diff options
Diffstat (limited to 'doc/rfc/rfc4269.txt')
-rw-r--r-- | doc/rfc/rfc4269.txt | 899 |
1 files changed, 899 insertions, 0 deletions
diff --git a/doc/rfc/rfc4269.txt b/doc/rfc/rfc4269.txt new file mode 100644 index 0000000..8a910aa --- /dev/null +++ b/doc/rfc/rfc4269.txt @@ -0,0 +1,899 @@ + + + + + + +Network Working Group H.J. Lee +Request for Comments: 4269 S.J. Lee +Obsoletes: 4009 J.H. Yoon +Category: Informational D.H. Cheon + J.I. Lee + KISA + December 2005 + + + The SEED Encryption Algorithm + +Status of This Memo + + This memo provides information for the Internet community. It does + not specify an Internet standard of any kind. Distribution of this + memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2005). + +Abstract + + This document describes the SEED encryption algorithm, which has been + adopted by most of the security systems in the Republic of Korea. + Included are a description of the encryption and the key scheduling + algorithm (Section 2), the S-boxes (Appendix A), and a set of test + vectors (Appendix B). + + This document obsoletes RFC 4009. + + + + + + + + + + + + + + + + + + + + + +Lee, et al. Informational [Page 1] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +1. Introduction + +1.1. Changes from RFC 4009 + + This specification obsoletes RFC 4009, because RFC 4009 had ambiguous + function and SS-boxes definitions cryptographically. Thus, some + definitions have been changed, and for better understanding, the SEED + pseudo codes have been modified. This update is to provide clarity + and facilitate the development of interoperable implementations. The + SEED algorithm itself has not been changed. + + This specification updates RFC 4009 in the following areas: + + - Pseudo code changes. The pseudo code in Section 2 of RFC 4009 + is insufficient for the explanation of the structure of SEED. + Thus, detailed pseudo code is introduced. + + - Some corrections of errata, which are the definitions of R1', Z, + X, and SS-boxes. + +1.2. SEED Overview + + SEED is a 128-bit symmetric key block cipher that has been developed + by KISA (Korea Information Security Agency) since 1998. SEED is a + national standard encryption algorithm in the Republic of Korea + [TTASSEED] and is designed to use the S-boxes and permutations that + balance with the current computing technology. It has the Feistel + structure with 16-round and is strong against DC (Differential + Cryptanalysis), LC (Linear Cryptanalysis), and related key attacks, + balanced with security/efficiency trade-off. + + The features of SEED are outlined as follows: + + - The Feistel structure with 16-round + - 128-bit input/output data block size + - 128-bit key length + - A round function that is strong against known attacks + - Two 8x8 S-boxes + - Mixed operations of XOR and modular addition + + SEED has been widely used in the Republic of Korea for confidential + services such as electronic commerce; e.g., financial services + provided in wired and wireless communication. + + + + + + + + +Lee, et al. Informational [Page 2] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +1.3. Notation + + The following notation is used in the description of the SEED + encryption algorithm: + + & bitwise AND + ^ bitwise exclusive OR + + addition in modular 2**32 + - subtraction in modular 2**32 + || concatenation + << n left circular rotation by n bits + >> n right circular rotation by n bits + 0x hexadecimal representation + +2. The Structure of SEED + + The input/output block size of SEED is 128 bits, and the key length + is also 128 bits. SEED has the 16-round Feistel structure. A + 128-bit input is divided into two 64-bit blocks (L, R), and the right + 64-bit block is an input to the round function F, with a 64-bit + subkey Ki generated from the key