idnits 2.17.00 (12 Aug 2021) /tmp/idnits40969/draft-lee-rfc4009bis-00.txt: -(282): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3667, Section 5.1 on line 18. -- Found old boilerplate from RFC 3978, Section 5.5 on line 644. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 621. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 628. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 634. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 6 instances of lines with non-ascii characters in the document. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 13 longer pages, the longest (page 2) being 60 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 15 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** There are 7 instances of too long lines in the document, the longest one being 65 characters in excess of 72. -- The draft header indicates that this document obsoletes RFC4009(if, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 2005) is 6214 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'TTASSEED' ** Obsolete normative reference: RFC 2898 (Obsoleted by RFC 8018) Summary: 9 errors (**), 0 flaws (~~), 5 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet-Draft H.J. Lee 3 Obsoletes: 4009(if approved) S.J. Lee 4 Expires: November 2005 J.H. Yoon 5 D.H. Cheon 6 J.I. Lee 7 KISA 8 May 2005 10 The SEED Encryption Algorithm 11 13 Status of this Memo 15 By submitting this Internet-Draft, I certify that any applicable 16 patent or other IPR claims of which I am aware have been disclosed, 17 or will be disclosed, and any of which I become aware will be 18 disclosed, in accordance with RFC 3668. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress". 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html 36 This Internet-Draft will expire on November 2, 2005. 38 Copyright Notice 40 Copyright (C) The Internet Society (2005). 42 Abstract 44 This document describes the SEED encryption algorithm, which has been 45 adopted by most of the security systems in the Republic of Korea. 46 Included are a description of the encryption and the key scheduling 47 algorithm (Section 2), the S-boxes (Appendix A), and a set of test 48 vectors (Appendix B). 50 1. Introduction 52 This specification obsoletes RFC 4009. This specification differs 53 from RFC 4009 in the following areas: 55 Pseudo code changes. The Pseudo code in section2 in RFC4009 is 56 insufficient for the explanation of the structure of SEED. Thus 57 detailed pseudo code is introduced. 59 Some corrections of errata which are the definition of R1í¯, Z, X and 60 SS-boxes. 62 1.1. SEED Overview 64 SEED is a 128-bit symmetric key block cipher that has been developed 65 by KISA (Korea Information Security Agency) since 1998. SEED is a 66 national standard encryption algorithm in the Republic of Korea 67 [TTASSEED] and is designed to use the S-boxes and permutations that 68 balance with the current computing technology. It has the Feistel 69 structure with 16-round and is strong against DC(Differential 70 Cryptanalysis), LC(Linear Cryptanalysis), and related key attacks, 71 balanced with security/efficiency trade-off. 73 The features of SEED are outlined as follows: 75 - The Feistel structure with 16-round 76 - 128-bit input/output data block size 77 - 128-bit key length 78 - A round function strong against known attacks 79 - Two 8x8 S-boxes 80 - Mixed operations of XOR and modular addition 82 SEED has been widely used in the Republic of Korea for confidential 83 services such as electronic commerce; e.g., financial services 84 provided in wired and wireless communication. 86 1.2. Notation 88 The following notation is used in the description of the SEED 89 encryption algorithm: 91 & bitwise AND 92 ^ bitwise exclusive OR 93 + addition in modular 2**32 94 - subtraction in modular 2**32 95 || concatenation 96 << n left circular rotation by n bits 97 >> n right circular rotation by n bits 98 0x hexadecimal representation 100 2. The Structure of SEED 102 The input/output block size of SEED is 128-bit, and the key length is 103 also 128-bit. SEED has the 16-round Feistel structure. A 128-bit 104 input is divided into two 64-bit blocks (L, R), and the right 64-bit 105 block is an input to the round function F, with a 64-bit subkey Ki 106 generated from the key schedule. 