< draft-park-seed-00.txt   draft-park-seed-01.txt >
S/MIME Working Group Jongwook Park(KISA) S/MIME Working Group Jongwook Park(KISA)
Internet Draft Sungjae Lee(KISA) Internet Draft Sungjae Lee(KISA)
Document: draft-park-seed-00.txt Jeeyeon Kim(KISA) Document: draft-park-seed-01.txt Jeeyeon Kim(KISA)
Expires : June, 2004 Jaeil Lee(KISA) Expires : Feburary, 2005 Jaeil Lee(KISA)
January, 2004 Target category: Informational August 2004
The SEED Encryption Algorithm The SEED Encryption Algorithm
<draft-park-seed-00.txt> <draft-park-seed-01.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with By submitting this Internet-Draft, I certify that any applicable
all provisions of Section 10 of [RFC 2026]. patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its Areas, and its Working Groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet Drafts are draft documents valid for a maximum of six
and may be updated, replaced, or obsoleted by other documents at any months. Internet Drafts may be updated, replaced, or obsoleted by
time. It is inappropriate to use Internet-Drafts as reference other documents at any time. It is not appropriate to use Internet
material or to cite them other than as "work in progress." Drafts as reference material or to cite them other than as a "working
draft" or "work in progress".
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http//www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http//www.ietf.org/shadow.html.
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
This document describes the SEED encryption algorithm which has been This document describes the SEED encryption algorithm which has been
adopted to most of the security systems in the Republic of Korea. adopted by most of the security systems in the Republic of Korea.
Included are a description of the cipher and the key scheduling Included are a description of the cipher and the key scheduling
algorithm(Section 2), the S-boxes(Appendix A), and a set of test algorithm (Section 2), the S-boxes (Appendix A), and a set of test
vectors(Appendix B). vectors (Appendix B).
1. Introduction 1. Introduction
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase,
as shown) are to be interpreted as described in [RFC2119].
1.1 SEED Overview 1.1 SEED Overview
SEED is a 128-bit symmetric key block cipher that had been developed SEED is a 128-bit symmetric key block cipher that had been developed
by KISA (Korea Information Security Agency) and a group of experts by KISA (Korea Information Security Agency) and a group of experts
since 1998. SEED is a national standard encryption algorithm in South since 1998. SEED is a national standard encryption algorithm in South
Korea[TTASSEED]. SEED is designed to utilize the S-boxes and Korea [TTASSEED]. SEED is designed to utilize the S-boxes and
permutations that balance with the current computing technology. It permutations that balance with the current computing technology. It
has the Feistel structure with 16-round and is strong against has the Feistel structure with 16-round and is strong against DC
DC(Differential Cryptanalysis),LC(Linear Cryptanalysis) and related (Differential Cryptanalysis), LC (Linear Cryptanalysis) and related
key attacks balanced with security/efficiency trade-off. key attacks balanced with security/efficiency trade-off.
The features of SEED are outlined as follows: The features of SEED are outlined as follows:
- The Feistel structure with 16-round - The Feistel structure with 16-round
- 128-bit input/output data block size - 128-bit input/output data block size
- 128-bit key length - 128-bit key length
- A round function strong against known attacks - A round function strong against known attacks
- Two 8x8 S-boxes - Two 8x8 S-boxes
- Mixed operations of XOR and modular addition - Mixed operations of XOR and modular addition
SEED has been widely used in South Korea for confidential services SEED has been widely used in South Korea for confidential services
such as electronic commerce, financial services provided in wired and such as electronic commerce, financial services provided in wired and
wireless communication. wireless communication.
