< draft-lee-rfc4009bis-00.txt   draft-lee-rfc4009bis-01.txt >
Internet-Draft H.J. Lee Internet-Draft H.J. Lee
Obsoletes: 4009(if approved) S.J. Lee Obsoletes: 4009(if approved) S.J. Lee
Expires: November 2005 J.H. Yoon Expires: November 2005 J.H. Yoon
D.H. Cheon D.H. Cheon
J.I. Lee J.I. Lee
KISA KISA
May 2005 May 2005
The SEED Encryption Algorithm The SEED Encryption Algorithm
<draft-lee-rfc4009bis-00.txt> <draft-lee-rfc4009bis-01.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, each author represents that any
patent or other IPR claims of which I am aware have been disclosed, applicable patent or other IPR claims of which he or she is aware
or will be disclosed, and any of which I become aware will be have been or will be disclosed, and any of which he or she becomes
disclosed, in accordance with RFC 3668. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress". material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on November 2, 2005. This Internet-Draft will expire on November 21, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
This document describes the SEED encryption algorithm, which has been This document describes the SEED encryption algorithm, which has been
adopted by most of the security systems in the Republic of Korea. adopted by most of the security systems in the Republic of Korea.
Included are a description of the encryption and the key scheduling Included are a description of the encryption and the key scheduling
algorithm (Section 2), the S-boxes (Appendix A), and a set of test algorithm (Section 2), the S-boxes (Appendix A), and a set of test
vectors (Appendix B). vectors (Appendix B).
1. Introduction 1. Introduction
This specification obsoletes RFC 4009. This specification differs 1.1. Changes from RFC 4009
from RFC 4009 in the following areas:
Pseudo code changes. The Pseudo code in section2 in RFC4009 is This specification obsoletes RFC 4009, because the RFC 4009 had
insufficient for the explanation of the structure of SEED. Thus ambiguous function and SS-boxes definitions cryptographically. Thus,
detailed pseudo code is introduced. some definitions have been changed and for better understanding, the
SEED pseudo codes have been modified. This update is to provide
clarity and facilitate the development of interoperable
implementations. The SEED algorithm itself has not been changed.
Some corrections of errata which are the definition of R1í¯, Z, X and This specification updates the RFC 4009 in the following areas:
SS-boxes.
1.1. SEED Overview - Pseudo code changes. The Pseudo code in section2 in RFC4009 is
insufficient for the explanation of the structure of SEED. Thus
detailed pseudo code is introduced.
- Some corrections of errata which are the definition of R1', Z, X
and SS-boxes.
1.2. SEED Overview
SEED is a 128-bit symmetric key block cipher that has been developed SEED is a 128-bit symmetric key block cipher that has been developed
by KISA (Korea Information Security Agency) since 1998. SEED is a by KISA (Korea Information Security Agency) since 1998. SEED is a
national standard encryption algorithm in the Republic of Korea national standard encryption algorithm in the Republic of Korea
[TTASSEED] and is designed to use the S-boxes and permutations that [TTASSEED] and is designed to use the S-boxes and permutations that
balance with the current computing technology. It has the Feistel balance with the current computing technology. It has the Feistel
structure with 16-round and is strong against DC(Differential structure with 16-round and is strong against DC(Differential
Cryptanalysis), LC(Linear Cryptanalysis), and related key attacks, Cryptanalysis), LC(Linear Cryptanalysis), and related key attacks,
balanced with security/efficiency trade-off. balanced with security/efficiency trade-off.
skipping to change at page 2, line 41 skipping to change at page 2, line 49
- 128-bit input/output data block size - 128-bit input/output data block size
- 128-bit key length - 128-bit key length
- A round function strong against known attacks - A round function strong against known attacks
- Two 8x8 S-boxes - Two 8x8 S-boxes
- Mixed operations of XOR and modular addition - Mixed operations of XOR and modular addition
SEED has been widely used in the Republic of Korea for confidential SEED has been widely used in the Republic of Korea for confidential
services such as electronic commerce; e.g., financial services services such as electronic commerce; e.g., financial services
provided in wired and wireless communication. provided in wired and wireless communication.