108 A pseudo code for the structure of SEED is as follows: 110 Input : (L, R) 112 for i = 1 to 15 113 L = R, R = L ^ F(Ki, R) 115 L = L ^ F(K16, R), R=R 117 Output : (L, R) 119 2.1. The Round Function F 121 SEED uses two 8x8 S-boxes, permutations, rotations, and basic modular 122 operations such as exclusive OR (XOR) and additions to provide strong 123 security, high speed, and simplicity in its implementation. 125 A 64-bit input block of the round function F is divided into two 126 32-bit blocks (R0, R1) and wrapped with 4 phases: 128 - A mixing phase of two 32-bit subkey blocks (Ki0 , Ki1) 129 - 3 layers of function G (See Section 2.2), with additions for 130 mixing two 32-bit blocks 132 The outputs (R0í¯, R1í¯) of function F are as follows: 134 R0í¯ = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) 135 ^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] 137 R1í¯ = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) 138 ^ (R1 ^ Ki1)]] 140 2.2. The Function G 142 The function G has two layers. A layer of two 8x8 S-boxes and a 143 layer of block permutation of sixteen 8-bit sub-blocks. The outputs 144 Z (= Z3 || Z2 || Z1 || Z0) of the function G with four 8-bit inputs 145 X (= X3 || X2 || X1 || X0) are as follows: 147 Z0 = {S0(X0) & m0} ^ {S1(X1) & m1} ^ {S0(X2) & m2} ^ {S1(X3) & m3} 148 Z1 = {S0(X0) & m1} ^ {S1(X1) & m2} ^ {S0(X2) & m3} ^ {S1(X3) & m0} 149 Z2 = {S0(X0) & m2} ^ {S1(X1) & m3} ^ {S0(X2) & m0} ^ {S1(X3) & m1} 150 Z3 = {S0(X0) & m3} ^ {S1(X1) & m0} ^ {S0(X2) & m1} ^ {S1(X3) & m2} 152 where m0 = 0xFC, m1 = 0xF3, m2 = 0xCF, and m3 = 0x3F. 154 To increase the efficiency of G function, four extended S-boxes 156 SS0(X0)= {S0(X0)& m3} || {S0(X0)& m2} || {S0(X0)& m1} || {S0(X0)& m0} 157 SS1(X1)= {S1(X1)& m0} || {S1(X1)& m3} || {S1(X1)& m2} || {S1(X1)& m1} 158 SS2(X2)= {S0(X2)& m1} || {S0(X2)& m0} || {S0(X2)& m3} || {S0(X2)& m2} 159 SS3(X3)= {S1(X3)& m2} || {S1(X3)& m1} || {S1(X3)& m0} || {S1(X3)& m3} 161 New G function, Z, can be defined as follows: 163 Z = SS0(X0) ^ SS1(X1) ^ SS2(X2) ^ SS3(X3) 165 This new G function is faster than the original G function but takes 166 more memory to store four SS-boxes. 168 2.3. Key Schedule 170 The key schedule generates each round subkeys. It uses the function 171 G, addition in modular 2**32, subtraction in modular 2**32, and 172 (left/right) circular rotation. A 128-bit input key is divided into 173 four 32-bit blocks (Key0, Key1, Key2, Key3). The two 32-bit subkeys 174 of the ith round, Ki0 and Ki1, are generated as follows: 176 - Type 1 : Odd round 177 Ki0 = G(Key0 + Key2 - KCi) 178 Ki1 = G(Key1 - Key3 + KCi) 179 Key0 || Key1 = (Key0 || Key1) >> 8 181 - Type 2 : Even round 182 Ki0 = G(Key0 + Key2 - KCi) 183 Ki1 = G(Key1 - Key3 + KCi) 184 Key2 || Key3 = (Key2 || Key3) << 8 186 The following table shows constants used in KCi: 188 i | Value i | Value 189 =========================================== KC1 | 0x9E3779B9 KC2 | 0x3C6EF373 190 KC3 | 0x78DDE6E6 KC4 | 0xF1BBCDCC 191 KC5 | 0xE3779B99 KC6 | 0xC6EF3733 192 KC7 | 0x8DDE6E67 KC8 | 0x1BBCDCCF 193 KC9 | 0x3779B99E KC10 | 0x6EF3733C 194 KC11 | 0xDDE6E678 KC12 | 0xBBCDCCF1 195 KC13 | 0x779B99E3 KC14 | 0xEF3733C6 196 KC15 | 0xDE6E678D KC16 | 0xBCDCCF1B 198 A pseudo code for the key schedule is as follows: 200 Input : (Key0, Key1, Key2, Key3) 202 for i = 1 to 16 203 Ki0 = G(Key0 + Key2 - KCi) 204 Ki1 = G(Key1 - Key3 + KCi) 205 if i is odd 206 Key0 || Key1 = (Key0 || Key1) >> 8 207 esle 208 Key2 || Key3 = (Key2 || Key3) << 8 210 Output : (Keyi0, Keyi1), i=1 to 16 212 2.4. Decryption Procedure 214 Decryption procedure is the reverse step of the encryption procedure. 