Network Working Group J. Park Request for Comments: 4009 S. Lee Category: Informational J. Kim J. Lee KISA February 2005 L'Algoritmo di Crittografia SEED Traduzione a cura di ComiSAT Brescia, Giu. 2005 (comisat@yahoo.it) Distribuita da .::http://www.rfc.altervista.org::. Stato di Questo Documento Questo documento fornisce informazioni per la comunita' Internet. Non specifica uno standard Internet di alcun genere. La distribuzione di questo documento non e' soggetta a limitazioni. Nota di Copyright Copyright (C) The Internet Society (2005). Sunto Questo documento descrive l'algoritmo di crittografia SEED, il quale e' stato adottato dalla maggior parte dei sistemi di sicurezza nella Repubblica di Corea. Sono incluse una descrizione dell'algoritmo di cifratura e di programmazione della chiave (Sezione 2), i box-S (Appendice A) e un insieme di vettori di prova (Appendice B). 1. Introduzione 1.1. Panoramica di SEED SEED e' un cifrario a blocco con chiave simmetrica a 128-bit sviluppato dalla KISA (Agenzia di Corea per la Sicurezza di Informazione) e da un gruppo di esperti a partire dal 1998. Il SEED e' un algoritmo di cifratura adottato come standard nazionale nella Corea del Sud [TTASSEED] ed e' progettato per utilizzare box-S e permutazioni in equilibrio con l'attuale tecnologia di computazione. Esso e' dotato di una struttura Feistel a 16-passi ed e' robusto contro crittoanalisi differenziale (DC), crittoanalisi lineare (LC) e relativi attacchi alla chiave, con un compromesso equilibrato tra sicurezza ed efficienza. Park, et al. Informational [Page 1] RFC 4009 The SEED Encryption Algorithm February 2005 Le caratteristiche di SEED sono delineate qui di seguito: - Struttura Feistel a 16-passi - Dimensione del blocco dati di input/output a 128-bit - Lunghezza della chiave a 128-bit - Una funzione di passo robusta contro attacchi noti - Due box-S 8x8 - Operazioni miste di XOR e somma modulare Il SEED e' stato ampiamente utilizzato nella Corea del Sud per servizi confidenziali come il commercio elettronico; ad es., servizi finanziari forniti in comunicazione con o senza fili. 1.2. Notazione La notazione che segue viene usata nella descrizione dell'algoritmo di cifratura SEED: & bitwiseAND ^ bitwise esclusivo OR + somma in modulo 2**32 - sottrazione in modulo 2**32 || concatenazione << n rotazione circolare sinistra di n bits >> n rotazione circolare destra di n bits 0x rappresentazione esadecimale 2. La Struttura di SEED La dimensione del blocco di input/output di SEED e' di 128-bit, cosi' la lunghezza della chiave. SEED e' dotato di una struttura Feistel di 16-passi. Un input di 128-bit viene scisso in due blocchi a 64-bit (L, R) e il blocco a 64-bit destro diventa l'input per la funzione di passo F con una sottochiave a 64-bit Ki generata dalla programmazione della chiave. Uno pseudo codice della struttura di SEED e' il seguente: for (i = 1; i <= 16; i++) { L = R; R = L ^ F(Ki, R); } Park, et al. Informational [Page 2] RFC 4009 The SEED Encryption Algorithm February 2005 2.1. La Funzione di Passo F SEED utilizza due box-S 8x8, permutazioni, rotazioni e