1.2 Notation 1.2 Notation
The following notation is used in the description of the SEED The following notation is used in the description of SEED encryption
encryption algorithm: algorithm:
& bitwise AND & bitwise AND
^ bitwise exclusive OR ^ bitwise exclusive OR
+ addition in modular 2**32 + addition in modular 2**32
- subtraction in modular 2**32 - subtraction in modular 2**32
|| concatenation || concatenation
<< n left circular rotation by n bits << n left circular rotation by n bits
>> n right circular rotation by n bits >> n right circular rotation by n bits
0x hexadecimal representation 0x hexadecimal representation
2. The Structure of SEED 2. The Structure of SEED
The input/output block size of SEED is 128-bit and the key length is The input/output block size of SEED is 128-bit and the key length is
also 128-bit. SEED has the 16-round Feistel structure. A 128-bit also 128-bit. SEED has the 16-round Feistel structure. A 128-bit
input is divided into two 64-bit blocks (L, R) and the right 64-bit input is divided into two 64-bit blocks (L, R) and the right 64-bit
block is an input to the round function F with a 64-bit subkeys Ki block is an input to the round function F with a 64-bit subkey Ki
generated from the key schedule. generated from the key schedule.
A pseudo code for the structure of SEED is as follows: A pseudo code for the structure of SEED is as follows:
for (i = 1; i <= 16; i++) for (i = 1; i <= 16; i++)
{ {
L = R; L = R;
R = L ^ F(Ki, R); R = L ^ F(Ki, R);
} }
Where L0, L1, R0, R1, Ki0 and Ki1 are 32-bit words.
2.1 The Round Function F 2.1 The Round Function F
SEED uses two 8x8 S-boxes, permutations, rotations, and basic modular SEED uses two 8x8 S-boxes, permutations, rotations, and basic modular
operations such as exclusive OR(XOR) and additions to provide strong operations such as exclusive OR (XOR) and additions to provide strong
security, high speed and simplicity in its implementation. security, high speed and simplicity in its implementation.
A 64-bit input block of the round function F is divided into two A 64-bit input block of the round function F is divided into two
32-bit blocks (R0, R1) and wrapped with 4 phases : 32-bit blocks (R0, R1) and wrapped with 4 phases:
- a mixing phase of two 32-bit subkey blocks (Ki0 , Ki1) - a mixing phase of two 32-bit subkey blocks (Ki0 , Ki1)
- 3 layers of function G(See Section 2.2) with additions for mixing - 3 layers of function G (See Section 2.2) with additions for mixing
two 32-bit blocks two 32-bit blocks
The outputs (R0', R1') of function F are as follows: The outputs (R0', R1') of function F are as follows:
R0' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) R0' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0)
^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] ^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)]
R1' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) R1' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0)
^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] ^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)]
2.2 The Function G 2.2 The Function G
The function G has two layers : a layer of two 8x8 S-boxes and a The function G has two layers: a layer of two 8x8 S-boxes and a layer
layer of block permutation of sixteen 8-bit sub-blocks. The outputs of block permutation of sixteen 8-bit sub-blocks. The outputs Z (= Z0
Z (= Z0 || Z1 || Z2 || Z3) of the function G with four 8-bit inputs X || Z1 || Z2 || Z3) of the function G with four 8-bit inputs X (= X0
(= X0 || X1 || X2 || X3) are as follows: || X1 || X2 || X3) are as follows:
Z0 = {S1(X0) & m0} ^ {S2(X1) & m1} ^ {S1(X2) & m2} ^ {S2(X3) & m3} Z0 = {S1(X0) & m0} ^ {S2(X1) & m1} ^ {S1(X2) & m2} ^ {S2(X3) & m3}
Z1 = {S1(X0) & m1} ^ {S2(X1) & m2} ^ {S1(X2) & m3} ^ {S2(X3) & m0} Z1 = {S1(X0) & m1} ^ {S2(X1) & m2} ^ {S1(X2) & m3} ^ {S2(X3) & m0}
Z2 = {S1(X0) & m2} ^ {S2(X1) & m3} ^ {S1(X2) & m0} ^ {S2(X3) & m1} Z2 = {S1(X0) & m2} ^ {S2(X1) & m3} ^ {S1(X2) & m0} ^ {S2(X3) & m1}
Z3 = {S1(X0) & m3} ^ {S2(X1) & m0} ^ {S1(X2) & m1} ^ {S2(X3) & m2} Z3 = {S1(X0) & m3} ^ {S2(X1) & m0} ^ {S1(X2) & m1} ^ {S2(X3) & m2}
where m0 = 0xfc, m1 = 0xf3, m2 = 0xcf and m3 = 0x3f. where m0 = 0xfc, m1 = 0xf3, m2 = 0xcf and m3 = 0x3f.