215 It can be implemented by using the encryption algorithm with reverse 216 order of the round subkeys. 218 2.5. SEED Object Identifiers 220 For those who may be using SEED in algorithm negotiation within a 221 protocol, or in any other context that may require the use of OIDs, 222 the following three OIDs have been defined. 224 algorithm OBJECT IDENTIFIER :: { iso(1) member-body(2) korea(410) kisa(200004) algorithm(1) } 226 id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) } 228 seedCBCParameter ::= OCTET STRING (SIZE(16)) 229 -- 128-bit Initialization Vector 231 The id-seedCBC OID is used when the CBC mode of operation based on 232 the SEED block cipher is provided. 234 id-seedMAC OBJECT IDENTIFIER ::= { algorithm seedMAC(7) } 236 seedMACParameter ::= INTEGER -- MAC length, in bits 238 The id-seedMAC OID is used when the message authentication code (MAC) 239 algorithm based on the SEED block cipher is provided. 241 pbeWithSHA1AndSEED-CBC OBJECT IDENTIFIER :: { algorithm seedCBCwithSHA1(15) } 243 PBEParameters ::= SEQUENCE { 244 salt OCTET STRING, 245 iteration INTEGER } -- Total number of hash iterations 247 This OID is used when a password-based encryption in CBC mode based 248 on SHA-1 and the SEED block cipher is provided. The details of the 249 PBE computation are well described in Section 6.1 of [RFC2898]. 251 3. Security Considerations 253 No security problem has been found on SEED. See [ISOSEED] and 254 [CRYPTREC]. 256 4. Reference 258 4.1. Normative References 260 [TTASSEED] Telecommunications Technology Association(TTA),"128-bit 261 Symmetric Block Cipher (SEED)", TTAS.KO-12.0004, 262 September, 1998 (In Korean) 263 http://www.tta.or.kr/English/new/main/index.htm 265 [RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography 266 Specification Version 2.0", RFC 2898, September 2000. 268 4.2. Informative References 270 [ISOSEED] ISO/IEC, ISO/IEC JTC1/SC 27 N 256r1, "National Body 271 contributions on NP 18033 Encryption algorithms in 272 response to document SC 27 N 2563", October, 2000 274 [CRYPTREC] Information-technology Promotion Agency (IPA), Japan, 275 CRYPTREC. "SEED Evaluation Report", February, 2002 276 http://www.kisa.or.kr/seed/data/Document_pdf/ 277 SEED_Evaluation_Report_by_CRYPTREC.pdf 279 5. Acknowledgments 281 Alfred Hoenes(ah@tr-sys.de) has contributed significantly to work on 282 the definition of R1í¯, Z, X and SS-boxes. Thanks for his contribution 283 for this document. 285 6. Authorsí¯ Addresses 287 Hyangjin Lee 288 Korea Information Security Agency 289 78, Garak-Dong, Songpa-Gu, Seoul, 138-803 290 REPUBLIC OF KOREA 291 Phone: +82-2-405-5446 292 FAX : +82-2-405-5319 293 EMail: jiinii@kisa.or.kr 295 Sungjae Lee 296 Korea Information Security Agency 297 Phone: +82-2-405-5243 298 FAX : +82-2-405-5499 299 EMail: sjlee@kisa.or.kr 301 Jaeho Yoon 302 Korea Information Security Agency 303 Phone: +82-2-405-5434 304 FAX : +82-2-405-5219 305 EMail: jhyoon@kisa.or.kr 307 Donghyeon Cheon 308 Korea Information Security Agency 309 Phone: +82-2-405-5215 310 FAX : +82-2-405-5319 311 EMail: dhcheon@kisa.or.kr 313 Jaeil Lee 314 Korea Information Security Agency 315 Phone: +82-2-405-5300 316 FAX : +82-2-405-5219 317 EMail: jilee@kisa.or.kr 319 Appendix A. S-Boxes 321 In this part, all data are hexadecimal numbers(not prefixed by "0x"). 323 A.1. S-Boxes(two original S-boxes) 325 - S-Box S0 327 A9, 85, D6, D3, 54, 1D, AC, 25, 5D, 43, 18, 1E, 51, FC, CA, 63, 328 28, 44, 20, 9D, E0, E2, C8, 17, A5, 8F, 03, 7B, BB, 13, D2, EE, 329 70, 8C, 3F, A8, 32, DD, F6, 74, EC, 95, 0B, 57, 5C, 5B, BD, 01, 330 24, 1C, 73, 98, 10, CC, F2, D9, 2C, E7, 72, 83, 9B, D1, 86, C9, 331 60, 50, A3, EB, 0D, B6, 9E, 4F, B7, 5A, C6, 78, A6, 12, AF, D5, 332 61, C3, B4, 41, 52, 7D, 8D, 08, 1F, 99, 00, 19, 04, 53, F7, E1, 333 FD, 76, 2F, 27, B0, 8B, 0E, AB, A2, 6E, 93, 4D, 69, 7C, 09, 0A, 334 BF, EF, F3, C5, 87, 14, FE, 64, DE, 2E, 4B, 1A, 06, 21, 6B, 66, 335 02, F5, 92, 8A, 0C, B3, 