1.2. Notation 1.3. Notation
The following notation is used in the description of the SEED The following notation is used in the description of the SEED
encryption algorithm: encryption algorithm:
& bitwise AND & bitwise AND
^ bitwise exclusive OR ^ bitwise exclusive OR
+ addition in modular 2**32 + addition in modular 2**32
- subtraction in modular 2**32 - subtraction in modular 2**32
|| concatenation || concatenation
<< n left circular rotation by n bits << n left circular rotation by n bits
skipping to change at page 3, line 38 skipping to change at page 3, line 46
operations such as exclusive OR (XOR) and additions to provide strong operations such as exclusive OR (XOR) and additions to provide strong
security, high speed, and simplicity in its implementation. security, high speed, and simplicity in its implementation.
A 64-bit input block of the round function F is divided into two A 64-bit input block of the round function F is divided into two
32-bit blocks (R0, R1) and wrapped with 4 phases: 32-bit blocks (R0, R1) and wrapped with 4 phases:
- A mixing phase of two 32-bit subkey blocks (Ki0 , Ki1) - A mixing phase of two 32-bit subkey blocks (Ki0 , Ki1)
- 3 layers of function G (See Section 2.2), with additions for - 3 layers of function G (See Section 2.2), with additions for
mixing two 32-bit blocks mixing two 32-bit blocks
The outputs (R0í¯, R1í¯) of function F are as follows: The outputs (R0', R1') of function F are as follows:
R0í¯ = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) R0' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0)
^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] ^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)]
R1í¯ = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) R1' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0)
^ (R1 ^ Ki1)]] ^ (R1 ^ Ki1)]]
2.2. The Function G 2.2. The Function G
The function G has two layers. A layer of two 8x8 S-boxes and a The function G has two layers. A layer of two 8x8 S-boxes and a
layer of block permutation of sixteen 8-bit sub-blocks. The outputs layer of block permutation of sixteen 8-bit sub-blocks. The outputs
Z (= Z3 || Z2 || Z1 || Z0) of the function G with four 8-bit inputs Z (= Z3 || Z2 || Z1 || Z0) of the function G with four 8-bit inputs
X (= X3 || X2 || X1 || X0) are as follows: X (= X3 || X2 || X1 || X0) are as follows:
Z0 = {S0(X0) & m0} ^ {S1(X1) & m1} ^ {S0(X2) & m2} ^ {S1(X3) & m3} Z0 = {S0(X0) & m0} ^ {S1(X1) & m1} ^ {S0(X2) & m2} ^ {S1(X3) & m3}
skipping to change at page 4, line 47 skipping to change at page 5, line 6
Key0 || Key1 = (Key0 || Key1) >> 8 Key0 || Key1 = (Key0 || Key1) >> 8
- Type 2 : Even round - Type 2 : Even round
Ki0 = G(Key0 + Key2 - KCi) Ki0 = G(Key0 + Key2 - KCi)
Ki1 = G(Key1 - Key3 + KCi) Ki1 = G(Key1 - Key3 + KCi)
Key2 || Key3 = (Key2 || Key3) << 8 Key2 || Key3 = (Key2 || Key3) << 8
The following table shows constants used in KCi: The following table shows constants used in KCi:
i | Value i | Value i | Value i | Value
=========================================== KC1 | 0x9E3779B9 KC2 | 0x3C6EF373 ============================================
KC1 | 0x9E3779B9 KC2 | 0x3C6EF373
KC3 | 0x78DDE6E6 KC4 | 0xF1BBCDCC KC3 | 0x78DDE6E6 KC4 | 0xF1BBCDCC
KC5 | 0xE3779B99 KC6 | 0xC6EF3733 KC5 | 0xE3779B99 KC6 | 0xC6EF3733
KC7 | 0x8DDE6E67 KC8 | 0x1BBCDCCF KC7 | 0x8DDE6E67 KC8 | 0x1BBCDCCF
KC9 | 0x3779B99E KC10 | 0x6EF3733C KC9 | 0x3779B99E KC10 | 0x6EF3733C
KC11 | 0xDDE6E678 KC12 | 0xBBCDCCF1 KC11 | 0xDDE6E678 KC12 | 0xBBCDCCF1
KC13 | 0x779B99E3 KC14 | 0xEF3733C6 KC13 | 0x779B99E3 KC14 | 0xEF3733C6
KC15 | 0xDE6E678D KC16 | 0xBCDCCF1B KC15 | 0xDE6E678D KC16 | 0xBCDCCF1B
A pseudo code for the key schedule is as follows: A pseudo code for the key schedule is as follows:
skipping to change at page 5, line 34 skipping to change at page 5, line 42
Decryption procedure is the reverse step of the encryption procedure. Decryption procedure is the reverse step of the encryption procedure.