operazioni modulari di base come l'OR esclusivo (XOR) e somme per fornire grande sicurezza, alta velocita' e semplicita' di implementazione. Un blocco di input a 64-bit della funzione F viene diviso in due blocchi a 32-bit (R0, R1) e cifrati in 4 fasi: - Una fase di fusione di due blocchi di sottochiave a 32-bit (Ki0, Ki1) - 3 livelli di funzione G (Vedasi Sezione 2.2), con somme per mixare due blocchi a 32-bit Gli output (R0', R1') della funzione F sono i seguente: R0' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) ^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] R1' = G[ G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) ^ (R1 ^ Ki1)]] + G[ G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] 2.2. La Funzione G La funzione G ha due livelli: un livello di due box-S 8x8 e un livello di permutazione di blocco di sedici sotto-blocchi a 8-bit. Gli output Z (= Z0 || Z1 || Z2 || Z3) della funzione G con quattro input a 8-bit X (= X0 || X1 || X2 || X3) sono i seguenti: Z0 = {S1(X0) & m0} ^ {S2(X1) & m1} ^ {S1(X2) & m2} ^ {S2(X3) & m3} Z1 = {S1(X0) & m1} ^ {S2(X1) & m2} ^ {S1(X2) & m3} ^ {S2(X3) & m0} Z2 = {S1(X0) & m2} ^ {S2(X1) & m3} ^ {S1(X2) & m0} ^ {S2(X3) & m1} Z3 = {S1(X0) & m3} ^ {S2(X1) & m0} ^ {S1(X2) & m1} ^ {S2(X3) & m2} dove m0 = 0xfc, m1 = 0xf3, m2 = 0xcf, e m3 = 0x3f. Per incrementare l'efficienza della funzione G, vengono di seguito definiti quattro box-S estesi 'box-SS' (Vedasi Appendice A.2): SS0(X)= {S1(X) & m3} || {S1(X) & m2} || {S1(X) & m1} || {S1(X) & m0} SS1(X)= {S2(X) & m0} || {S2(X) & m3} || {S2(X) & m2} || {S2(X) & m1} SS2(X)= {S1(X) & m1} || {S1(X) & m0} || {S1(X) & m3} || {S1(X) & m2} SS3(X)= {S2(X) & m2} || {S2(X) & m1} || {S2(X) & m0} || {S2(X) & m3} Park, et al. Informational [Page 3] RFC 4009 The SEED Encryption Algorithm February 2005 La nuova funzione G, Z, puo' essere definita come segue: Z = SS0(X0) ^ SS1(X1) ^ SS2(X2) ^ SS3(X3) Questa nuova funzione G e' piu' veloce della funzione G originale ma richiede piu' memoria per archiviare quattro box-SS. 2.3. Programmazione della Chiave La programmazione della chiave genera ciascuna sottochiave di passo. Essa utilizza la funzione G, somma in modulo 2**32, sottrazione in modulo 2**32, e rotazione circolare (sinistra/destra). Una chiave di input a 128-bit viene scissa in quattro blocchi da 32-bit (Key0, Key1, Key2, Key3). Le due sottochiavi a 32-bit del passo i(ennesimo), Ki0 e Ki1, sono generate nel modo seguente: - Tipo 1 : Passo dispari Ki0 = G(Key0 + Key2 - KCi) Ki1 = G(Key1 - Key3 + KCi) Key0 || Key1 = (Key0 || Key1) >> 8 - Tipo 2 : Passo pari Ki0 = G(Key0 + Key2 - KCi) Ki1 = G(Key1 - Key3 + KCi) Key2 || Key3 = (Key2 || Key3) << 8 La seguente tabella mostra le costanti utilizzate in KCi: i | Valore i | Valore ============================================ KC1 | 0x9e3779b9 KC2 | 0x3c6ef373 KC3 | 0x78dde6e6 KC4 | 0xf1bbcdcc KC5 | 0xe3779b99 KC6 | 0xc6ef3733 KC7 | 0x8dde6e67 KC8 | 0x1bbcdccf KC9 | 0x3779b99e KC10 | 0x6ef3733c KC11 | 0xdde6e678 KC12 | 0xbbcdccf1 KC13 | 0x779b99e3 KC14 | 0xef3733c6 KC15 | 0xde6e678d KC16 | 0xbcdccf1b Park, et al. Informational [Page 