             subtraction in modular 2**32
      ||            concatenation
      << n          left circular rotation by n bits
      >> n          right circular rotation by n bits
      0x            hexadecimal representation

2.  The Structure of SEED

   The input/output block size of SEED is 128 bits, and the key length
   is also 128 bits.  SEED has the 16-round Feistel structure.  A
   128-bit input is divided into two 64-bit blocks (L, R), and the right
   64-bit block is an input to the round function F, with a 64-bit
   subkey Ki generated from the key schedule.  L is the most significant
   64 bits of 128-bit input, and R is the least significant 64 bits.

   A pseudo code for the structure of SEED is as follows:

        Input : (L, R)

        for i = 1 to 15

            T = R;
            R = L ^ F(Ki, R);
            L = T;

        L = L ^ F(K16, R), R=R

        Output : (L, R)

        Where T is a temporary.

2.1.  The Round Function F

   SEED uses two 8x8 S-boxes, permutations, rotations, and basic modular
   operations such as exclusive OR (XOR) and additions to provide strong
   security, high speed, and simplicity in its implementation.

   A 64-bit input block of the round function F is divided into two
   32-bit blocks (R0, R1) and wrapped with 4 phases:

Lee, et al.                  Informational                      [Page 3]
RFC 4269             The SEED Encryption Algorithm         December 2005
Show full document text