It can be implemented by using the encryption algorithm with reverse It can be implemented by using the encryption algorithm with reverse
order of the round subkeys. order of the round subkeys.
2.5. SEED Object Identifiers 2.5. SEED Object Identifiers
For those who may be using SEED in algorithm negotiation within a For those who may be using SEED in algorithm negotiation within a
protocol, or in any other context that may require the use of OIDs, protocol, or in any other context that may require the use of OIDs,
the following three OIDs have been defined. the following three OIDs have been defined.
algorithm OBJECT IDENTIFIER :: { iso(1) member-body(2) korea(410) kisa(200004) algorithm(1) } algorithm OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) korea(410) kisa(200004) algorithm(1) }
id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) } id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) }
seedCBCParameter ::= OCTET STRING (SIZE(16)) seedCBCParameter ::= OCTET STRING (SIZE(16))
-- 128-bit Initialization Vector -- 128-bit Initialization Vector
The id-seedCBC OID is used when the CBC mode of operation based on The id-seedCBC OID is used when the CBC mode of operation based on
the SEED block cipher is provided. the SEED block cipher is provided.
id-seedMAC OBJECT IDENTIFIER ::= { algorithm seedMAC(7) } id-seedMAC OBJECT IDENTIFIER ::= { algorithm seedMAC(7) }
seedMACParameter ::= INTEGER -- MAC length, in bits seedMACParameter ::= INTEGER -- MAC length, in bits
The id-seedMAC OID is used when the message authentication code (MAC) The id-seedMAC OID is used when the message authentication code (MAC)
algorithm based on the SEED block cipher is provided. algorithm based on the SEED block cipher is provided.
pbeWithSHA1AndSEED-CBC OBJECT IDENTIFIER :: { algorithm seedCBCwithSHA1(15) } pbeWithSHA1AndSEED-CBC OBJECT IDENTIFIER ::=
{ algorithm seedCBCwithSHA1(15) }
PBEParameters ::= SEQUENCE { PBEParameters ::= SEQUENCE {
salt OCTET STRING, salt OCTET STRING,
iteration INTEGER } -- Total number of hash iterations iteration INTEGER } -- Total number of hash iterations
This OID is used when a password-based encryption in CBC mode based This OID is used when a password-based encryption in CBC mode based
on SHA-1 and the SEED block cipher is provided. The details of the on SHA-1 and the SEED block cipher is provided. The details of the
PBE computation are well described in Section 6.1 of [RFC2898]. PBE computation are well described in Section 6.1 of [RFC2898].
3. Security Considerations 3. Security Considerations
skipping to change at page 6, line 46 skipping to change at page 7, line 8
response to document SC 27 N 2563", October, 2000 response to document SC 27 N 2563", October, 2000
[CRYPTREC] Information-technology Promotion Agency (IPA), Japan, [CRYPTREC] Information-technology Promotion Agency (IPA), Japan,
CRYPTREC. "SEED Evaluation Report", February, 2002 CRYPTREC. "SEED Evaluation Report", February, 2002
http://www.kisa.or.kr/seed/data/Document_pdf/ http://www.kisa.or.kr/seed/data/Document_pdf/
SEED_Evaluation_Report_by_CRYPTREC.pdf SEED_Evaluation_Report_by_CRYPTREC.pdf
5. Acknowledgments 5. Acknowledgments
Alfred Hoenes(ah@tr-sys.de) has contributed significantly to work on Alfred Hoenes(ah@tr-sys.de) has contributed significantly to work on
the definition of R1í¯, Z, X and SS-boxes. Thanks for his contribution the definition of R1', Z, X and SS-boxes. Thanks for his contribution
for this document. for this document.