4] RFC 4009 The SEED Encryption Algorithm February 2005 Uno pseudo codice per la programmazione della chiave e' il seguente: for (i = 1; i <= 16; i++) { Ki0 = G(Key0 + Key2 - KCi); Ki1 = G(Key1 - Key3 + KCi); if (i % 2 == 1) Key0 || Key1 = (Key0 || Key1) >> 8; else Key2 || Key3 = (Key2 || Key3) << 8; } 2.4. Procedura di Decrittazione La procedura di decrittazione e' il passo inverso della procedura di cifratura. Puo' essere implementata utilizzato l'algoritmo di cifratura con inverso ordine delle sottochiavi di passo. 2.5. Identificatori d'Oggetto di SEED (OID) Per coloro che potrebbero utilizzare il SEED in algoritmi di negoziazione all'interno di un protocollo, o in qualsiasi altro contesto che possa richiedere l'uso di OID, vengono definiti i seguenti tre OID: algorithm OBJECT IDENTIFIER ::= { iso(1) member-body(2) korea(410) kisa(200004) algorithm(1) } id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) } seedCBCParameter ::= OCTET STRING -- Vettore di Inizializzazione a 128-bit L'OID id-seedCBC viene usato quando viene fornito il modo d'operazione CBC basato sul blocco SEED. id-seedMAC OBJECT IDENTIFIER ::= { algorithm seedMAC(7) } seedMACParameter ::= INTEGER -- Lunghezza MAC in bits L'OID id-seedMAC viene usato quando viene fornito l'algoritmo di codice d'autenticazione del messaggio (MAC) basato sul blocco SEED. pbeWithSHA1AndSEED-CBC OBJECT IDENTIFIER ::= { algorithm seedCBCwithSHA1(15) } PBEParameters ::= SEQUENCE { salt OCTET STRING, iteration INTEGER } -- Numero complessivo di iterazioni hash Park, et al. Informational [Page 5] RFC 4009 The SEED Encryption Algorithm February 2005 Questo OID viene usato quando viene fornita un crittografia basata su password in modo CBC basata su SHA-1 e sul blocco SEED. I dettagli del calcolo PBE sono ben descritti nella Sezione 6.1 della [RFC2898]. 3. Considerazioni sulla Sicurezza Non sono stati rilevati problemi di sicurezza relativi a SEED. Si veda [ISOSEED] e [CRYPTREC]. 4. Riferimenti 4.1. Riferimenti Normativi [TTASSEED] Telecommunications Technology Association (TTA), "128-bit Symmetric Block Cipher (SEED)", TTAS.KO-12.0004, September, 1998 (In Korean) http://www.tta.or.kr/English/new/main/index.htm [RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography Specification Version 2.0", RFC 2898, September 2000. 4.2. Riferimenti Informativi [ISOSEED] ISO/IEC, ISO/IEC JTC1/SC 27 N 256r1, "National Body contributions on NP 18033 Encryption algorithms in response to document SC 27 N 2563", October, 2000 [CRYPTREC] Information-technology Promotion Agency (IPA), Japan, CRYPTREC. "SEED Evaluation Report", February, 2002 http://www.kisa.or.kr/seed/seed_eng.html Park, et al. Informational [Page 6] RFC 4009 The SEED Encryption Algorithm February 2005 Appendice A. Box-S A.1. Box-S (i due originali) - Box-S S0 A9, 85, D6, D3, 54, 1D, AC, 25, 5D, 43, 18, 1E, 51, FC, CA, 63, 28, 44, 20, 9D, E0, E2, C8, 17, A5, 8F, 03, 7B, BB, 13, D2, EE, 70, 8C, 3F, A8, 32, DD, F6, 74, EC, 95, 0B, 57, 5C, 5B, BD, 01, 24, 1C, 73, 98, 10, CC, F2, D9, 2C, E7, 72, 83, 9B, D1, 86, C9, 60, 50, A3, EB, 0D, B6, 9E, 4F, B7, 5A, C6, 