7E, D0, 7A, 47, 96, E5, 26, 80, AD, DF, 336 A1, 30, 37, AE, 36, 15, 22, 38, F4, A7, 45, 4C, 81, E9, 84, 97, 337 35, CB, CE, 3C, 71, 11, C7, 89, 75, FB, DA, F8, 94, 59, 82, C4, 338 FF, 49, 39, 67, C0, CF, D7, B8, 0F, 8E, 42, 23, 91, 6C, DB, A4, 339 34, F1, 48, C2, 6F, 3D, 2D, 40, BE, 3E, BC, C1, AA, BA, 4E, 55, 340 3B, DC, 68, 7F, 9C, D8, 4A, 56, 77, A0, ED, 46, B5, 2B, 65, FA, 341 E3, B9, B1, 9F, 5E, F9, E6, B2, 31, EA, 6D, 5F, E4, F0, CD, 88, 342 16, 3A, 58, D4, 62, 29, 07, 33, E8, 1B, 05, 79, 90, 6A, 2A, 9A 344 - S-Box S1 346 38, E8, 2D, A6, CF, DE, B3, B8, AF, 60, 55, C7, 44, 6F, 6B, 5B, 347 C3, 62, 33, B5, 29, A0, E2, A7, D3, 91, 11, 06, 1C, BC, 36, 4B, 348 EF, 88, 6C, A8, 17, C4, 16, F4, C2, 45, E1, D6, 3F, 3D, 8E, 98, 349 28, 4E, F6, 3E, A5, F9, 0D, DF, D8, 2B, 66, 7A, 27, 2F, F1, 72, 350 42, D4, 41, C0, 73, 67, AC, 8B, F7, AD, 80, 1F, CA, 2C, AA, 34, 351 D2, 0B, EE, E9, 5D, 94, 18, F8, 57, AE, 08, C5, 13, CD, 86, B9, 352 FF, 7D, C1, 31, F5, 8A, 6A, B1, D1, 20, D7, 02, 22, 04, 68, 71, 353 07, DB, 9D, 99, 61, BE, E6, 59, DD, 51, 90, DC, 9A, A3, AB, D0, 354 81, 0F, 47, 1A, E3, EC, 8D, BF, 96, 7B, 5C, A2, A1, 63, 23, 4D, 355 C8, 9E, 9C, 3A, 0C, 2E, BA, 6E, 9F, 5A, F2, 92, F3, 49, 78, CC, 356 15, FB, 70, 75, 7F, 35, 10, 03, 64, 6D, C6, 74, D5, B4, EA, 09, 357 76, 19, FE, 40, 12, E0, BD, 05, FA, 01, F0, 2A, 5E, A9, 56, 43, 358 85, 14, 89, 9B, B0, E5, 48, 79, 97, FC, 1E, 82, 21, 8C, 1B, 5F, 359 77, 54, B2, 1D, 25, 4F, 00, 46, ED, 58, 52, EB, 7E, DA, C9, FD, 360 30, 95, 65, 3C, B6, E4, BB, 7C, 0E, 50, 39, 26, 32, 84, 69, 93, 361 37, E7, 24, A4, CB, 53, 0A, 87, D9, 4C, 83, 8F, CE, 3B, 4A, B7 363 A.2. S-Boxes (four extended S-boxes) 364 - S-Box SS0 366 2989A1A8,05858184,16C6D2D4,13C3D3D0,14445054,1D0D111C,2C8CA0AC,25052124, 367 1D4D515C,03434340,18081018,1E0E121C,11415150,3CCCF0FC,0ACAC2C8,23436360, 368 28082028,04444044,20002020,1D8D919C,20C0E0E0,22C2E2E0,08C8C0C8,17071314, 369 2585A1A4,0F8F838C,03030300,3B4B7378,3B8BB3B8,13031310,12C2D2D0,2ECEE2EC, 370 30407070,0C8C808C,3F0F333C,2888A0A8,32023230,1DCDD1DC,36C6F2F4,34447074, 371 2CCCE0EC,15859194,0B0B0308,17475354,1C4C505C,1B4B5358,3D8DB1BC,01010100, 372 24042024,1C0C101C,33437370,18889098,10001010,0CCCC0CC,32C2F2F0,19C9D1D8, 373 2C0C202C,27C7E3E4,32427270,03838380,1B8B9398,11C1D1D0,06868284,09C9C1C8, 374 20406060,10405050,2383A3A0,2BCBE3E8,0D0D010C,3686B2B4,1E8E929C,0F4F434C, 375 3787B3B4,1A4A5258,06C6C2C4,38487078,2686A2A4,12021210,2F8FA3AC,15C5D1D4, 376 21416160,03C3C3C0,3484B0B4,01414140,12425250,3D4D717C,0D8D818C,08080008, 377 1F0F131C,19899198,00000000,19091118,04040004,13435350,37C7F3F4,21C1E1E0, 378 3DCDF1FC,36467274,2F0F232C,27072324,3080B0B0,0B8B8388,0E0E020C,2B8BA3A8, 379 2282A2A0,2E4E626C,13839390,0D4D414C,29496168,3C4C707C,09090108,0A0A0208, 380 3F8FB3BC,2FCFE3EC,33C3F3F0,05C5C1C4,07878384,14041014,3ECEF2FC,24446064, 381 1ECED2DC,2E0E222C,0B4B4348,1A0A1218,06060204,21012120,2B4B6368,26466264, 382 02020200,35C5F1F4,12829290,0A8A8288,0C0C000C,3383B3B0,3E4E727C,10C0D0D0, 383 3A4A7278,07474344,16869294,25C5E1E4,26062224,00808080,2D8DA1AC,1FCFD3DC, 384 2181A1A0,30003030,37073334,2E8EA2AC,36063234,15051114,22022220,38083038, 385 34C4F0F4,2787A3A4,05454144,0C4C404C,01818180,29C9E1E8,04848084,17879394, 386 35053134,0BCBC3C8,0ECEC2CC,3C0C303C,31417170,11011110,07C7C3C4,09898188, 387 35457174,3BCBF3F8,1ACAD2D8,38C8F0F8,14849094,19495158,02828280,04C4C0C4, 388 3FCFF3FC,09494148,39093138,27476364,00C0C0C0,0FCFC3CC,17C7D3D4,3888B0B8, 389 0F0F030C,0E8E828C,02424240,23032320,11819190,2C4C606C,1BCBD3D8,2484A0A4, 390 34043034,31C1F1F0,08484048,02C2C2C0,2F4F636C,3D0D313C,2D0D212C,00404040, 391 3E8EB2BC,3E0E323C,3C8CB0BC,01C1C1C0,2A8AA2A8,3A8AB2B8,0E4E424C,15455154, 392 3B0B3338,1CCCD0DC,28486068,3F4F737C,1C8C909C,18C8D0D8,0A4A4248,16465254, 393 37477374,2080A0A0,2DCDE1EC,06464244,3585B1B4,2B0B2328,25456164,3ACAF2F8, 394 23C3E3E0,3989B1B8,3181B1B0,1F8F939C,1E4E525C,39C9F1F8,26C6E2E4,3282B2B0, 395 31013130,2ACAE2E8,2D4D616C,1F4F535C,24C4E0E4,30C0F0F0,0DCDC1CC,08888088, 