6. Authorsí¯ Addresses 6. Authors' Addresses
Hyangjin Lee Hyangjin Lee
Korea Information Security Agency Korea Information Security Agency
78, Garak-Dong, Songpa-Gu, Seoul, 138-803 78, Garak-Dong, Songpa-Gu, Seoul, 138-803
REPUBLIC OF KOREA REPUBLIC OF KOREA
Phone: +82-2-405-5446 Phone: +82-2-405-5446
FAX : +82-2-405-5319 FAX : +82-2-405-5319
EMail: jiinii@kisa.or.kr EMail: jiinii@kisa.or.kr
Sungjae Lee Sungjae Lee
skipping to change at page 7, line 29 skipping to change at page 7, line 35
EMail: sjlee@kisa.or.kr EMail: sjlee@kisa.or.kr
Jaeho Yoon Jaeho Yoon
Korea Information Security Agency Korea Information Security Agency
Phone: +82-2-405-5434 Phone: +82-2-405-5434
FAX : +82-2-405-5219 FAX : +82-2-405-5219
EMail: jhyoon@kisa.or.kr EMail: jhyoon@kisa.or.kr
Donghyeon Cheon Donghyeon Cheon
Korea Information Security Agency Korea Information Security Agency
Phone: +82-2-405-5215 Phone: +82-2-405-5251
FAX : +82-2-405-5319 FAX : +82-2-405-5319
EMail: dhcheon@kisa.or.kr EMail: dhcheon@kisa.or.kr
Jaeil Lee Jaeil Lee
Korea Information Security Agency Korea Information Security Agency
Phone: +82-2-405-5300 Phone: +82-2-405-5300
FAX : +82-2-405-5219 FAX : +82-2-405-5219
EMail: jilee@kisa.or.kr EMail: jilee@kisa.or.kr
Appendix A. S-Boxes Appendix A. S-Boxes
skipping to change at page 12, line 19 skipping to change at page 12, line 19
B.1. B.1.
Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Ciphertext : 5E BA C6 E0 05 4E 16 68 19 AF F1 CC 6D 34 6C DB Ciphertext : 5E BA C6 E0 05 4E 16 68 19 AF F1 CC 6D 34 6C DB
Intermediate Value Intermediate Value
------------------------------------------------------------------ ------------------------------------------------------------------
Ki0 Ki1 L0 L1 R0 R1 Ki0 Ki1 L0 L1 R0 R1
================================================================= Round 1 : 7C8F8C7E C737A22C | 00010203 04050607 08090A0B 0C0D0E0F ==================================================================
Round 1 : 7C8F8C7E C737A22C | 00010203 04050607 08090A0B 0C0D0E0F
Round 2 : FF276CDB A7CA684A | 08090A0B 0C0D0E0F 8081BC57 C4EA8A1F Round 2 : FF276CDB A7CA684A | 08090A0B 0C0D0E0F 8081BC57 C4EA8A1F
Round 3 : 2F9D01A1 70049E41 | 8081BC57 C4EA8A1F 117A8B07 D7358C24 Round 3 : 2F9D01A1 70049E41 | 8081BC57 C4EA8A1F 117A8B07 D7358C24
Round 4 : AE59B3C4 4245E90C | 117A8B07 D7358C24 D1738C94 7326CAB0 Round 4 : AE59B3C4 4245E90C | 117A8B07 D7358C24 D1738C94 7326CAB0
Round 5 : A1D6400F DBC1394E | D1738C94 7326CAB0 577ECE6D 1F8433EC Round 5 : A1D6400F DBC1394E | D1738C94 7326CAB0 577ECE6D 1F8433EC
Round 6 : 85963508 0C5F1FCB | 577ECE6D 1F8433EC 910F62AB DDA096C1 Round 6 : 85963508 0C5F1FCB | 577ECE6D 1F8433EC 910F62AB DDA096C1
Round 7 : B684BDA7 61A4AEAE | 910F62AB DDA096C1 EA4D39B4 B17B1938 Round 7 : B684BDA7 61A4AEAE | 910F62AB DDA096C1 EA4D39B4 B17B1938