78, A6, 12, AF, D5, 61, C3, B4, 41, 52, 7D, 8D, 08, 1F, 99, 00, 19, 04, 53, F7, E1, FD, 76, 2F, 27, B0, 8B, 0E, AB, A2, 6E, 93, 4D, 69, 7C, 09, 0A, BF, EF, F3, C5, 87, 14, FE, 64, DE, 2E, 4B, 1A, 06, 21, 6B, 66, 02, F5, 92, 8A, 0C, B3, 7E, D0, 7A, 47, 96, E5, 26, 80, AD, DF, A1, 30, 37, AE, 36, 15, 22, 38, F4, A7, 45, 4C, 81, E9, 84, 97, 35, CB, CE, 3C, 71, 11, C7, 89, 75, FB, DA, F8, 94, 59, 82, C4, FF, 49, 39, 67, C0, CF, D7, B8, 0F, 8E, 42, 23, 91, 6C, DB, A4, 34, F1, 48, C2, 6F, 3D, 2D, 40, BE, 3E, BC, C1, AA, BA, 4E, 55, 3B, DC, 68, 7F, 9C, D8, 4A, 56, 77, A0, ED, 46, B5, 2B, 65, FA, E3, B9, B1, 9F, 5E, F9, E6, B2, 31, EA, 6D, 5F, E4, F0, CD, 88, 16, 3A, 58, D4, 62, 29, 07, 33, E8, 1B, 05, 79, 90, 6A, 2A, 9A - Box-S S1 38, E8, 2D, A6, CF, DE, B3, B8, AF, 60, 55, C7, 44, 6F, 6B, 5B, C3, 62, 33, B5, 29, A0, E2, A7, D3, 91, 11, 06, 1C, BC, 36, 4B, EF, 88, 6C, A8, 17, C4, 16, F4, C2, 45, E1, D6, 3F, 3D, 8E, 98, 28, 4E, F6, 3E, A5, F9, 0D, DF, D8, 2B, 66, 7A, 27, 2F, F1, 72, 42, D4, 41, C0, 73, 67, AC, 8B, F7, AD, 80, 1F, CA, 2C, AA, 34, D2, 0B, EE, E9, 5D, 94, 18, F8, 57, AE, 08, C5, 13, CD, 86, B9, FF, 7D, C1, 31, F5, 8A, 6A, B1, D1, 20, D7, 02, 22, 04, 68, 71, 07, DB, 9D, 99, 61, BE, E6, 59, DD, 51, 90, DC, 9A, A3, AB, D0, 81, 0F, 47, 1A, E3, EC, 8D, BF, 96, 7B, 5C, A2, A1, 63, 23, 4D, C8, 9E, 9C, 3A, 0C, 2E, BA, 6E, 9F, 5A, F2, 92, F3, 49, 78, CC, 15, FB, 70, 75, 7F, 35, 10, 03, 64, 6D, C6, 74, D5, B4, EA, 09, 76, 19, FE, 40, 12, E0, BD, 05, FA, 01, F0, 2A, 5E, A9, 56, 43, 85, 14, 89, 9B, B0, E5, 48, 79, 97, FC, 1E, 82, 21, 8C, 1B, 5F, 77, 54, B2, 1D, 25, 4F, 00, 46, ED, 58, 52, EB, 7E, DA, C9, FD, 30, 95, 65, 3C, B6, E4, BB, 7C, 0E, 50, 39, 26, 32, 84, 69, 93, 37, E7, 24, A4, CB, 53, 0A, 87, D9, 4C, 83, 8F, CE, 3B, 4A, B7 Park, et al. Informational [Page 7] RFC 4009 The SEED Encryption Algorithm February 2005 A.2. Box-S (i quattro estesi) - Box-S SS0 2989a1a8,05858184,16c6d2d4,13c3d3d0,14445054,1d0d111c,2c8ca0ac,25052124, 1d4d515c,03434340,18081018,1e0e121c,11415150,3cccf0fc,0acac2c8,23436360, 28082028,04444044,20002020,1d8d919c,20c0e0e0,22c2e2e0,08c8c0c8,17071314, 2585a1a4,0f8f838c,03030300,3b4b7378,3b8bb3b8,13031310,12c2d2d0,2ecee2ec, 30407070,0c8c808c,3f0f333c,2888a0a8,32023230,1dcdd1dc,36c6f2f4,34447074, 2ccce0ec,15859194,0b0b0308,17475354,1c4c505c,1b4b5358,3d8db1bc,01010100, 24042024,1c0c101c,33437370,18889098,10001010,0cccc0cc,32c2f2f0,19c9d1d8, 2c0c202c,27c7e3e4,32427270,03838380,1b8b9398,11c1d1d0,06868284,09c9c1c8, 20406060,10405050,2383a3a0,2bcbe3e8,0d0d010c,3686b2b4,1e8e929c,0f4f434c, 3787b3b4,1a4a5258,06c6c2c4,38487078,2686a2a4,12021210,2f8fa3ac,15c5d1d4, 21416160,03c3c3c0,3484b0b4,01414140,12425250,3d4d717c,0d8d818c,08080008, 1f0f131c,19899198,00000000,19091118,04040004,13435350,37c7f3f4,21c1e1e0, 3dcdf1fc,36467274,2f0f232c,27072324,3080b0b0,0b8b8388,0e0e020c,2b8ba3a8, 2282a2a0,2e4e626c,13839390,0d4d414c,29496168,3c4c707c,09090108,0a0a0208, 3f8fb3bc,2fcfe3ec,33c3f3f0,05c5c1c4,07878384,14041014,3ecef2fc,24446064, 1eced2dc,2e0e222c,0b4b4348,1a0a1218,06060204,21012120,2b4b6368,26466264, 02020200,35c5f1f4,12829290,0a8a8288,0c0c000c,3383b3b0,3e4e727c,10c0d0d0, 