To increase the efficiency of G function, four extended S-boxes 'SS- To increase the efficiency of G function, four extended S-boxes 'SS-
box' (See Appendix A.2) are defined as follows: box' (See Appendix A.2) are defined as follows:
SS0(X)= {S1(X) & m3} || {S1(X) & m2} || {S1(X) & m1} || {S1(X) & m0} SS0(X)= {S1(X) & m3} || {S1(X) & m2} || {S1(X) & m1} || {S1(X) & m0}
SS1(X)= {S2(X) & m0} || {S2(X) & m3} || {S2(X) & m2} || {S2(X) & m1} SS1(X)= {S2(X) & m0} || {S2(X) & m3} || {S2(X) & m2} || {S2(X) & m1}
SS2(X)= {S1(X) & m1} || {S1(X) & m0} || {S1(X) & m3} || {S1(X) & m2} SS2(X)= {S1(X) & m1} || {S1(X) & m0} || {S1(X) & m3} || {S1(X) & m2}
SS3(X)= {S2(X) & m2} || {S2(X) & m1} || {S2(X) & m0} || {S2(X) & m3} SS3(X)= {S2(X) & m2} || {S2(X) & m1} || {S2(X) & m0} || {S2(X) & m3}
New G function, Z, can be defined as follows: New G function, Z, can be defined as follows:
Z = SS0(X0) ^ SS1(X1) ^ SS2(X2) ^ SS3(X3) Z = SS0(X0) ^ SS1(X1) ^ SS2(X2) ^ SS3(X3)
This new G function is faster than original G function but need more This new G function is faster than original G function but takes more
memory to store four SS-boxes. memory to store four SS-boxes.
2.3 Key Schedule 2.3 Key Schedule
The key schedule generates each round subkeys. It uses the function The key schedule generates each round subkeys. It uses the function
G, addition in modular 2**32, subtraction in modular 2**32, and G, addition in modular 2**32, subtraction in modular 2**32, and
(left/right) circular rotation. A 128-bit input key is divided into (left/right) circular rotation. A 128-bit input key is divided into
four 32-bit blocks (Key0, Key1, Key2, Key3). The two 32-bit subkeys four 32-bit blocks (Key0, Key1, Key2, Key3). The two 32-bit subkeys
of the ith round, Ki0 and Ki1 are generated as follows: of the ith round, Ki0 and Ki1 are generated as follows:
- Type 1 : Odd round - Type 1 : Odd round
Ki0 = G(Key0 + Key2 - KCi) Ki0 = G(Key0 + Key2 - KCi)
Ki1 = G(Key1 - Key3 + KCi) Ki1 = G(Key1 - Key3 + KCi)
Key0 || Key1 = (Key0 || Key1) >> 8 Key0 || Key1 = (Key0 || Key1) >> 8
- Type 2 : Even round - Type 2 : Even round
Ki0 = G(Key0 + Key2 - KCi) Ki0 = G(Key0 + Key2 - KCi)
Ki1 = G(Key1 - Key3 + KCi) Ki1 = G(Key1 - Key3 + KCi)
Key2 || Key3 = (Key2 || Key3) << 8 Key2 || Key3 = (Key2 || Key3) << 8
The following table shows constants used in KCi. The following table shows constants used in KCi.