396 16061214,3A0A3238,18485058,14C4D0D4,22426260,29092128,07070304,33033330, 397 28C8E0E8,1B0B1318,05050104,39497178,10809090,2A4A6268,2A0A2228,1A8A9298 399 - S-Box SS1 401 38380830,E828C8E0,2C2D0D21,A42686A2,CC0FCFC3,DC1ECED2,B03383B3,B83888B0, 402 AC2F8FA3,60204060,54154551,C407C7C3,44044440,6C2F4F63,682B4B63,581B4B53, 403 C003C3C3,60224262,30330333,B43585B1,28290921,A02080A0,E022C2E2,A42787A3, 404 D013C3D3,90118191,10110111,04060602,1C1C0C10,BC3C8CB0,34360632,480B4B43, 405 EC2FCFE3,88088880,6C2C4C60,A82888A0,14170713,C404C4C0,14160612,F434C4F0, 406 C002C2C2,44054541,E021C1E1,D416C6D2,3C3F0F33,3C3D0D31,8C0E8E82,98188890, 407 28280820,4C0E4E42,F436C6F2,3C3E0E32,A42585A1,F839C9F1,0C0D0D01,DC1FCFD3, 408 D818C8D0,282B0B23,64264662,783A4A72,24270723,2C2F0F23,F031C1F1,70324272, 409 40024242,D414C4D0,40014141,C000C0C0,70334373,64274763,AC2C8CA0,880B8B83, 410 F437C7F3,AC2D8DA1,80008080,1C1F0F13,C80ACAC2,2C2C0C20,A82A8AA2,34340430, 411 D012C2D2,080B0B03,EC2ECEE2,E829C9E1,5C1D4D51,94148490,18180810,F838C8F0, 412 54174753,AC2E8EA2,08080800,C405C5C1,10130313,CC0DCDC1,84068682,B83989B1, 413 FC3FCFF3,7C3D4D71,C001C1C1,30310131,F435C5F1,880A8A82,682A4A62,B03181B1, 414 D011C1D1,20200020,D417C7D3,00020202,20220222,04040400,68284860,70314171, 415 04070703,D81BCBD3,9C1D8D91,98198991,60214161,BC3E8EB2,E426C6E2,58194951, 416 DC1DCDD1,50114151,90108090,DC1CCCD0,981A8A92,A02383A3,A82B8BA3,D010C0D0, 417 80018181,0C0F0F03,44074743,181A0A12,E023C3E3,EC2CCCE0,8C0D8D81,BC3F8FB3, 418 94168692,783B4B73,5C1C4C50,A02282A2,A02181A1,60234363,20230323,4C0D4D41, 419 C808C8C0,9C1E8E92,9C1C8C90,383A0A32,0C0C0C00,2C2E0E22,B83A8AB2,6C2E4E62, 420 9C1F8F93,581A4A52,F032C2F2,90128292,F033C3F3,48094941,78384870,CC0CCCC0, 421 14150511,F83BCBF3,70304070,74354571,7C3F4F73,34350531,10100010,00030303, 422 64244460,6C2D4D61,C406C6C2,74344470,D415C5D1,B43484B0,E82ACAE2,08090901, 423 74364672,18190911,FC3ECEF2,40004040,10120212,E020C0E0,BC3D8DB1,04050501, 424 F83ACAF2,00010101,F030C0F0,282A0A22,5C1E4E52,A82989A1,54164652,40034343, 425 84058581,14140410,88098981,981B8B93,B03080B0,E425C5E1,48084840,78394971, 426 94178793,FC3CCCF0,1C1E0E12,80028282,20210121,8C0C8C80,181B0B13,5C1F4F53, 427 74374773,54144450,B03282B2,1C1D0D11,24250521,4C0F4F43,00000000,44064642, 428 EC2DCDE1,58184850,50124252,E82BCBE3,7C3E4E72,D81ACAD2,C809C9C1,FC3DCDF1, 429 30300030,94158591,64254561,3C3C0C30,B43686B2,E424C4E0,B83B8BB3,7C3C4C70, 430 0C0E0E02,50104050,38390931,24260622,30320232,84048480,68294961,90138393, 431 34370733,E427C7E3,24240420,A42484A0,C80BCBC3,50134353,080A0A02,84078783, 432 D819C9D1,4C0C4C40,80038383,8C0F8F83,CC0ECEC2,383B0B33,480A4A42,B43787B3 434 - S-Box SS2 436 A1A82989,81840585,D2D416C6,D3D013C3,50541444,111C1D0D,A0AC2C8C,21242505, 437 515C1D4D,43400343,10181808,121C1E0E,51501141,F0FC3CCC,C2C80ACA,63602343, 438 20282808,40440444,20202000,919C1D8D,E0E020C0,E2E022C2,C0C808C8,13141707, 439 A1A42585,838C0F8F,03000303,73783B4B,B3B83B8B,13101303,D2D012C2,E2EC2ECE, 440 70703040,808C0C8C,333C3F0F,A0A82888,32303202,D1DC1DCD,F2F436C6,70743444, 441 E0EC2CCC,91941585,03080B0B,53541747,505C1C4C,53581B4B,B1BC3D8D,01000101, 442 20242404,101C1C0C,73703343,90981888,10101000,C0CC0CCC,F2F032C2,D1D819C9, 443 202C2C0C,E3E427C7,72703242,83800383,93981B8B,D1D011C1,82840686,C1C809C9, 444 60602040,50501040,A3A02383,E3E82BCB,010C0D0D,B2B43686,929C1E8E,434C0F4F, 445 B3B43787,52581A4A,C2C406C6,70783848,A2A42686,12101202,A3AC2F8F,D1D415C5, 446 61602141,C3C003C3,B0B43484,41400141,52501242,717C3D4D,818C0D8D,00080808, 447 131C1F0F,91981989,00000000,11181909,00040404,53501343,F3F437C7,E1E021C1, 448 F1FC3DCD,72743646,232C2F0F,23242707,B0B03080,83880B8B,020C0E0E,A3A82B8B, 449 A2A02282,626C2E4E,93901383,414C0D4D,61682949,707C3C4C,01080909,02080A0A, 450 B3BC3F8F,E3EC2FCF,F3F033C3,C1C405C5,83840787,10141404,F2FC3ECE,60642444, 451 D2DC1ECE,222C2E0E,43480B4B,12181A0A,02040606,21202101,63682B4B,62642646, 452 02000202,F1F435C5,92901282,82880A8A,000C0C0C,B3B03383,727C3E4E,D0D010C0, 