schedule. L is the most significant + 64 bits of 128-bit input, and R is the least significant 64 bits. + + A pseudo code for the structure of SEED is as follows: + + Input : (L, R) + + for i = 1 to 15 + + T = R; + R = L ^ F(Ki, R); + L = T; + + L = L ^ F(K16, R), R=R + + Output : (L, R) + + Where T is a temporary. + +2.1. The Round Function F + + SEED uses two 8x8 S-boxes, permutations, rotations, and basic modular + operations such as exclusive OR (XOR) and additions to provide strong + security, high speed, and simplicity in its implementation. + + A 64-bit input block of the round function F is divided into two + 32-bit blocks (R0, R1) and wrapped with 4 phases: + + + + +Lee, et al. Informational [Page 3] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + + - A mixing phase of two 32-bit subkey blocks (Ki0, Ki1) + - 3 layers of function G (see Section 2.2), with additions for + mixing two 32-bit blocks + + Where R0 is the most significant 32 bits of R, and R1 is the least + significant 32 bits. + + The outputs (R0', R1') of function F are as follows: + + R0' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) ^ + (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + + R1' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) ^ + (R1 ^ Ki1)]] + +2.2. The Function G + + The function G has two layers: a layer of two 8x8 S-boxes and a layer + of block permutation of sixteen 8-bit sub-blocks. The outputs Z (= + Z3 || Z2 || Z1 || Z0) of the function G with four 8-bit inputs X (= + X3 || X2 || X1 || X0) are as follows: + + Z0 = {S0(X0) & m0} ^ {S1(X1) & m1} ^ {S0(X2) & m2} ^ {S1(X3) & m3} + Z1 = {S0(X0) & m1} ^ {S1(X1) & m2} ^ {S0(X2) & m3} ^ {S1(X3) & m0} + Z2 = {S0(X0) & m2} ^ {S1(X1) & m3} ^ {S0(X2) & m0} ^ {S1(X3) & m1} + Z3 = {S0(X0) & m3} ^ {S1(X1) & m0} ^ {S0(X2) & m1} ^ {S1(X3) & m2} + + where m0 = 0xFC, m1 = 0xF3, m2 = 0xCF, and m3 = 0x3F. + + To increase the efficiency of G function, four extended S-boxes + "SS-box" (see Appendix A.2) are defined as follows: + + SS0(X0)= {S0(X0)& m3} || {S0(X0)& m2} || {S0(X0)& m1} || {S0(X0)& m0} + SS1(X1)= {S1(X1)& m0} || {S1(X1)& m3} || {S1(X1)& m2} || {S1(X1)& m1} + SS2(X2)= {S0(X2)& m1} || {S0(X2)& m0} || {S0(X2)& m3} || {S0(X2)& m2} + SS3(X3)= {S1(X3)& m2} || {S1(X3)& m1} || {S1(X3)& m0} || {S1(X3)& m3} + + New G function, Z, can be defined as follows: + + Z = SS0(X0) ^ SS1(X1) ^ SS2(X2) ^ SS3(X3) + + This new G function is faster than the original G function but takes + more memory to store four SS-boxes. + + + + + + + + +Lee, et al. Informational [Page 4] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +2.3. Key Schedule + + The key schedule generates each round's subkeys. It uses the + function G, addition in modular 2**32, subtraction in modular 2**32, + and (left/right) circular rotation. A 128-bit input key is divided + into four 32-bit blocks (Key0, Key1, Key2, Key3). The two 32-bit + subkeys of the ith round, Ki0 and Ki1, are generated as follows: + + - Type 1 : Odd round + Ki0 = G(Key0 + Key2 - KCi) + Ki1 = G(Key1 - Key3 + KCi) + Key0 || Key1 = (Key0 || Key1) >> 8 + + - Type 2 : Even round + Ki0 = G(Key0 + Key2 - KCi) + Ki1 = G(Key1 - Key3 + KCi) + Key2 || Key3 = (Key2 || Key3) << 8 + + Where Ki0 is the most significant 32 bits of Ki, and Ki1 is the least + significant 32 bits of Ki (where i=0,...,3). + + The following table shows constants used in KCi: + + i | Value i | Value + ============================================ + KC1 | 0x9E3779B9 KC2 | 0x3C6EF373 + KC3 | 0x78DDE6E6 KC4 | 0xF1BBCDCC + KC5 | 0xE3779B99 KC6 | 0xC6EF3733 + KC7 | 0x8DDE6E67 KC8 | 0x1BBCDCCF + KC9 | 0x3779B99E KC10 | 0x6EF3733C + KC11 | 0xDDE6E678 KC12 | 0xBBCDCCF1 + KC13 | 0x779B99E3 KC14 | 0xEF3733C6 + KC15 | 0xDE6E678D KC16 | 0xBCDCCF1B + + A pseudo code for the key schedule is as follows: + + Input : (Key0, Key1, Key2, Key3) + + for i = 1 to 16 + Ki0 = G(Key0 + Key2 - KCi) + Ki1 = G(Key1 - Key3 + KCi) + if i is odd + Key0 || Key1 = (Key0 || Key1) >> 8 + else + Key2 || Key3 = (Key2 || Key3) << 8 + + Output : (Keyi0, Keyi1), i=1 to 16 + + + + +Lee, et al. Informational [Page 5] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +2.4. Decryption Procedure + + Decryption procedure is the reverse step of the encryption procedure. + It can be implemented by using the encryption algorithm with reverse + order of the round subkeys. + +2.5. SEED Object Identifiers + + For those who may be using SEED in algorithm negotiation within a + protocol, or in any other context that may require the use of Object + Identifiers (OIDs), the following three OIDs have been defined. + + algorithm OBJECT IDENTIFIER ::= { iso(1) member-body(2) korea(410) + kisa(200004) algorithm(1) } + + id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) } + + seedCBCParameter ::= OCTET STRING (SIZE(16)) + -- 128-bit Initialization Vector + + The id-seedCBC OID is used when the Cipher Block Chaining (CBC) mode + of operation based on the SEED block cipher is provided. + + id-seedMAC OBJECT IDENTIFIER ::= { algorithm seedMAC(7) } + + seedMACParameter ::= INTEGER -- MAC length, in bits + + The id-seedMAC OID is used when the message authentication code (MAC) + algorithm based on the SEED block cipher is provided. + + pbeWithSHA1AndSEED-CBC OBJECT IDENTIFIER ::= + { algorithm seedCBCwithSHA1(15) } + + PBEParameters ::= SEQUENCE { salt OCTET STRING, iteration + INTEGER } -- Total number of hash iterations + + This OID is used when a password-based encryption in CBC mode based + on SHA-1 and the SEED block cipher is provided. The details of the + Password-Based Encryption (PBE) computation are well described in + Section 6.1 of [RFC2898]. + +3. Security Considerations + + No security problem has been found on SEED. See [ISOSEED] and + [CRYPTREC]. + + + + + + +Lee, et al. Informational [Page 6] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +4. References + +4.1. Normative References + + [TTASSEED] Telecommunications Technology Association(TTA),"128-bit + Symmetric Block Cipher (SEED)", TTAS.KO-12.0004, + September, 1998 (In Korean) + http://www.tta.or.kr/English/new/main/index.htm + + [RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography + Specification Version 2.0", RFC 2898, September 2000. + +4.2. Informative References + + [ISOSEED] ISO/IEC, ISO/IEC JTC1/SC 27 N 256r1, "National Body + contributions on NP 18033 Encryption algorithms in + response to document SC 27 N 2563", October, 2000 + + [CRYPTREC] Information-technology Promotion Agency (IPA), Japan, + CRYPTREC. "SEED Evaluation Report", February, 2002 + http://www.kisa.or.kr/seed/data/Document_pdf/ + SEED_Evaluation_Report_by_CRYPTREC.pdf + +5. Acknowledgements + + Alfred Hoenes (ah@tr-sys.de) has contributed significantly to work on + the definitions of R1', Z, X, and SS-boxes. Thanks for his + contribution to this document. + + + + + + + + + + + + + + + + + + + + + + + +Lee, et al. Informational [Page 7] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +6. Authors' Addresses + + Hyangjin Lee + Korea Information Security Agency + 78, Garak-Dong, Songpa-Gu, Seoul, 138-803 + REPUBLIC OF KOREA + + Phone: +82-2-405-5446 + Fax: +82-2-405-5319 + EMail: jiinii@kisa.or.kr + + + Sungjae Lee + Korea Information Security Agency + + Phone: +82-2-405-5243 + Fax: +82-2-405-5499 + EMail: sjlee@kisa.or.kr + + + Jaeho Yoon + Korea Information Security Agency + + Phone: +82-2-405-5434 + FAX: +82-2-405-5219 + EMail: jhyoon@kisa.or.kr + + + Donghyeon Cheon + SEC Laboratory + + Phone: +82-31-788-3161 + FAX: +82-31-707-4017 + EMail: dhcheon@mmaa.or.kr + + + Jaeil Lee + Korea Information Security