i | Value i | Value i | Value i | Value
============================================ ============================================
KC1 | 0x9e3779b9 KC2 | 0x3c6ef373 KC1 | 0x9e3779b9 KC2 | 0x3c6ef373
KC3 | 0x78dde6e6 KC4 | 0xf1bbcdcc KC3 | 0x78dde6e6 KC4 | 0xf1bbcdcc
KC5 | 0xe3779b99 KC6 | 0xc6ef3733 KC5 | 0xe3779b99 KC6 | 0xc6ef3733
KC7 | 0x8dde6e67 KC8 | 0x1bbcdccf KC7 | 0x8dde6e67 KC8 | 0x1bbcdccf
KC9 | 0x3779b99e KC10 | 0x6ef3733c KC9 | 0x3779b99e KC10 | 0x6ef3733c
KC11 | 0xdde6e678 KC12 | 0xbbcdccf1 KC11 | 0xdde6e678 KC12 | 0xbbcdccf1
KC13 | 0x779b99e3 KC14 | 0xef3733c6 KC13 | 0x779b99e3 KC14 | 0xef3733c6
KC15 | 0xde6e678d KC16 | 0xbcdccf1b KC15 | 0xde6e678d KC16 | 0xbcdccf1b
A pseudo code for the key schedule is as follows: A pseudo code for the key schedule is as follows:
for (i = 1; i <= 16; i++) for (i = 1; i <= 16; i++)
{ {
Ki0 = G(Key0 + Key2 - KCi); Ki0 = G(Key0 + Key2 - KCi);
Ki1 = G(Key1 - Key3 + KCi); Ki1 = G(Key1 - Key3 + KCi);
if (i % 2 == 1) if (i % 2 == 1)
Key0 || Key1 = (Key0 || Key1) >> 8; Key0 || Key1 = (Key0 || Key1) >> 8;
else else
Key2 || Key3 = (Key2 || Key3) << 8; Key2 || Key3 = (Key2 || Key3) << 8;
} }
2.4 Decryption procedure 2.4 Decryption procedure
Decryption procedure is the reverse step of the encryption procedure. Decryption procedure is the reverse step of the encryption procedure.
It can be implemented by using the encryption algorithm with reverse It can be implemented by using the encryption algorithm with reverse
order of the round subkeys. order of the round subkeys.
2.5 SEED Object Identifiers 2.5 SEED Object Identifiers
For those who may be using SEED in algorithm negotiation within a For those who may be using SEED in algorithm negotiation within a
protocol, or in any other context which may require the use of OBJECT protocol, or in any other context which may require the use of OIDs,
IDENTIFIERs, the following OIDs have been defined. the following three OIDs have been defined.
algorithm OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) korea(410) kisa(200004) algorithm(1) }
id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) } algorithm OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) korea(410) kisa(200004) algorithm(1) }
seedCBCParameter ::= OCTET STRING DEFAULT 0 id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) }
This is encryption and decryption in CBC mode using the SEED seedCBCParameter ::= OCTET STRING -- 128-bit Initialization Vector
symmetric block cipher algorithm.
id-seedMAC OBJECT IDENTIFIER ::= { algorithm seedMAC(7) } The id-seedCBC OID is used when the CBC mode of operation based on
the SEED block cipher is provided.
seedMACParameter ::= INTEGER -- MAC length, in bits id-seedMAC OBJECT IDENTIFIER ::= { algorithm seedMAC(7) }
This is message authentication using the SEED symmetric block seedMACParameter ::= INTEGER -- MAC length, in bits
cipher algorithm.
pbeWithSHA1AndSEED-CBC OBJECT IDENTIFIER ::= The id-seedMAC OID is used when the message authentication code (MAC)
{ algorithm seedCBCwithSHA1(15) } algorithm based on the SEED block cipher is provided.
PBEParameters ::= SEQUENCE { pbeWithSHA1AndSEED-CBC OBJECT IDENTIFIER ::=
salt OCTET STRING, { algorithm seedCBCwithSHA1(15) }
iteration INTEGER, -- Total number of hash iterations
} PBEParameters ::= SEQUENCE {
salt OCTET STRING,
iteration INTEGER, -- Total number of hash iterations
}
This is password-based encryption and decryption in CBC mode This OID is used when a password-based encryption in CBC mode based
using SHA1 and the SEED symmetric block cipher. See PKCS#5 for on SHA-1 and the SEED block cipher is provided. The details of the
details of PBE computation. PBE computation are well described in Section 6.1 of [RFC2898].
3. Security Considerations 3. Security Considerations
No security problem has been found on SEED. see [SEED], [ISOSEED] and No security problem has been found on SEED. See [ISOSEED] and
[CRYPTREC]. [CRYPTREC].
4. References 4. References
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 4.1 Normative Reference
Requirement Levels", BCP 14, RFC 2119, March 1997.