Round 8 : D17E0741 FEE90AA1 | EA4D39B4 B17B1938 B04E251F 97D7442C Round 8 : D17E0741 FEE90AA1 | EA4D39B4 B17B1938 B04E251F 97D7442C
Round 9 : 76CC05D5 E97A7394 | B04E251F 97D7442C B86D31BF A5988C06 Round 9 : 76CC05D5 E97A7394 | B04E251F 97D7442C B86D31BF A5988C06
Round 10 : 50AC6F92 1B2666E5 | B86D31BF A5988C06 9008EABF 38DF7430 Round 10 : 50AC6F92 1B2666E5 | B86D31BF A5988C06 9008EABF 38DF7430
Round 11 : 65B7904A 8EC3A7B3 | 9008EABF 38DF7430 33E47DE0 54EFF76C Round 11 : 65B7904A 8EC3A7B3 | 9008EABF 38DF7430 33E47DE0 54EFF76C
skipping to change at page 12, line 45 skipping to change at page 12, line 46
B.2. B.2.
Key : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F Key : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Plaintext : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Plaintext : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Ciphertext : C1 1F 22 F2 01 40 50 50 84 48 35 97 E4 37 0F 43 Ciphertext : C1 1F 22 F2 01 40 50 50 84 48 35 97 E4 37 0F 43
Intermediate Value Intermediate Value
------------------------------------------------------------------ ------------------------------------------------------------------
Ki0 Ki1 L0 L1 R0 R1 Ki0 Ki1 L0 L1 R0 R1
================================================================= Round 1 : C119F584 5AE033A0 | 00000000 00000000 00000000 00000000 ==================================================================
Round 1 : C119F584 5AE033A0 | 00000000 00000000 00000000 00000000
Round 2 : 62947390 A600AD14 | 00000000 00000000 9D8DB62C 911F0C19 Round 2 : 62947390 A600AD14 | 00000000 00000000 9D8DB62C 911F0C19
Round 3 : F6F6544E 596C4B49 | 9D8DB62C 911F0C19 21229A97 4AB4B7B8 Round 3 : F6F6544E 596C4B49 | 9D8DB62C 911F0C19 21229A97 4AB4B7B8
Round 4 : C1A3DE02 CE483C49 | 21229A97 4AB4B7B8 5A27B404 899D7315 Round 4 : C1A3DE02 CE483C49 | 21229A97 4AB4B7B8 5A27B404 899D7315
Round 5 : 5E742E6D 7E25163D | 5A27B404 899D7315 B8489E76 BA0EF3EA Round 5 : 5E742E6D 7E25163D | 5A27B404 899D7315 B8489E76 BA0EF3EA
Round 6 : 8299D2B4 790A46CE | B8489E76 BA0EF3EA 04A3DF29 31A27FB4 Round 6 : 8299D2B4 790A46CE | B8489E76 BA0EF3EA 04A3DF29 31A27FB4
Round 7 : EA67D836 55F354F2 | 04A3DF29 31A27FB4 EC9C17BF 81AA2AA0 Round 7 : EA67D836 55F354F2 | 04A3DF29 31A27FB4 EC9C17BF 81AA2AA0
Round 8 : C47329FB F50DB634 | EC9C17BF 81AA2AA0 4FA74E8D CDB21BB8 Round 8 : C47329FB F50DB634 | EC9C17BF 81AA2AA0 4FA74E8D CDB21BB8
Round 9 : 2BD30235 51679CE6 | 4FA74E8D CDB21BB8 D93492FE 4F71A4DA Round 9 : 2BD30235 51679CE6 | 4FA74E8D CDB21BB8 D93492FE 4F71A4DA
Round 10 : FA8D6B76 A9F37E02 | D93492FE 4F71A4DA B14053D9 A911379B Round 10 : FA8D6B76 A9F37E02 | D93492FE 4F71A4DA B14053D9 A911379B
Round 11 : 8B99CC60 0F6092D4 | B14053D9 A911379B 5A7024D6 3905668B Round 11 : 8B99CC60 0F6092D4 | B14053D9 A911379B 5A7024D6 3905668B
skipping to change at page 13, line 27 skipping to change at page 13, line 27
B.3. B.3.
