SEED explained

SEED
Designers:KISA
Publish Date:1998
Key Size:128 bits
Block Size:128 bits
Structure:Nested Feistel network
Rounds:16
Cryptanalysis:2122 against 8-rounds [1]

SEED is a block cipher developed by the Korea Information Security Agency (KISA). It is used broadly throughout South Korean industry, but seldom found elsewhere. It gained popularity in Korea because 40-bit encryption was not considered strong enough, so the Korea Information Security Agency developed its own standard. However, this decision has historically limited the competition of web browsers in Korea, as no major SSL libraries or web browsers supported the SEED algorithm, requiring users to use an ActiveX control in Internet Explorer for secure web sites.[2]

On April 1, 2015 the Ministry of Science, ICT and Future Planning (MSIP) announced its plan to remove the ActiveX dependency from at least 90 percent of the country's top 100 websites by 2017. Instead, HTML5-based technologies will be employed as they operate on many platforms, including mobile devices. Starting with the private sector, the ministry plans to expand this further to ultimately remove this dependency from public websites as well.[3]

Design

SEED is a 16-round Feistel network with 128-bit blocks and a 128-bit key. It uses two 8 × 8 S-boxes which, like those of SAFER, are derived from discrete exponentiation (in this case, x247 and x251  - plus some "incompatible operations"). It also has some resemblance to MISTY1 in the recursiveness of its structure: the 128-bit full cipher is a Feistel network with an F-function operating on 64-bit halves, while the F-function itself is a Feistel network composed of a G-function operating on 32-bit halves. However the recursion does not extend further because the G-function is not a Feistel network. In the G-function, the 32-bit word is considered as four 8-bit bytes, each of which is passed through one or the other of the S-boxes, then combined in a moderately complex set of boolean functions such that each output bit depends on 3 of the 4 input bytes.

SEED has a fairly complex key schedule, generating its thirty-two 32-bit subkeys through application of its G-function on a series of rotations of the raw key, combined with round constants derived (as in TEA) from the Golden ratio.

Use and adoption

SEED has been adopted by several standard protocols: S/MIME (RFC 4010), TLS/SSL (RFC 4162), IPSec (RFC 4196), and ISO/IEC 18033-3:2010.

NSS software security library in Mozilla's Gecko platform has implemented support for SEED,[4] and Mozilla Firefox as of 3.5.4 supports SEED as a TLS cipher;[5] however, Mozilla decided to drop the support of SEED by default in Firefox 27 and above because support for SEED has not had any practical positive effect in terms of helping South Korea migrate away from ActiveX-based e-commerce, and other browsers are not offering any SEED-based cipher suites.[6] [7] NSS still supports SEED-based cipher suites.

The Linux kernel has supported SEED since 2007.[8]

Bloombase supports SEED in their full suite of data cryptography solutions.[9]

External links

Notes and References

  1. Sung. Jaechul. Differential cryptanalysis of eight-round SEED. Information Processing Letters. 10.1016/j.ipl.2011.02.004. 111. 10. 474–478. 2011.
  2. Web site: Gen Kanai . 2007-01-26 . The Cost of Monoculture . 2007-01-29 . dead . https://web.archive.org/web/20070202022759/http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095 . 2007-02-02 .
  3. Web site: Kang Yoon-seung . 2015-04-01 . ICT ministry seeks to drop ActiveX in private sector. 2015-08-01 .
  4. Web site: Bug 453234 - Support for SEED Cipher Suites to TLS RFC4010 . Mozilla. 2013-12-01.
  5. Web site: Bug 478839 - Firefox should support South Korean SEED crypto cipher suites. 2009-08-09.
  6. Web site: Bug 934663 - Change set of cipher suites enabled by default in Gecko to match cipher suite proposal . 2013-11-30.
  7. Web site: Proposal to Change the Default TLS Ciphersuites Offered by Browsers. Brian Smith. 2013-08-08. 2013-11-30. 2013-12-03. https://web.archive.org/web/20131203012731/https://briansmith.org/browser-ciphersuites-01.html. dead.
  8. Web site: [CRYPTO] seed: New cipher algorithm ]. Linux kernel . . Chang . Hye-Shik . 2007-08-21 . 2020-03-11.
  9. Web site: What symmetric block cipher algorithms are supported by Bloombase Crypto Module?.