453 72783A4A,43440747,92941686,E1E425C5,22242606,80800080,A1AC2D8D,D3DC1FCF, 454 A1A02181,30303000,33343707,A2AC2E8E,32343606,11141505,22202202,30383808, 455 F0F434C4,A3A42787,41440545,404C0C4C,81800181,E1E829C9,80840484,93941787, 456 31343505,C3C80BCB,C2CC0ECE,303C3C0C,71703141,11101101,C3C407C7,81880989, 457 71743545,F3F83BCB,D2D81ACA,F0F838C8,90941484,51581949,82800282,C0C404C4, 458 F3FC3FCF,41480949,31383909,63642747,C0C000C0,C3CC0FCF,D3D417C7,B0B83888, 459 030C0F0F,828C0E8E,42400242,23202303,91901181,606C2C4C,D3D81BCB,A0A42484, 460 30343404,F1F031C1,40480848,C2C002C2,636C2F4F,313C3D0D,212C2D0D,40400040, 461 B2BC3E8E,323C3E0E,B0BC3C8C,C1C001C1,A2A82A8A,B2B83A8A,424C0E4E,51541545, 462 33383B0B,D0DC1CCC,60682848,737C3F4F,909C1C8C,D0D818C8,42480A4A,52541646, 463 73743747,A0A02080,E1EC2DCD,42440646,B1B43585,23282B0B,61642545,F2F83ACA, 464 E3E023C3,B1B83989,B1B03181,939C1F8F,525C1E4E,F1F839C9,E2E426C6,B2B03282, 465 31303101,E2E82ACA,616C2D4D,535C1F4F,E0E424C4,F0F030C0,C1CC0DCD,80880888, 466 12141606,32383A0A,50581848,D0D414C4,62602242,21282909,03040707,33303303, 467 E0E828C8,13181B0B,01040505,71783949,90901080,62682A4A,22282A0A,92981A8A 469 - S-Box SS3 471 08303838,C8E0E828,0D212C2D,86A2A426,CFC3CC0F,CED2DC1E,83B3B033,88B0B838, 472 8FA3AC2F,40606020,45515415,C7C3C407,44404404,4F636C2F,4B63682B,4B53581B, 473 C3C3C003,42626022,03333033,85B1B435,09212829,80A0A020,C2E2E022,87A3A427, 474 C3D3D013,81919011,01111011,06020406,0C101C1C,8CB0BC3C,06323436,4B43480B, 475 CFE3EC2F,88808808,4C606C2C,88A0A828,07131417,C4C0C404,06121416,C4F0F434, 476 C2C2C002,45414405,C1E1E021,C6D2D416,0F333C3F,0D313C3D,8E828C0E,88909818, 477 08202828,4E424C0E,C6F2F436,0E323C3E,85A1A425,C9F1F839,0D010C0D,CFD3DC1F, 478 C8D0D818,0B23282B,46626426,4A72783A,07232427,0F232C2F,C1F1F031,42727032, 479 42424002,C4D0D414,41414001,C0C0C000,43737033,47636427,8CA0AC2C,8B83880B, 480 C7F3F437,8DA1AC2D,80808000,0F131C1F,CAC2C80A,0C202C2C,8AA2A82A,04303434, 481 C2D2D012,0B03080B,CEE2EC2E,C9E1E829,4D515C1D,84909414,08101818,C8F0F838, 482 47535417,8EA2AC2E,08000808,C5C1C405,03131013,CDC1CC0D,86828406,89B1B839, 483 CFF3FC3F,4D717C3D,C1C1C001,01313031,C5F1F435,8A82880A,4A62682A,81B1B031, 484 C1D1D011,00202020,C7D3D417,02020002,02222022,04000404,48606828,41717031, 485 07030407,CBD3D81B,8D919C1D,89919819,41616021,8EB2BC3E,C6E2E426,49515819, 486 CDD1DC1D,41515011,80909010,CCD0DC1C,8A92981A,83A3A023,8BA3A82B,C0D0D010, 487 81818001,0F030C0F,47434407,0A12181A,C3E3E023,CCE0EC2C,8D818C0D,8FB3BC3F, 488 86929416,4B73783B,4C505C1C,82A2A022,81A1A021,43636023,03232023,4D414C0D, 489 C8C0C808,8E929C1E,8C909C1C,0A32383A,0C000C0C,0E222C2E,8AB2B83A,4E626C2E, 490 8F939C1F,4A52581A,C2F2F032,82929012,C3F3F033,49414809,48707838,CCC0CC0C, 491 05111415,CBF3F83B,40707030,45717435,4F737C3F,05313435,00101010,03030003, 492 44606424,4D616C2D,C6C2C406,44707434,C5D1D415,84B0B434,CAE2E82A,09010809, 493 46727436,09111819,CEF2FC3E,40404000,02121012,C0E0E020,8DB1BC3D,05010405, 494 CAF2F83A,01010001,C0F0F030,0A22282A,4E525C1E,89A1A829,46525416,43434003, 495 85818405,04101414,89818809,8B93981B,80B0B030,C5E1E425,48404808,49717839, 496 87939417,CCF0FC3C,0E121C1E,82828002,01212021,8C808C0C,0B13181B,4F535C1F, 497 47737437,44505414,82B2B032,0D111C1D,05212425,4F434C0F,00000000,46424406, 498 CDE1EC2D,48505818,42525012,CBE3E82B,4E727C3E,CAD2D81A,C9C1C809,CDF1FC3D, 499 00303030,85919415,45616425,0C303C3C,86B2B436,C4E0E424,8BB3B83B,4C707C3C, 500 0E020C0E,40505010,09313839,06222426,02323032,84808404,49616829,83939013, 501 07333437,C7E3E427,04202424,84A0A424,CBC3C80B,43535013,0A02080A,87838407, 502 C9D1D819,4C404C0C,83838003,8F838C0F,CEC2CC0E,0B33383B,4A42480A,87B3B437 503 Appendix B. Test Vectors 505 This appendix provides test vectors for the SEED cipher described in 506 this document. 507 All data are hexadecimal numbers(not prefixed by "0x"). 509 B.1. 