Agency + + Phone: +82-2-405-5300 + FAX: +82-2-405-5219 + EMail: jilee@kisa.or.kr + + + + + + + + + +Lee, et al. Informational [Page 8] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +Appendix A. S-Boxes + + In this part, all data are hexadecimal numbers (not prefixed by + "0x"). + +A.1. S-Boxes(two original S-boxes) + + - S-Box S0 + + A9, 85, D6, D3, 54, 1D, AC, 25, 5D, 43, 18, 1E, 51, FC, CA, 63, 28, + 44, 20, 9D, E0, E2, C8, 17, A5, 8F, 03, 7B, BB, 13, D2, EE, 70, 8C, + 3F, A8, 32, DD, F6, 74, EC, 95, 0B, 57, 5C, 5B, BD, 01, 24, 1C, 73, + 98, 10, CC, F2, D9, 2C, E7, 72, 83, 9B, D1, 86, C9, 60, 50, A3, EB, + 0D, B6, 9E, 4F, B7, 5A, C6, 78, A6, 12, AF, D5, 61, C3, B4, 41, 52, + 7D, 8D, 08, 1F, 99, 00, 19, 04, 53, F7, E1, FD, 76, 2F, 27, B0, 8B, + 0E, AB, A2, 6E, 93, 4D, 69, 7C, 09, 0A, BF, EF, F3, C5, 87, 14, FE, + 64, DE, 2E, 4B, 1A, 06, 21, 6B, 66, 02, F5, 92, 8A, 0C, B3, 7E, D0, + 7A, 47, 96, E5, 26, 80, AD, DF, A1, 30, 37, AE, 36, 15, 22, 38, F4, + A7, 45, 4C, 81, E9, 84, 97, 35, CB, CE, 3C, 71, 11, C7, 89, 75, FB, + DA, F8, 94, 59, 82, C4, FF, 49, 39, 67, C0, CF, D7, B8, 0F, 8E, 42, + 23, 91, 6C, DB, A4, 34, F1, 48, C2, 6F, 3D, 2D, 40, BE, 3E, BC, C1, + AA, BA, 4E, 55, 3B, DC, 68, 7F, 9C, D8, 4A, 56, 77, A0, ED, 46, B5, + 2B, 65, FA, E3, B9, B1, 9F, 5E, F9, E6, B2, 31, EA, 6D, 5F, E4, F0, + CD, 88, 16, 3A, 58, D4, 62, 29, 07, 33, E8, 1B, 05, 79, 90, 6A, 2A, + 9A + + - S-Box S1 + + 38, E8, 2D, A6, CF, DE, B3, B8, AF, 60, 55, C7, 44, 6F, 6B, 5B, C3, + 62, 33, B5, 29, A0, E2, A7, D3, 91, 11, 06, 1C, BC, 36, 4B, EF, 88, + 6C, A8, 17, C4, 16, F4, C2, 45, E1, D6, 3F, 3D, 8E, 98, 28, 4E, F6, + 3E, A5, F9, 0D, DF, D8, 2B, 66, 7A, 27, 2F, F1, 72, 42, D4, 41, C0, + 73, 67, AC, 8B, F7, AD, 80, 1F, CA, 2C, AA, 34, D2, 0B, EE, E9, 5D, + 94, 18, F8, 57, AE, 08, C5, 13, CD, 86, B9, FF, 7D, C1, 31, F5, 8A, + 6A, B1, D1, 20, D7, 02, 22, 04, 68, 71, 07, DB, 9D, 99, 61, BE, E6, + 59, DD, 51, 90, DC, 9A, A3, AB, D0, 81, 0F, 47, 1A, E3, EC, 8D, BF, + 96, 7B, 5C, A2, A1, 63, 23, 4D, C8, 9E, 9C, 3A, 0C, 2E, BA, 6E, 9F, + 5A, F2, 92, F3, 49, 78, CC, 15, FB, 70, 75, 7F, 35, 10, 03, 64, 6D, + C6, 74, D5, B4, EA, 09, 76, 19, FE, 40, 12, E0, BD, 05, FA, 01, F0, + 2A, 5E, A9, 56, 43, 85, 14, 89, 9B, B0, E5, 48, 79, 97, FC, 1E, 82, + 21, 8C, 1B, 5F, 77, 54, B2, 1D, 25, 4F, 00, 46, ED, 58, 52, EB, 7E, + DA, C9, FD, 30, 95, 65, 3C, B6, E4, BB, 7C, 0E, 50, 39, 26, 32, 84, + 69, 93, 37, E7, 24, A4, CB, 53, 0A, 87, D9, 4C, 83, 8F, CE, 3B, 4A, + B7 + + + + + + + +Lee, et al. Informational [Page 9] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +A.2. S-Boxes (four extended S-boxes) + +- S-Box SS0 + +2989A1A8,05858184,16C6D2D4,13C3D3D0,14445054,1D0D111C,2C8CA0AC,25052124, +1D4D515C,03434340,18081018,1E0E121C,11415150,3CCCF0FC,0ACAC2C8,23436360, +28082028,04444044,20002020,1D8D919C,20C0E0E0,22C2E2E0,08C8C0C8,17071314, +2585A1A4,0F8F838C,03030300,3B4B7378,3B8BB3B8,13031310,12C2D2D0,2ECEE2EC, +30407070,0C8C808C,3F0F333C,2888A0A8,32023230,1DCDD1DC,36C6F2F4,34447074, +2CCCE0EC,15859194,0B0B0308,17475354,1C4C505C,1B4B5358,3D8DB1BC,01010100, +24042024,1C0C101C,33437370,18889098,10001010,0CCCC0CC,32C2F2F0,19C9D1D8, +2C0C202C,27C7E3E4,32427270,03838380,1B8B9398,11C1D1D0,06868284,09C9C1C8, +20406060,10405050,2383A3A0,2BCBE3E8,0D0D010C,3686B2B4,1E8E929C,0F4F434C, +3787B3B4,1A4A5258,06C6C2C4,38487078,2686A2A4,12021210,2F8FA3AC,15C5D1D4, +21416160,03C3C3C0,3484B0B4,01414140,12425250,3D4D717C,0D8D818C,08080008, +1F0F131C,19899198,00000000,19091118,04040004,13435350,37C7F3F4,21C1E1E0, +3DCDF1FC,36467274,2F0F232C,27072324,3080B0B0,0B8B8388,0E0E020C,2B8BA3A8, +2282A2A0,2E4E626C,13839390,0D4D414C,29496168,3C4C707C,09090108,0A0A0208, +3F8FB3BC,2FCFE3EC,33C3F3F0,05C5C1C4,07878384,14041014,3ECEF2FC,24446064, +1ECED2DC,2E0E222C,0B4B4348,1A0A1218,06060204,21012120,2B4B6368,26466