3a4a7278,07474344,16869294,25c5e1e4,26062224,00808080,2d8da1ac,1fcfd3dc, 2181a1a0,30003030,37073334,2e8ea2ac,36063234,15051114,22022220,38083038, 34c4f0f4,2787a3a4,05454144,0c4c404c,01818180,29c9e1e8,04848084,17879394, 35053134,0bcbc3c8,0ecec2cc,3c0c303c,31417170,11011110,07c7c3c4,09898188, 35457174,3bcbf3f8,1acad2d8,38c8f0f8,14849094,19495158,02828280,04c4c0c4, 3fcff3fc,09494148,39093138,27476364,00c0c0c0,0fcfc3cc,17c7d3d4,3888b0b8, 0f0f030c,0e8e828c,02424240,23032320,11819190,2c4c606c,1bcbd3d8,2484a0a4, 34043034,31c1f1f0,08484048,02c2c2c0,2f4f636c,3d0d313c,2d0d212c,00404040, 3e8eb2bc,3e0e323c,3c8cb0bc,01c1c1c0,2a8aa2a8,3a8ab2b8,0e4e424c,15455154, 3b0b3338,1cccd0dc,28486068,3f4f737c,1c8c909c,18c8d0d8,0a4a4248,16465254, 37477374,2080a0a0,2dcde1ec,06464244,3585b1b4,2b0b2328,25456164,3acaf2f8, 23c3e3e0,3989b1b8,3181b1b0,1f8f939c,1e4e525c,39c9f1f8,26c6e2e4,3282b2b0, 31013130,2acae2e8,2d4d616c,1f4f535c,24c4e0e4,30c0f0f0,0dcdc1cc,08888088, 16061214,3a0a3238,18485058,14c4d0d4,22426260,29092128,07070304,33033330, 28c8e0e8,1b0b1318,05050104,39497178,10809090,2a4a6268,2a0a2228,1a8a9298 Park, et al. Informational [Page 8] RFC 4009 The SEED Encryption Algorithm February 2005 - Box-S SS1 38380830,e828c8e0,2c2d0d21,a42686a2,cc0fcfc3,dc1eced2,b03383b3,b83888b0, ac2f8fa3,60204060,54154551,c407c7c3,44044440,6c2f4f63,682b4b63,581b4b53, c003c3c3,60224262,30330333,b43585b1,28290921,a02080a0,e022c2e2,a42787a3, d013c3d3,90118191,10110111,04060602,1c1c0c10,bc3c8cb0,34360632,480b4b43, ec2fcfe3,88088880,6c2c4c60,a82888a0,14170713,c404c4c0,14160612,f434c4f0, c002c2c2,44054541,e021c1e1,d416c6d2,3c3f0f33,3c3d0d31,8c0e8e82,98188890, 28280820,4c0e4e42,f436c6f2,3c3e0e32,a42585a1,f839c9f1,0c0d0d01,dc1fcfd3, d818c8d0,282b0b23,64264662,783a4a72,24270723,2c2f0f23,f031c1f1,70324272, 40024242,d414c4d0,40014141,c000c0c0,70334373,64274763,ac2c8ca0,880b8b83, f437c7f3,ac2d8da1,80008080,1c1f0f13,c80acac2,2c2c0c20,a82a8aa2,34340430, d012c2d2,080b0b03,ec2ecee2,e829c9e1,5c1d4d51,94148490,18180810,f838c8f0, 54174753,ac2e8ea2,08080800,c405c5c1,10130313,cc0dcdc1,84068682,b83989b1, fc3fcff3,7c3d4d71,c001c1c1,30310131,f435c5f1,880a8a82,682a4a62,b03181b1, d011c1d1,20200020,d417c7d3,00020202,20220222,04040400,68284860,70314171, 04070703,d81bcbd3,9c1d8d91,98198991,60214161,bc3e8eb2,e426c6e2,58194951, dc1dcdd1,50114151,90108090,dc1cccd0,981a8a92,a02383a3,a82b8ba3,d010c0d0, 80018181,0c0f0f03,44074743,181a0a12,e023c3e3,ec2ccce0,8c0d8d81,bc3f8fb3, 94168692,783b4b73,5c1c4c50,a02282a2,a02181a1,60234363,20230323,4c0d4d41, c808c8c0,9c1e8e92,9c1c8c90,383a0a32,0c0c0c00,2c2e0e22,b83a8ab2,6c2e4e62, 9c1f8f93,581a4a52,f032c2f2,90128292,f033c3f3,48094941,78384870,cc0cccc0, 14150511,f83bcbf3,70304070,74354571,7c3f4f73,34350531,10100010,00030303, 64244460,6c2d4d61,c406c6c2,74344470,d415c5d1,b43484b0,e82acae2,08090901, 74364672,18190911,fc3ecef2,40004040,10120212,e020c0e0,bc3d8db1,04050501, f83acaf2,00010101,f030c0f0,282a0a22,5c1e4e52,a82989a1,54164652,40034343, 84058581,14140410,88098981,981b8b93,b03080b0,e425c5e1,48084840,78394971, 94178793,fc3cccf0,1c1e0e12,80028282,20210121,8c0c8c80,181b0b13,5c1f4f53, 