511 Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 512 Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 513 Ciphertext : 5E BA C6 E0 05 4E 16 68 19 AF F1 CC 6D 34 6C DB 515 Intermediate Value 516 ------------------------------------------------------------------ 517 Ki0 Ki1 L0 L1 R0 R1 518 ================================================================= Round 1 : 7C8F8C7E C737A22C | 00010203 04050607 08090A0B 0C0D0E0F 519 Round 2 : FF276CDB A7CA684A | 08090A0B 0C0D0E0F 8081BC57 C4EA8A1F 520 Round 3 : 2F9D01A1 70049E41 | 8081BC57 C4EA8A1F 117A8B07 D7358C24 521 Round 4 : AE59B3C4 4245E90C | 117A8B07 D7358C24 D1738C94 7326CAB0 522 Round 5 : A1D6400F DBC1394E | D1738C94 7326CAB0 577ECE6D 1F8433EC 523 Round 6 : 85963508 0C5F1FCB | 577ECE6D 1F8433EC 910F62AB DDA096C1 524 Round 7 : B684BDA7 61A4AEAE | 910F62AB DDA096C1 EA4D39B4 B17B1938 525 Round 8 : D17E0741 FEE90AA1 | EA4D39B4 B17B1938 B04E251F 97D7442C 526 Round 9 : 76CC05D5 E97A7394 | B04E251F 97D7442C B86D31BF A5988C06 527 Round 10 : 50AC6F92 1B2666E5 | B86D31BF A5988C06 9008EABF 38DF7430 528 Round 11 : 65B7904A 8EC3A7B3 | 9008EABF 38DF7430 33E47DE0 54EFF76C 529 Round 12 : 2F7E2E22 A2B121B9 | 33E47DE0 54EFF76C 6BE9C434 BF3F378A 530 Round 13 : 4D0BFDE4 4E888D9B | 6BE9C434 BF3F378A B8DC3842 03A02D33 531 Round 14 : 631C8DDC 4378A6C4 | B8DC3842 03A02D33 6679FCF7 9791DFCB 532 Round 15 : 216AF65F 7878C031 | 6679FCF7 9791DFCB 1A415792 A02B8C54 533 Round 16 : 71891150 98B255B0 | 1A415792 A02B8C54 19AFF1CC 6D346CDB 535 B.2. 537 Key : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 538 Plaintext : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 539 Ciphertext : C1 1F 22 F2 01 40 50 50 84 48 35 97 E4 37 0F 43 541 Intermediate Value 542 ------------------------------------------------------------------ 543 Ki0 Ki1 L0 L1 R0 R1 544 ================================================================= Round 1 : C119F584 5AE033A0 | 00000000 00000000 00000000 00000000 545 Round 2 : 62947390 A600AD14 | 00000000 00000000 9D8DB62C 911F0C19 546 Round 3 : F6F6544E 596C4B49 | 9D8DB62C 911F0C19 21229A97 4AB4B7B8 547 Round 4 : C1A3DE02 CE483C49 | 21229A97 4AB4B7B8 5A27B404 899D7315 548 Round 5 : 5E742E6D 7E25163D | 5A27B404 899D7315 B8489E76 BA0EF3EA 549 Round 6 : 8299D2B4 790A46CE | B8489E76 BA0EF3EA 04A3DF29 31A27FB4 550 Round 7 : EA67D836 55F354F2 | 04A3DF29 31A27FB4 EC9C17BF 81AA2AA0 551 Round 8 : C47329FB F50DB634 | EC9C17BF 81AA2AA0 4FA74E8D CDB21BB8 552 Round 9 : 2BD30235 51679CE6 | 4FA74E8D CDB21BB8 D93492FE 4F71A4DA 553 Round 10 : FA8D6B76 A9F37E02 | D93492FE 4F71A4DA B14053D9 A911379B 554 Round 11 : 8B99CC60 0F6092D4 | B14053D9 A911379B 5A7024D6 3905668B 555 Round 12 : BDAEFCFA 489C2242 | 5A7024D6 3905668B 605C8C3A 73DFBB75 556 Round 13 : F6357C14 CFCCB126 | 605C8C3A 73DFBB75 40282F39 31CB8987 557 Round 14 : A0AA6D85 F8C10774 | 40282F39 31CB8987 E9F834A8 3B9586D4 558 Round 15 : 47F4FEC5 353AE1BA | E9F834A8 3B9586D4 4B60324B 761C9958 559 Round 16 : FECCEA48 A4EF9F9B | 4B60324B 761C9958 84483597 E4370F43 561 B.3. 563 Key : 47 06 48 08 51 E6 1B E8 5D 74 BF B3 FD 95 61 85 564 Plaintext : 83 A2 F8 A2 88 64 1F B9 A4 E9 A5 CC 2F 13 1C 7D 565 Ciphertext : EE 54 D1 3E BC AE 70 6D 22 6B C3 14 2C D4 0D 4A 567 Intermediate Value 568 ------------------------------------------------------------------ 569 Ki0 Ki1 L0 L1 R0 R1 570 ================================================================= Round 1 : 56BE4A0F E9F62877 | 83A2F8A2 88641FB9 A4E9A5CC 2F131C7D 571 Round 2 : 68BCB66C 078911DD | A4E9A5CC 2F131C7D 7CE5F012 47F8C1E6 572 Round 3 : 5B82740B FD24D09B | 7CE5F012 47F8C1E6 AAC99520 609F4CB7 573 Round 4 : 8D608015 A120E0BE | AAC99520 609F4CB7 3E126D1F 44FA99F0 574 Round 5 : 810A75AE 1BF223E5 | 3E126D1F 44FA99F0 11716365 9BA775AC 575 Round 6 : F9C0D2D0 0F676C02 | 11716365 9BA775AC 32C9838F BA5757CB 576 Round 7 : 8F9B5C84 8A7C8DDD | 32C9838F BA5757CB 77E00C64 CF9F6B32 577 Round 8 : D4AB4896 18E93447 | 77E00C64 CF9F6B32 3F09B1F7 DE7D6D58 578 Round 9 : CF090F51 5A4C8202 | 3F09B1F7 DE7D6D58 300E5CAA D0BF2345 579 Round 10 : 4EC3196F 61B1A0DC | 300E5CAA D0BF2345 9574FDD7 4DF050D1 580 Round 11 : 244E07C1 D0D10B12 | 9574FDD7 4DF050D1 A15EDA6F 624265FD 581 Round 12 : 69917C6C 7FF94FB3 | A15EDA6F 624265FD 9F39B682 D841C76F 582 Round 13 : 9A7EB482 723B5738 | 9F39B682 D841C76F EEBBAD8B C1F488EF 583 Round 14 : B97522C5 39CC6349 | EEBBAD8B C1F488EF 45CF5D4E BEEA4AA2 584 Round 15 : FFC2AFD5 1412E731 | 45CF5D4E BEEA4AA2 43B7FE1B BCF87781 585 Round 16 : A9AF7241 A3E67359 | 43B7FE1B BCF87781 226BC314 2CD40D4A 587 B.4. 