Key : 47 06 48 08 51 E6 1B E8 5D 74 BF B3 FD 95 61 85 Key : 47 06 48 08 51 E6 1B E8 5D 74 BF B3 FD 95 61 85
Plaintext : 83 A2 F8 A2 88 64 1F B9 A4 E9 A5 CC 2F 13 1C 7D Plaintext : 83 A2 F8 A2 88 64 1F B9 A4 E9 A5 CC 2F 13 1C 7D
Ciphertext : EE 54 D1 3E BC AE 70 6D 22 6B C3 14 2C D4 0D 4A Ciphertext : EE 54 D1 3E BC AE 70 6D 22 6B C3 14 2C D4 0D 4A
Intermediate Value Intermediate Value
------------------------------------------------------------------ ------------------------------------------------------------------
Ki0 Ki1 L0 L1 R0 R1 Ki0 Ki1 L0 L1 R0 R1
================================================================= Round 1 : 56BE4A0F E9F62877 | 83A2F8A2 88641FB9 A4E9A5CC 2F131C7D ==================================================================
Round 1 : 56BE4A0F E9F62877 | 83A2F8A2 88641FB9 A4E9A5CC 2F131C7D
Round 2 : 68BCB66C 078911DD | A4E9A5CC 2F131C7D 7CE5F012 47F8C1E6 Round 2 : 68BCB66C 078911DD | A4E9A5CC 2F131C7D 7CE5F012 47F8C1E6
Round 3 : 5B82740B FD24D09B | 7CE5F012 47F8C1E6 AAC99520 609F4CB7 Round 3 : 5B82740B FD24D09B | 7CE5F012 47F8C1E6 AAC99520 609F4CB7
Round 4 : 8D608015 A120E0BE | AAC99520 609F4CB7 3E126D1F 44FA99F0 Round 4 : 8D608015 A120E0BE | AAC99520 609F4CB7 3E126D1F 44FA99F0
Round 5 : 810A75AE 1BF223E5 | 3E126D1F 44FA99F0 11716365 9BA775AC Round 5 : 810A75AE 1BF223E5 | 3E126D1F 44FA99F0 11716365 9BA775AC
Round 6 : F9C0D2D0 0F676C02 | 11716365 9BA775AC 32C9838F BA5757CB Round 6 : F9C0D2D0 0F676C02 | 11716365 9BA775AC 32C9838F BA5757CB
Round 7 : 8F9B5C84 8A7C8DDD | 32C9838F BA5757CB 77E00C64 CF9F6B32 Round 7 : 8F9B5C84 8A7C8DDD | 32C9838F BA5757CB 77E00C64 CF9F6B32
Round 8 : D4AB4896 18E93447 | 77E00C64 CF9F6B32 3F09B1F7 DE7D6D58 Round 8 : D4AB4896 18E93447 | 77E00C64 CF9F6B32 3F09B1F7 DE7D6D58
Round 9 : CF090F51 5A4C8202 | 3F09B1F7 DE7D6D58 300E5CAA D0BF2345 Round 9 : CF090F51 5A4C8202 | 3F09B1F7 DE7D6D58 300E5CAA D0BF2345
Round 10 : 4EC3196F 61B1A0DC | 300E5CAA D0BF2345 9574FDD7 4DF050D1 Round 10 : 4EC3196F 61B1A0DC | 300E5CAA D0BF2345 9574FDD7 4DF050D1
Round 11 : 244E07C1 D0D10B12 | 9574FDD7 4DF050D1 A15EDA6F 624265FD Round 11 : 244E07C1 D0D10B12 | 9574FDD7 4DF050D1 A15EDA6F 624265FD
skipping to change at page 14, line 7 skipping to change at page 14, line 7
Round 16 : A9AF7241 A3E67359 | 43B7FE1B BCF87781 226BC314 2CD40D4A Round 16 : A9AF7241 A3E67359 | 43B7FE1B BCF87781 226BC314 2CD40D4A
B.4. B.4.