74374773,54144450,b03282b2,1c1d0d11,24250521,4c0f4f43,00000000,44064642, ec2dcde1,58184850,50124252,e82bcbe3,7c3e4e72,d81acad2,c809c9c1,fc3dcdf1, 30300030,94158591,64254561,3c3c0c30,b43686b2,e424c4e0,b83b8bb3,7c3c4c70, 0c0e0e02,50104050,38390931,24260622,30320232,84048480,68294961,90138393, 34370733,e427c7e3,24240420,a42484a0,c80bcbc3,50134353,080a0a02,84078783, d819c9d1,4c0c4c40,80038383,8c0f8f83,cc0ecec2,383b0b33,480a4a42,b43787b3 Park, et al. Informational [Page 9] RFC 4009 The SEED Encryption Algorithm February 2005 - Box-S SS2 a1a82989,81840585,d2d416c6,d3d013c3,50541444,111c1d0d,a0ac2c8c,21242505, 515c1d4d,43400343,10181808,121c1e0e,51501141,f0fc3ccc,c2c80aca,63602343, 20282808,40440444,20202000,919c1d8d,e0e020c0,e2e022c2,c0c808c8,13141707, a1a42585,838c0f8f,03000303,73783b4b,b3b83b8b,13101303,d2d012c2,e2ec2ece, 70703040,808c0c8c,333c3f0f,a0a82888,32303202,d1dc1dcd,f2f436c6,70743444, e0ec2ccc,91941585,03080b0b,53541747,505c1c4c,53581b4b,b1bc3d8d,01000101, 20242404,101c1c0c,73703343,90981888,10101000,c0cc0ccc,f2f032c2,d1d819c9, 202c2c0c,e3e427c7,72703242,83800383,93981b8b,d1d011c1,82840686,c1c809c9, 60602040,50501040,a3a02383,e3e82bcb,010c0d0d,b2b43686,929c1e8e,434c0f4f, b3b43787,52581a4a,c2c406c6,70783848,a2a42686,12101202,a3ac2f8f,d1d415c5, 61602141,c3c003c3,b0b43484,41400141,52501242,717c3d4d,818c0d8d,00080808, 131c1f0f,91981989,00000000,11181909,00040404,53501343,f3f437c7,e1e021c1, f1fc3dcd,72743646,232c2f0f,23242707,b0b03080,83880b8b,020c0e0e,a3a82b8b, a2a02282,626c2e4e,93901383,414c0d4d,61682949,707c3c4c,01080909,02080a0a, b3bc3f8f,e3ec2fcf,f3f033c3,c1c405c5,83840787,10141404,f2fc3ece,60642444, d2dc1ece,222c2e0e,43480b4b,12181a0a,02040606,21202101,63682b4b,62642646, 02000202,f1f435c5,92901282,82880a8a,000c0c0c,b3b03383,727c3e4e,d0d010c0, 72783a4a,43440747,92941686,e1e425c5,22242606,80800080,a1ac2d8d,d3dc1fcf, a1a02181,30303000,33343707,a2ac2e8e,32343606,11141505,22202202,30383808, f0f434c4,a3a42787,41440545,404c0c4c,81800181,e1e829c9,80840484,93941787, 31343505,c3c80bcb,c2cc0ece,303c3c0c,71703141,11101101,c3c407c7,81880989, 71743545,f3f83bcb,d2d81aca,f0f838c8,90941484,51581949,82800282,c0c404c4, f3fc3fcf,41480949,31383909,63642747,c0c000c0,c3cc0fcf,d3d417c7,b0b83888, 030c0f0f,828c0e8e,42400242,23202303,91901181,606c2c4c,d3d81bcb,a0a42484, 30343404,f1f031c1,40480848,c2c002c2,636c2f4f,313c3d0d,212c2d0d,40400040, b2bc3e8e,323c3e0e,b0bc3c8c,c1c001c1,a2a82a8a,b2b83a8a,424c0e4e,51541545, 33383b0b,d0dc1ccc,60682848,737c3f4f,909c1c8c,d0d818c8,42480a4a,52541646, 73743747,a0a02080,e1ec2dcd,42440646,b1b43585,23282b0b,61642545,f2f83aca, e3e023c3,b1b83989,b1b03181,939c1f8f,525c1e4e,f1f839c9,e2e426c6,b2b03282, 31303101,e2e82aca,616c2d4d,535c1f4f,e0e424c4,f0f030c0,c1cc0dcd,80880888, 12141606,32383a0a,50581848,d0d414c4,62602242,21282909,03040707,33303303, e0e828c8,13181b0b,01040505,71783949,90901080,62682a4a,22282a0a,92981a8a Park, et al. Informational [Page 10] RFC 4009 The SEED Encryption Algorithm February 2005 - Box-S SS3 08303838,c8e0e828,0d212c2d,86a2a426,cfc3cc0f,ced2dc1e,83b3b033,88b0b838, 