264, +02020200,35C5F1F4,12829290,0A8A8288,0C0C000C,3383B3B0,3E4E727C,10C0D0D0, +3A4A7278,07474344,16869294,25C5E1E4,26062224,00808080,2D8DA1AC,1FCFD3DC, +2181A1A0,30003030,37073334,2E8EA2AC,36063234,15051114,22022220,38083038, +34C4F0F4,2787A3A4,05454144,0C4C404C,01818180,29C9E1E8,04848084,17879394, +35053134,0BCBC3C8,0ECEC2CC,3C0C303C,31417170,11011110,07C7C3C4,09898188, +35457174,3BCBF3F8,1ACAD2D8,38C8F0F8,14849094,19495158,02828280,04C4C0C4, +3FCFF3FC,09494148,39093138,27476364,00C0C0C0,0FCFC3CC,17C7D3D4,3888B0B8, +0F0F030C,0E8E828C,02424240,23032320,11819190,2C4C606C,1BCBD3D8,2484A0A4, +34043034,31C1F1F0,08484048,02C2C2C0,2F4F636C,3D0D313C,2D0D212C,00404040, +3E8EB2BC,3E0E323C,3C8CB0BC,01C1C1C0,2A8AA2A8,3A8AB2B8,0E4E424C,15455154, +3B0B3338,1CCCD0DC,28486068,3F4F737C,1C8C909C,18C8D0D8,0A4A4248,16465254, +37477374,2080A0A0,2DCDE1EC,06464244,3585B1B4,2B0B2328,25456164,3ACAF2F8, +23C3E3E0,3989B1B8,3181B1B0,1F8F939C,1E4E525C,39C9F1F8,26C6E2E4,3282B2B0, +31013130,2ACAE2E8,2D4D616C,1F4F535C,24C4E0E4,30C0F0F0,0DCDC1CC,08888088, +16061214,3A0A3238,18485058,14C4D0D4,22426260,29092128,07070304,33033330, +28C8E0E8,1B0B1318,05050104,39497178,10809090,2A4A6268,2A0A2228,1A8A9298 + +- S-Box SS1 + +38380830,E828C8E0,2C2D0D21,A42686A2,CC0FCFC3,DC1ECED2,B03383B3,B83888B0, +AC2F8FA3,60204060,54154551,C407C7C3,44044440,6C2F4F63,682B4B63,581B4B53, +C003C3C3,60224262,30330333,B43585B1,28290921,A02080A0,E022C2E2,A42787A3, +D013C3D3,90118191,10110111,04060602,1C1C0C10,BC3C8CB0,34360632,480B4B43, +EC2FCFE3,88088880,6C2C4C60,A82888A0,14170713,C404C4C0,14160612,F434C4F0, +C002C2C2,44054541,E021C1E1,D416C6D2,3C3F0F33,3C3D0D31,8C0E8E82,98188890, +28280820,4C0E4E42,F436C6F2,3C3E0E32,A42585A1,F839C9F1,0C0D0D01,DC1FCFD3, +D818C8D0,282B0B23,64264662,783A4A72,24270723,2C2F0F23,F031C1F1,70324272, +40024242,D414C4D0,40014141,C000C0C0,70334373,64274763,AC2C8CA0,880B8B83, + + + +Lee, et al. Informational [Page 10] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +F437C7F3,AC2D8DA1,80008080,1C1F0F13,C80ACAC2,2C2C0C20,A82A8AA2,34340430, +D012C2D2,080B0B03,EC2ECEE2,E829C9E1,5C1D4D51,94148490,18180810,F838C8F0, +54174753,AC2E8EA2,08080800,C405C5C1,10130313,CC0DCDC1,84068682,B83989B1, +FC3FCFF3,7C3D4D71,C001C1C1,30310131,F435C5F1,880A8A82,682A4A62,B03181B1, +D011C1D1,20200020,D417C7D3,00020202,20220222,04040400,68284860,70314171, +04070703,D81BCBD3,9C1D8D91,98198991,60214161,BC3E8EB2,E426C6E2,58194951, +DC1DCDD1,50114151,90108090,DC1CCCD0,981A8A92,A02383A3,A82B8BA3,D010C0D0, +80018181,0C0F0F03,44074743,181A0A12,E023C3E3,EC2CCCE0,8C0D8D81,BC3F8FB3, +94168692,783B4B73,5C1C4C50,A02282A2,A02181A1,60234363,20230323,4C0D4D41, +C808C8C0,9C1E8E92,9C1C8C90,383A0A32,0C0C0C00,2C2E0E22,B83A8AB2,6C2E4E62, +9C1F8F93,581A4A52,F032C2F2,90128292,F033C3F3,48094941,78384870,CC0CCCC0, +14150511,F83BCBF3,70304070,74354571,7C3F4F73,34350531,10100010,00030303, +64244460,6C2D4D61,C406C6C2,74344470,D415C5D1,B43484B0,E82ACAE2,08090901, +74364672,18190911,FC3ECEF2,40004040,10120212,E020C0E0,BC3D8DB1,04050501, +F83ACAF2,00010101,F030C0F0,282A0A22,5C1E4E52,A82989A1,54164652,40034343, +84058581,14140410,88098981,981B8B93,B03080B0,E425C5E1,48084840,78394971, +94178793,FC3CCCF0,1C1E0E12,80028282,20210121,8C0C8C80,181B0B13,5C1F4F53, +74374773,54144450,B03282B2,1C1D0D11,24250521,4C0F4F43,00000000,44064642, +EC2DCDE1,58184850,50124252,E82BCBE3,7C3E4E72,D81ACAD2,C809C9C1,FC3DCDF1, +30300030,94158591,64254561,3C3C0C30,B43686B2,E424C4E0,B83B8BB3,7C3C4C70, +0C0E0E02,50104050,38390931,24260622,30320232,84048480,68294961,90138393, +34370733,E427C7E3,24240420,A42484A0,C80BCBC3,50134353,080A0A02,84078783, +D819C9D1,4C0C4C40,80038383,8C0F8F83,CC0ECEC2,383B0B33,480A4A42,B43787B3 + +- S-Box SS2 + +A1A82989,81840585,D2D416C6,D3D013C3,50541444,111C1D0D,A0AC2C8C,21242505, +515C1D4D,43400343,10181808,121C1E0E,51501141,F0FC3CCC,C2C80ACA,63602343, +20282808,40440444,20202000,919C1D8D,E0E020C0,E2E022C2,C0C808C8,13141707, +A1A42585,838C0F8F,03000303,73783B4B,B3B83B8B,13101303,D2D012C2,E2EC2ECE, +70703040,808C0C8C,333C3F0F,A0A82888,32303202,D1DC1DCD,F2F436C6,70743444, +E0EC2CCC,91941585,03080B0B,53541747,505C1C4C,53581B4B,B1BC3D8D,01000101, +20242404,101C1C0C,73703343,90981888,10101000,C0CC0CCC,F2F032C2,D1D819C9, +202C2C0C,E3E427C7,72703242,83800383,93981B8B,D1D011C1,82840686,C1C809C9, +60602040,50501040,A3A02383,E3E82BCB,010C0D0D,B2B43686,929C1E8E,434C0F4F, +B3B43787,52581A4A,C2C406C6,70783848,A2A42686,12101202,A3AC2F8F,D1D415C5, +61602141,C3C003C3,B0B43484,41400141,52501242,717C3D4D,818C0D8D,00080808, +131C1F0F,91981989,00000000,11181909,00040404,53501343,F3F437C7,E1E021C1, +F1FC3DCD,72743646,232C2F0F,23242707,B0B03080,83880B8B,020C0E0E,A3A82B8B, +A2A02282,626C2E4E,93901383,414C0D4D,61682949,707C3C4C,01080909,02080A0A, +B3BC3F8F,E3EC2FCF,F3F033C3,C1C405C5,83840787,10141404,F2FC3ECE,60642444, +D2DC1ECE,222C2E0E,43480B4B,12181A0A,02040606,21202101,63682B4B,62642646, +02000202,F1F435C5,92901282,82880A8A,000C0C0C,B3B03383,727C3E4E,D0D010C0, +72783A4A,43440747,92941686,E1E425C5,22242606,80800080,A1AC2D8D,D3DC1FCF, +A1A02181,30303000,33343707,A2AC2E8E,32343606,11141505,22202202,30383808, +F0F434C4,A3A42787,41440545,404C0C4C,81800181,E1E829C9,80840484,93941787, +31343505,C3C80BCB,C2CC0ECE,303C3C0C,71703141,11101101,C3C407C7,81880989, +71743545,F3F83BCB,D2D81ACA,F0F838C8,90941484,51581949,82800282,C0C404C4, + + + +Lee, et al. Informational [Page 11] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +F3FC3FCF,41480949,31383909,63642747,C0C000C0,C3CC0FCF,D3D417C7,B0B83888, +030C0F0F,828C0E8E,42400242,23202303,91901181,606C2C4C,D3D81BCB,A0A42484, +30343404,F1F031C1,40480848,C2C002C2,636C2F4F,313C3D0D,212C2D0D,40400040, +B2BC3E8E,323C3E0E,B0BC3C8C,C1C001C1,A2A82A8A,B2B83A8A,424C0E4E,51541545, +33383B0B,D0DC1CCC,60682848,737C3F4F,909C1C8C,D0D818C8,42480A4A,52541646, +73743747,A0A02080,E1EC2DCD,42440646,B1B43585,23282B0B,61642545,F2F83ACA, +E3E023C3,B1B83989,B1B03181,939C1F8F,525C1E4E,F1F839C9,E2E426C6,B2B03282, +31303101,E2E82ACA,616C2D4D,535C1F4F,E0E424C4,F0F030C0,C1CC0DCD,80880888, +12141606,32383A0A,50581848,D0D414C4,62602242,21282909,03040707,33303303, +E0E828C8,13181B0B,01040505,71783949,90901080,62682A4A,22282A0A,92981A8A + +- S-Box SS3 + +08303838,C8E0E828,0D212C2D,86A2A426,CFC3CC0F,CED2DC1E,83B3B033,88B0B838, +8FA3AC2F,40606020,45515415,C7C3C407,44404404,4F636C2F,4B63682B,4B53581B, +C3C3C003,42626022,03333033,85B1B435,09212829,80A0A020,C2E2E022,87A3A427, +C3D3D013,81919011,01111011,06020406,0C101C1C,8CB0BC3C,06323436,4B43480B, +CFE3EC2F,88808808,4C606C2C,88A0A828,07131417,C4C0C404,06121416,C4F0F434, +C2C2C002,45414405,C1E1E021,C6D2D416,0F333C3F,0D313C3D,8E828C0E,88909818, +08202828,4E424C0E,C6F2F436,0E323C3E,85A1A425,C9F1F839,0D010C0D,CFD3DC1F, +C8D0D818,0B23282B,46626426,4A72783A,07232427,0F232C2F,C1F1F031,42727032, +42424002,C4D0D414,41414001,C0C0C000,43737033,47636427,8CA0AC2C,8B83880B, +C7F3F437,8DA1AC2D,80808000,0F131C1F,CAC2C80A,0C202C2C,8AA2A82A,04303434, +C2D2D012,0B03080B,CEE2EC2E,C9E1E829,4D515C1D,84909414,08101818,C8F0F838, +47535417,8EA2AC2E,08000808,C5C1C405,03131013,CDC1CC0D,86828406,89B1B839, +CFF3FC3F,4D717C3D,C1C1C001,01313031,C5F1F435,8A82880A,4A62682A,81B1B031, +C1D1D011,00202020,C7D3D417,02020002,02222022,04000404,48606828,41717031, +07030407,CBD3D81B,8D919C1D,89919819,41616021,8EB2BC3E,C6E2E426,49515819, +CDD1DC1D,41515011,80909010,CCD0DC1C,8A92981A,83A3A023,8BA3A82B,C0D0D010, +81818001,0F030C0F,47434407,0A12181A,C3E3E023,CCE0EC2C,8D818C0D,8FB3BC3F, +86929416,4B73783B,4C505C1C,82A2A022,81A1A021,43636023,03232023,4D414C0D, +C8C0C808,8E929C1E,8C909C1C,0A32383A,0C000C0C,0E222C2E,8AB2B83A,4E626C2E, +8F939C1F,4A52581A,C2F2F032,82929