589 Key : 28 DB C3 BC 49 FF D8 7D CF A5 09 B1 1D 42 2B E7 590 Plaintext : B4 1E 6B E2 EB A8 4A 14 8E 2E ED 84 59 3C 5E C7 591 Ciphertext : 9B 9B 7B FC D1 81 3C B9 5D 0B 36 18 F4 0F 51 22 592 Intermediate Value 593 ------------------------------------------------------------------ 594 Ki0 Ki1 L0 L1 R0 R1 595 ================================================================= Round 1 : B2B11B63 2EE9E2D1 | B41E6BE2 EBA84A14 8E2EED84 593C5EC7 596 Round 2 : 11967260 71A62F24 | 8E2EED84 593C5EC7 1B31F2F7 3DDE00BA 597 Round 3 : 2E017A5A 35DAD7A7 | 1B31F2F7 3DDE00BA 35CC49C0 2AFB59EA 598 Round 4 : 1B2AB5FF A3ADA69F | 35CC49C0 2AFB59EA D7AB53AA AE82F1C7 599 Round 5 : 519C9903 DA90AAEE | D7AB53AA AE82F1C7 24139958 B840E56F 600 Round 6 : 29FD95AD B94C3F13 | 24139958 B840E56F 24AB5291 544C9DBA 601 Round 7 : 6F629D19 8ACE692F | 24AB5291 544C9DBA E8152994 75D0B424 602 Round 8 : 30A26E73 2F22338E | E8152994 75D0B424 A2CD1153 F32BB23A 603 Round 9 : 9721073A 98EE8DAE | A2CD1153 F32BB23A C386008B E3257731 604 Round 10 : C597A8A9 27DCDC97 | C386008B E3257731 98396BFD 814F8972 605 Round 11 : F5163A00 5FFD0003 | 98396BFD 814F8972 E74D2D0D 11D889D1 606 Round 12 : 5CBE65DA A73403E4 | E74D2D0D 11D889D1 29D8C7B3 D1B71C0C 607 Round 13 : 7D5CF070 1D3B8092 | 29D8C7B3 D1B71C0C C4E692C2 D2F57F18 608 Round 14 : 388C702B 1BAA4945 | C4E692C2 D2F57F18 2FAFB300 5F0C4BFF 609 Round 15 : 87D1AB5A FA13FB5C | 2FAFB300 5F0C4BFF 60E5F17C 5626BB68 610 Round 16 : C97D7EED 90724A6E | 60E5F17C 5626BB68 5D0B3618 F40F5122 612 Intellectual Property Statement 614 The IETF takes no position regarding the validity or scope of any 615 Intellectual Property Rights or other rights that might be claimed to 616 pertain to the implementation or use of the technology described in 617 this document or the extent to which any license under such rights 618 might or might not be available; nor does it represent that it has 619 made any independent effort to identify any such rights. Information 620 on the procedures with respect to rights in RFC documents can be 621 found in BCP 78 and BCP 79. 623 Copies of IPR disclosures made to the IETF Secretariat and any 624 assurances of licenses to be made available, or the result of an 625 attempt made to obtain a general license or permission for the use of 626 such proprietary rights by implementers or users of this 627 specification can be obtained from the IETF on-line IPR repository at 628 http://www.ietf.org/ipr. 630 The IETF invites any interested party to bring to its attention any 631 copyrights, patents or patent applications, or other proprietary 632 rights that may cover technology that may be required to implement 633 this standard. Please address the information to the IETF at 634 ietf-ipr@ietf.org. 636 Disclaimer of Validity 638 This document and the information contained herein are provided on an 639 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 640 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 641 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 642 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 643 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 644 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 646 Copyright Statement 648 Copyright (C) The Internet Society (2005). This document is subject 649 to the rights, licenses and restrictions contained in BCP 78, and 650 except as set forth therein, the authors retain all their rights. 652 Acknowledgment 654 Funding for the RFC Editor function is currently provided by the 655 Internet Society.