8fa3ac2f,40606020,45515415,c7c3c407,44404404,4f636c2f,4b63682b,4b53581b, c3c3c003,42626022,03333033,85b1b435,09212829,80a0a020,c2e2e022,87a3a427, c3d3d013,81919011,01111011,06020406,0c101c1c,8cb0bc3c,06323436,4b43480b, cfe3ec2f,88808808,4c606c2c,88a0a828,07131417,c4c0c404,06121416,c4f0f434, c2c2c002,45414405,c1e1e021,c6d2d416,0f333c3f,0d313c3d,8e828c0e,88909818, 08202828,4e424c0e,c6f2f436,0e323c3e,85a1a425,c9f1f839,0d010c0d,cfd3dc1f, c8d0d818,0b23282b,46626426,4a72783a,07232427,0f232c2f,c1f1f031,42727032, 42424002,c4d0d414,41414001,c0c0c000,43737033,47636427,8ca0ac2c,8b83880b, c7f3f437,8da1ac2d,80808000,0f131c1f,cac2c80a,0c202c2c,8aa2a82a,04303434, c2d2d012,0b03080b,cee2ec2e,c9e1e829,4d515c1d,84909414,08101818,c8f0f838, 47535417,8ea2ac2e,08000808,c5c1c405,03131013,cdc1cc0d,86828406,89b1b839, cff3fc3f,4d717c3d,c1c1c001,01313031,c5f1f435,8a82880a,4a62682a,81b1b031, c1d1d011,00202020,c7d3d417,02020002,02222022,04000404,48606828,41717031, 07030407,cbd3d81b,8d919c1d,89919819,41616021,8eb2bc3e,c6e2e426,49515819, cdd1dc1d,41515011,80909010,ccd0dc1c,8a92981a,83a3a023,8ba3a82b,c0d0d010, 81818001,0f030c0f,47434407,0a12181a,c3e3e023,cce0ec2c,8d818c0d,8fb3bc3f, 86929416,4b73783b,4c505c1c,82a2a022,81a1a021,43636023,03232023,4d414c0d, c8c0c808,8e929c1e,8c909c1c,0a32383a,0c000c0c,0e222c2e,8ab2b83a,4e626c2e, 8f939c1f,4a52581a,c2f2f032,82929012,c3f3f033,49414809,48707838,ccc0cc0c, 05111415,cbf3f83b,40707030,45717435,4f737c3f,05313435,00101010,03030003, 44606424,4d616c2d,c6c2c406,44707434,c5d1d415,84b0b434,cae2e82a,09010809, 46727436,09111819,cef2fc3e,40404000,02121012,c0e0e020,8db1bc3d,05010405, caf2f83a,01010001,c0f0f030,0a22282a,4e525c1e,89a1a829,46525416,43434003, 85818405,04101414,89818809,8b93981b,80b0b030,c5e1e425,48404808,49717839, 87939417,ccf0fc3c,0e121c1e,82828002,01212021,8c808c0c,0b13181b,4f535c1f, 47737437,44505414,82b2b032,0d111c1d,05212425,4f434c0f,00000000,46424406, cde1ec2d,48505818,42525012,cbe3e82b,4e727c3e,cad2d81a,c9c1c809,cdf1fc3d, 00303030,85919415,45616425,0c303c3c,86b2b436,c4e0e424,8bb3b83b,4c707c3c, 0e020c0e,40505010,09313839,06222426,02323032,84808404,49616829,83939013, 07333437,c7e3e427,04202424,84a0a424,cbc3c80b,43535013,0a02080a,87838407, c9d1d819,4c404c0c,83838003,8f838c0f,cec2cc0e,0b33383b,4a42480a,87b3b437 Park, et al. Informational [Page 11] RFC 4009 The SEED Encryption Algorithm February 2005 Appendice B. Vettori di Prova Questa appendice fornisce vettori di prova del cifrario SEED descritto in questo documento. B.1. Chiave : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Testo in chiaro : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F Testo cifrato : 5E BA C6 E0 05 4E 16 68 19 AF F1 CC 6D 34 6C DB Valori Intermedi ------------------------------------------------------------------ K0 K1 L0 L1 R0 R1 ================================================================== Passo 1 : 7C8F8C7E C737A22C | 00010203 04050607 08090A0B 0C0D0E0F Passo 2 : FF276CDB A7CA684A | 08090A0B 0C0D0E0F 8081BC57 C4EA8A1F Passo 3 : 2F9D01A1 70049E41 | 8081BC57 C4EA8A1F 117A8B07 D7358C24 Passo 4 : AE59B3C4 4245E90C | 117A8B07 D7358C24 D1738C94 7326CAB0 Passo 5 : A1D6400F DBC1394E | D1738C94 7326CAB0 577ECE6D 1F8433EC