[SEED] KISA, "SEED Algorithm Specification",
http://www.kisa.or.kr/seed/seed_eng.html"
[TTASSEED] Telecommunications Technology Association (TTA), [TTASSEED] Telecommunications Technology Association (TTA),
"128-bit Symmetric Block Cipher (SEED)", "128-bit Symmetric Block Cipher (SEED)",
TTAS.KO-12.0004, September, 1998 (In Korean) TTAS.KO-12.0004, September, 1998 (In Korean)
http://www.tta.or.kr/English/new/main/index.htm http://www.tta.or.kr/English/new/main/index.htm
[RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography
Specification Version 2.0", RFC 2898, September 2000
4.2 Informative Reference
[ISOSEED] ISO/IEC, ISO/IEC JTC1/SC 27 N 256r1, "National Body [ISOSEED] ISO/IEC, ISO/IEC JTC1/SC 27 N 256r1, "National Body
contributions on NP 18033 Encryption algorithms in contributions on NP 18033 Encryption algorithms in
response to document SC 27 N 2563", October, 2000 response to document SC 27 N 2563", October, 2000
[CRYPTREC] Information-technology Promotion Agency (IPA), Japan, [CRYPTREC] Information-technology Promotion Agency (IPA), Japan,
CRYPTREC. "SEED Evaluation Report", February, 2002 CRYPTREC. "SEED Evaluation Report", February, 2002
http://www.kisa.or.kr/seed/seed_eng.html http://www.kisa.or.kr/seed/seed_eng.html
5. Intellectual Property Statement 5. Authors' Address
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described
in this document or the extent to which any license under such
rights might or might not be available; neither does it represent
that it has made any effort to identify any such rights.
Information on the IETF's procedures with respect to rights in
standards-track and standards-related documentation can be found
in BCP-11. Copies of claims of rights made available for
publication and any assurances of licenses to be made available,
or the result of an attempt made to obtain a general license or
permission for the use of such proprietary rights by implementors
or users of this specification can be obtained from the IETF
Secretariat.
The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights which may cover technology that may be required
to practice this standard. Please address the information to the
IETF Executive Director.
6. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise
explain it or assist in its implmentation may be prepared, copied,
published and distributed, in whole or in part, without
restriction of any kind, provided that the above copyright notice
and this paragraph are included on all such copies and derivative
works. However, this document itself may not be modified in any
way, such as by removing the copyright notice or references to the
Internet Society or other Internet organizations, except as needed
for the purpose of developing Internet standards in which case the
procedures for copyrights defined in the Internet Standards
process must be followed, or as required to translate it into
languages other than English.
The limited permissions granted above are perpetual and will not
be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE."
7. Authors' Address
Jongwook Park Jongwook Park
Korea Information Security Agency Korea Information Security Agency
78, Garak-Dong, Songpa-Gu, Seoul, 138-803
REPUBLIC OF KOREA
Phone: +82-2-405-5432 Phone: +82-2-405-5432
FAX : +82-2-405-5499 FAX : +82-2-405-5499
Email: khopri@kisa.or.kr Email: khopri@kisa.or.kr
Sungjae Lee Sungjae Lee
Korea Information Security Agency Korea Information Security Agency
Phone: +82-2-405-5243 Phone: +82-2-405-5243
FAX : +82-2-405-5499 FAX : +82-2-405-5499