Key : 28 DB C3 BC 49 FF D8 7D CF A5 09 B1 1D 42 2B E7 Key : 28 DB C3 BC 49 FF D8 7D CF A5 09 B1 1D 42 2B E7
Plaintext : B4 1E 6B E2 EB A8 4A 14 8E 2E ED 84 59 3C 5E C7 Plaintext : B4 1E 6B E2 EB A8 4A 14 8E 2E ED 84 59 3C 5E C7
Ciphertext : 9B 9B 7B FC D1 81 3C B9 5D 0B 36 18 F4 0F 51 22 Ciphertext : 9B 9B 7B FC D1 81 3C B9 5D 0B 36 18 F4 0F 51 22
Intermediate Value Intermediate Value
------------------------------------------------------------------ ------------------------------------------------------------------
Ki0 Ki1 L0 L1 R0 R1 Ki0 Ki1 L0 L1 R0 R1
================================================================= Round 1 : B2B11B63 2EE9E2D1 | B41E6BE2 EBA84A14 8E2EED84 593C5EC7 ==================================================================
Round 1 : B2B11B63 2EE9E2D1 | B41E6BE2 EBA84A14 8E2EED84 593C5EC7
Round 2 : 11967260 71A62F24 | 8E2EED84 593C5EC7 1B31F2F7 3DDE00BA Round 2 : 11967260 71A62F24 | 8E2EED84 593C5EC7 1B31F2F7 3DDE00BA
Round 3 : 2E017A5A 35DAD7A7 | 1B31F2F7 3DDE00BA 35CC49C0 2AFB59EA Round 3 : 2E017A5A 35DAD7A7 | 1B31F2F7 3DDE00BA 35CC49C0 2AFB59EA
Round 4 : 1B2AB5FF A3ADA69F | 35CC49C0 2AFB59EA D7AB53AA AE82F1C7 Round 4 : 1B2AB5FF A3ADA69F | 35CC49C0 2AFB59EA D7AB53AA AE82F1C7
Round 5 : 519C9903 DA90AAEE | D7AB53AA AE82F1C7 24139958 B840E56F Round 5 : 519C9903 DA90AAEE | D7AB53AA AE82F1C7 24139958 B840E56F
Round 6 : 29FD95AD B94C3F13 | 24139958 B840E56F 24AB5291 544C9DBA Round 6 : 29FD95AD B94C3F13 | 24139958 B840E56F 24AB5291 544C9DBA
Round 7 : 6F629D19 8ACE692F | 24AB5291 544C9DBA E8152994 75D0B424 Round 7 : 6F629D19 8ACE692F | 24AB5291 544C9DBA E8152994 75D0B424
Round 8 : 30A26E73 2F22338E | E8152994 75D0B424 A2CD1153 F32BB23A Round 8 : 30A26E73 2F22338E | E8152994 75D0B424 A2CD1153 F32BB23A
Round 9 : 9721073A 98EE8DAE | A2CD1153 F32BB23A C386008B E3257731 Round 9 : 9721073A 98EE8DAE | A2CD1153 F32BB23A C386008B E3257731
Round 10 : C597A8A9 27DCDC97 | C386008B E3257731 98396BFD 814F8972 Round 10 : C597A8A9 27DCDC97 | C386008B E3257731 98396BFD 814F8972
Round 11 : F5163A00 5FFD0003 | 98396BFD 814F8972 E74D2D0D 11D889D1 Round 11 : F5163A00 5FFD0003 | 98396BFD 814F8972 E74D2D0D 11D889D1
 End of changes. 22 change blocks. 
35 lines changed or deleted 50 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/