012,C3F3F033,49414809,48707838,CCC0CC0C, +05111415,CBF3F83B,40707030,45717435,4F737C3F,05313435,00101010,03030003, +44606424,4D616C2D,C6C2C406,44707434,C5D1D415,84B0B434,CAE2E82A,09010809, +46727436,09111819,CEF2FC3E,40404000,02121012,C0E0E020,8DB1BC3D,05010405, +CAF2F83A,01010001,C0F0F030,0A22282A,4E525C1E,89A1A829,46525416,43434003, +85818405,04101414,89818809,8B93981B,80B0B030,C5E1E425,48404808,49717839, +87939417,CCF0FC3C,0E121C1E,82828002,01212021,8C808C0C,0B13181B,4F535C1F, +47737437,44505414,82B2B032,0D111C1D,05212425,4F434C0F,00000000,46424406, +CDE1EC2D,48505818,42525012,CBE3E82B,4E727C3E,CAD2D81A,C9C1C809,CDF1FC3D, +00303030,85919415,45616425,0C303C3C,86B2B436,C4E0E424,8BB3B83B,4C707C3C, +0E020C0E,40505010,09313839,06222426,02323032,84808404,49616829,83939013, +07333437,C7E3E427,04202424,84A0A424,CBC3C80B,43535013,0A02080A,87838407, +C9D1D819,4C404C0C,83838003,8F838C0F,CEC2CC0E,0B33383B,4A42480A,87B3B437 + + + + + + +Lee, et al. Informational [Page 12] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +Appendix B. Test Vectors + + This appendix provides test vectors for the SEED cipher described in + this document. + + All data are hexadecimal numbers (not prefixed by "0x"). + +B.1. + + Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F + Ciphertext : 5E BA C6 E0 05 4E 16 68 19 AF F1 CC 6D 34 6C DB + + Intermediate Value + ------------------------------------------------------------------ + Ki0 Ki1 L0 L1 R0 R1 + ================================================================== + Round 1 : 7C8F8C7E C737A22C | 00010203 04050607 08090A0B 0C0D0E0F + Round 2 : FF276CDB A7CA684A | 08090A0B 0C0D0E0F 8081BC57 C4EA8A1F + Round 3 : 2F9D01A1 70049E41 | 8081BC57 C4EA8A1F 117A8B07 D7358C24 + Round 4 : AE59B3C4 4245E90C | 117A8B07 D7358C24 D1738C94 7326CAB0 + Round 5 : A1D6400F DBC1394E | D1738C94 7326CAB0 577ECE6D 1F8433EC + Round 6 : 85963508 0C5F1FCB | 577ECE6D 1F8433EC 910F62AB DDA096C1 + Round 7 : B684BDA7 61A4AEAE | 910F62AB DDA096C1 EA4D39B4 B17B1938 + Round 8 : D17E0741 FEE90AA1 | EA4D39B4 B17B1938 B04E251F 97D7442C + Round 9 : 76CC05D5 E97A7394 | B04E251F 97D7442C B86D31BF A5988C06 + Round 10 : 50AC6F92 1B2666E5 | B86D31BF A5988C06 9008EABF 38DF7430 + Round 11 : 65B7904A 8EC3A7B3 | 9008EABF 38DF7430 33E47DE0 54EFF76C + Round 12 : 2F7E2E22 A2B121B9 | 33E47DE0 54EFF76C 6BE9C434 BF3F378A + Round 13 : 4D0BFDE4 4E888D9B | 6BE9C434 BF3F378A B8DC3842 03A02D33 + Round 14 : 631C8DDC 4378A6C4 | B8DC3842 03A02D33 6679FCF7 9791DFCB + Round 15 : 216AF65F 7878C031 | 6679FCF7 9791DFCB 1A415792 A02B8C54 + Round 16 : 71891150 98B255B0 | 1A415792 A02B8C54 19AFF1CC 6D346CDB + +B.2. + + Key : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F + Plaintext : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + Ciphertext : C1 1F 22 F2 01 40 50 50 84 48 35 97 E4 37 0F 43 + + Intermediate Value + ------------------------------------------------------------------ + Ki0 Ki1 L0 L1 R0 R1 + ================================================================== + Round 1 : C119F584 5AE033A0 | 00000000 00000000 00000000 00000000 + Round 2 : 62947390 A600AD14 | 00000000 00000000 9D8DB62C 911F0C19 + Round 3 : F6F6544E 596C4B49 | 9D8DB62C 911F0C19 21229A97 4AB4B7B8 + Round 4 : C1A3DE02 CE483C49 | 21229A97 4AB4B7B8 5A27B404 899D7315 + + + +Lee, et al. Informational [Page 13] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + + Round 5 : 5E742E6D 7E25163D | 5A27B404 899D7315 B8489E76 BA0EF3EA + Round 6 : 8299D2B4 790A46CE | B8489E76 BA0EF3EA 04A3DF29 31A27FB4 + Round 7 : EA67D836 55F354F2 | 04A3DF29 31A27FB4 EC9C17BF 81AA2AA0 + Round 8 : C47329FB F50DB634 | EC9C17BF 81AA2AA0 4FA74E8D CDB21BB8 + Round 9 : 2BD30235 51679CE6 | 4FA74E8D CDB21BB8 D93492FE 4F71A4DA + Round 10 : FA8D6B76 A9F37E02 | D93492FE 4F71A4DA B14053D9 A911379B + Round 11 : 8B99CC60 