Email: sjlee@kisa.or.kr Email: sjlee@kisa.or.kr
skipping to change at page 8, line 19 skipping to change at page 7, line 15
Phone: +82-2-405-5238 Phone: +82-2-405-5238
FAX : +82-2-405-5499 FAX : +82-2-405-5499
Email: jykim@kisa.or.kr Email: jykim@kisa.or.kr
Jaeil Lee Jaeil Lee
Korea Information Security Agency Korea Information Security Agency
Phone: +82-2-405-5300 Phone: +82-2-405-5300
FAX : +82-2-405-5499 FAX : +82-2-405-5499
Email: jilee@kisa.or.kr Email: jilee@kisa.or.kr
6. Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
7. Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78 and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Appendix A. S-Boxes Appendix A. S-Boxes
A.1 S-Boxes(two original S-boxes) A.1 S-Boxes(two original S-boxes)
- S-Box S0 - S-Box S0
A9, 85, D6, D3, 54, 1D, AC, 25, 5D, 43, 18, 1E, 51, FC, CA, 63, A9, 85, D6, D3, 54, 1D, AC, 25, 5D, 43, 18, 1E, 51, FC, CA, 63,
28, 44, 20, 9D, E0, E2, C8, 17, A5, 8F, 03, 7B, BB, 13, D2, EE, 28, 44, 20, 9D, E0, E2, C8, 17, A5, 8F, 03, 7B, BB, 13, D2, EE,
70, 8C, 3F, A8, 32, DD, F6, 74, EC, 95, 0B, 57, 5C, 5B, BD, 01, 70, 8C, 3F, A8, 32, DD, F6, 74, EC, 95, 0B, 57, 5C, 5B, BD, 01,
24, 1C, 73, 98, 10, CC, F2, D9, 2C, E7, 72, 83, 9B, D1, 86, C9, 24, 1C, 73, 98, 10, CC, F2, D9, 2C, E7, 72, 83, 9B, D1, 86, C9,
skipping to change at page 12, line 14 skipping to change at page 12, line 4
46727436,09111819,cef2fc3e,40404000,02121012,c0e0e020,8db1bc3d,05010405, 46727436,09111819,cef2fc3e,40404000,02121012,c0e0e020,8db1bc3d,05010405,
caf2f83a,01010001,c0f0f030,0a22282a,4e525c1e,89a1a829,46525416,43434003, caf2f83a,01010001,c0f0f030,0a22282a,4e525c1e,89a1a829,46525416,43434003,
85818405,04101414,89818809,8b93981b,80b0b030,c5e1e425,48404808,49717839, 85818405,04101414,89818809,8b93981b,80b0b030,c5e1e425,48404808,49717839,
87939417,ccf0fc3c,0e121c1e,82828002,01212021,8c808c0c,0b13181b,4f535c1f, 87939417,ccf0fc3c,0e121c1e,82828002,01212021,8c808c0c,0b13181b,4f535c1f,
47737437,44505414,82b2b032,0d111c1d,05212425,4f434c0f,00000000,46424406, 47737437,44505414,82b2b032,0d111c1d,05212425,4f434c0f,00000000,46424406,
cde1ec2d,48505818,42525012,cbe3e82b,4e727c3e,cad2d81a,c9c1c809,cdf1fc3d, cde1ec2d,48505818,42525012,cbe3e82b,4e727c3e,cad2d81a,c9c1c809,cdf1fc3d,
00303030,85919415,45616425,0c303c3c,86b2b436,c4e0e424,8bb3b83b,4c707c3c, 00303030,85919415,45616425,0c303c3c,86b2b436,c4e0e424,8bb3b83b,4c707c3c,
0e020c0e,40505010,09313839,06222426,02323032,84808404,49616829,83939013, 0e020c0e,40505010,09313839,06222426,02323032,84808404,49616829,83939013,
07333437,c7e3e427,04202424,84a0a424,cbc3c80b,43535013,0a02080a,87838407, 07333437,c7e3e427,04202424,84a0a424,cbc3c80b,43535013,0a02080a,87838407,
c9d1d819,4c404c0c,83838003,8f838c0f,cec2cc0e,0b33383b,4a42480a,87b3b437 c9d1d819,4c404c0c,83838003,8f838c0f,cec2cc0e,0b33383b,4a42480a,87b3b437
Appendix B. Test Vectors Appendix B. Test Vectors
This appendix provides test vectors for the SEED cipher described This appendix provides test vectors for the SEED cipher described in
this document. this document.
B.1 B.1
Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Ciphertext : 5E BA C6 E0 05 4E 16 68 19 AF F1 CC 6D 34 6C DB Ciphertext : 5E BA C6 E0 05 4E 16 68 19 AF F1 CC 6D 34 6C DB
Intermediate Value Intermediate Value
------------------------------------------------------------------ ------------------------------------------------------------------
 End of changes. 46 change blocks. 
155 lines changed or deleted 141 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/