0F6092D4 | B14053D9 A911379B 5A7024D6 3905668B + Round 12 : BDAEFCFA 489C2242 | 5A7024D6 3905668B 605C8C3A 73DFBB75 + Round 13 : F6357C14 CFCCB126 | 605C8C3A 73DFBB75 40282F39 31CB8987 + Round 14 : A0AA6D85 F8C10774 | 40282F39 31CB8987 E9F834A8 3B9586D4 + Round 15 : 47F4FEC5 353AE1BA | E9F834A8 3B9586D4 4B60324B 761C9958 + Round 16 : FECCEA48 A4EF9F9B | 4B60324B 761C9958 84483597 E4370F43 + +B.3. + + Key : 47 06 48 08 51 E6 1B E8 5D 74 BF B3 FD 95 61 85 + Plaintext : 83 A2 F8 A2 88 64 1F B9 A4 E9 A5 CC 2F 13 1C 7D + Ciphertext : EE 54 D1 3E BC AE 70 6D 22 6B C3 14 2C D4 0D 4A + + Intermediate Value + ------------------------------------------------------------------ + Ki0 Ki1 L0 L1 R0 R1 + ================================================================== + Round 1 : 56BE4A0F E9F62877 | 83A2F8A2 88641FB9 A4E9A5CC 2F131C7D + Round 2 : 68BCB66C 078911DD | A4E9A5CC 2F131C7D 7CE5F012 47F8C1E6 + Round 3 : 5B82740B FD24D09B | 7CE5F012 47F8C1E6 AAC99520 609F4CB7 + Round 4 : 8D608015 A120E0BE | AAC99520 609F4CB7 3E126D1F 44FA99F0 + Round 5 : 810A75AE 1BF223E5 | 3E126D1F 44FA99F0 11716365 9BA775AC + Round 6 : F9C0D2D0 0F676C02 | 11716365 9BA775AC 32C9838F BA5757CB + Round 7 : 8F9B5C84 8A7C8DDD | 32C9838F BA5757CB 77E00C64 CF9F6B32 + Round 8 : D4AB4896 18E93447 | 77E00C64 CF9F6B32 3F09B1F7 DE7D6D58 + Round 9 : CF090F51 5A4C8202 | 3F09B1F7 DE7D6D58 300E5CAA D0BF2345 + Round 10 : 4EC3196F 61B1A0DC | 300E5CAA D0BF2345 9574FDD7 4DF050D1 + Round 11 : 244E07C1 D0D10B12 | 9574FDD7 4DF050D1 A15EDA6F 624265FD + Round 12 : 69917C6C 7FF94FB3 | A15EDA6F 624265FD 9F39B682 D841C76F + Round 13 : 9A7EB482 723B5738 | 9F39B682 D841C76F EEBBAD8B C1F488EF + Round 14 : B97522C5 39CC6349 | EEBBAD8B C1F488EF 45CF5D4E BEEA4AA2 + Round 15 : FFC2AFD5 1412E731 | 45CF5D4E BEEA4AA2 43B7FE1B BCF87781 + Round 16 : A9AF7241 A3E67359 | 43B7FE1B BCF87781 226BC314 2CD40D4A + + + + + + + + + + + + +Lee, et al. Informational [Page 14] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +B.4. + + Key : 28 DB C3 BC 49 FF D8 7D CF A5 09 B1 1D 42 2B E7 + Plaintext : B4 1E 6B E2 EB A8 4A 14 8E 2E ED 84 59 3C 5E C7 + Ciphertext : 9B 9B 7B FC D1 81 3C B9 5D 0B 36 18 F4 0F 51 22 + + Intermediate Value + ------------------------------------------------------------------ + Ki0 Ki1 L0 L1 R0 R1 + ================================================================== + Round 1 : B2B11B63 2EE9E2D1 | B41E6BE2 EBA84A14 8E2EED84 593C5EC7 + Round 2 : 11967260 71A62F24 | 8E2EED84 593C5EC7 1B31F2F7 3DDE00BA + Round 3 : 2E017A5A 35DAD7A7 | 1B31F2F7 3DDE00BA 35CC49C0 2AFB59EA + Round 4 : 1B2AB5FF A3ADA69F | 35CC49C0 2AFB59EA D7AB53AA AE82F1C7 + Round 5 : 519C9903 DA90AAEE | D7AB53AA AE82F1C7 24139958 B840E56F + Round 6 : 29FD95AD B94C3F13 | 24139958 B840E56F 24AB5291 544C9DBA + Round 7 : 6F629D19 8ACE692F | 24AB5291 544C9DBA E8152994 75D0B424 + Round 8 : 30A26E73 2F22338E | E8152994 75D0B424 A2CD1153 F32BB23A + Round 9 : 9721073A 98EE8DAE | A2CD1153 F32BB23A C386008B E3257731 + Round 10 : C597A8A9 27DCDC97 | C386008B E3257731 98396BFD 814F8972 + Round 11 : F5163A00 5FFD0003 | 98396BFD 814F8972 E74D2D0D 11D889D1 + Round 12 : 5CBE65DA A73403E4 | E74D2D0D 11D889D1 29D8C7B3 D1B71C0C + Round 13 : 7D5CF070 1D3B8092 | 29D8C7B3 D1B71C0C C4E692C2 D2F57F18 + Round 14 : 388C702B 1BAA4945 | C4E692C2 D2F57F18 2FAFB300 5F0C4BFF + Round 15 : 87D1AB5A FA13FB5C | 2FAFB300 5F0C4BFF 60E5F17C 5626BB68 + Round 16 : C97D7EED 90724A6E | 60E5F17C 5626BB68 5D0B3618 F40F5122 + + + + + + + + + + + + + + + + + + + + + + + + + +Lee, et al. Informational [Page 15] + +RFC 4269 The SEED Encryption Algorithm December 2005 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2005). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at ietf- + ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + +Lee, et al. Informational [Page 16] + |