Passo 6 : 85963508 0C5F1FCB | 577ECE6D 1F8433EC 910F62AB DDA096C1 Passo 7 : B684BDA7 61A4AEAE | 910F62AB DDA096C1 EA4D39B4 B17B1938 Passo 8 : D17E0741 FEE90AA1 | EA4D39B4 B17B1938 B04E251F 97D7442C Passo 9 : 76CC05D5 E97A7394 | B04E251F 97D7442C B86D31BF A5988C06 Passo 10 : 50AC6F92 1B2666E5 | B86D31BF A5988C06 9008EABF 38DF7430 Passo 11 : 65B7904A 8EC3A7B3 | 9008EABF 38DF7430 33E47DE0 54EFF76C Passo 12 : 2F7E2E22 A2B121B9 | 33E47DE0 54EFF76C 6BE9C434 BF3F378A Passo 13 : 4D0BFDE4 4E888D9B | 6BE9C434 BF3F378A B8DC3842 03A02D33 Passo 14 : 631C8DDC 4378A6C4 | B8DC3842 03A02D33 6679FCF7 9791DFCB Passo 15 : 216AF65F 7878C031 | 6679FCF7 9791DFCB 1A415792 A02B8C54 Passo 16 : 71891150 98B255B0 | 1A415792 A02B8C54 19AFF1CC 6D346CDB Park, et al. Informational [Page 12] RFC 4009 The SEED Encryption Algorithm February 2005 B.2. Chiave : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F Testo in chiaro : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Testo cifrato : C1 1F 22 F2 01 40 50 50 84 48 35 97 E4 37 0F 43 Valori Intermedi ------------------------------------------------------------------ K0 K1 L0 L1 R0 R1 ================================================================== Passo 1 : C119F584 5AE033A0 | 00000000 00000000 00000000 00000000 Passo 2 : 62947390 A600AD14 | 00000000 00000000 9D8DB62C 911F0C19 Passo 3 : F6F6544E 596C4B49 | 9D8DB62C 911F0C19 21229A97 4AB4B7B8 Passo 4 : C1A3DE02 CE483C49 | 21229A97 4AB4B7B8 5A27B404 899D7315 Passo 5 : 5E742E6D 7E25163D | 5A27B404 899D7315 B8489E76 BA0EF3EA Passo 6 : 8299D2B4 790A46CE | B8489E76 BA0EF3EA 04A3DF29 31A27FB4 Passo 7 : EA67D836 55F354F2 | 04A3DF29 31A27FB4 EC9C17BF 81AA2AA0 Passo 8 : C47329FB F50DB634 | EC9C17BF 81AA2AA0 4FA74E8D CDB21BB8 Passo 9 : 2BD30235 51679CE6 | 4FA74E8D CDB21BB8 D93492FE 4F71A4DA Passo 10 : FA8D6B76 A9F37E02 | D93492FE 4F71A4DA B14053D9 A911379B Passo 11 : 8B99CC60 0F6092D4 | B14053D9 A911379B 5A7024D6 3905668B Passo 12 : BDAEFCFA 489C2242 | 5A7024D6 3905668B 605C8C3A 73DFBB75 Passo 13 : F6357C14 CFCCB126 | 605C8C3A 73DFBB75 40282F39 31CB8987 Passo 14 : A0AA6D85 F8C10774 | 40282F39 31CB8987 E9F834A8 3B9586D4 Passo 15 : 47F4FEC5 353AE1BA | E9F834A8 3B9586D4 4B60324B 761C9958 Passo 16 : FECCEA48 A4EF9F9B | 4B60324B 761C9958 84483597 E4370F43 Park, et al. Informational [Page 13] RFC 4009 The SEED Encryption Algorithm February 2005 B.3. Chiave : 47 06 48 08 51 E6 1B E8 5D 74 BF B3 FD 95 61 85 Testo in chiaro : 83 A2 F8 A2 88 64 1F B9 A4 E9 A5 CC 2F 13 1C 7D Testo cifrato : EE 54 D1 3E BC AE 70 6D 22 6B C3 14 2C D4 0D 4A Valori Intermedi ------------------------------------------------------------------ K0 K1 L0 L1 R0 R1 ================================================================== Passo 1 : 56BE4A0F E9F62877 | 83A2F8A2 88641FB9 A4E9A5CC 2F131C7D Passo 2 : 68BCB66C 078911DD | A4E9A5CC 2F131C7D 7CE5F012 47F8C1E6 Passo 3 : 5B82740B FD24D09B | 7CE5F012 47F8C1E6 AAC99520 609F4CB7 Passo 4 : 8D608015 A120E0BE | AAC99520 609F4CB7 3E126D1F 44FA99F0 Passo 5 : 810A75AE 1BF223E5 | 3E126D1F 44FA99F0 11716365 9BA775AC Passo 6 : F9C0D2D0 0F676C02 | 11716365 9BA775AC 32C9838F BA5757CB Passo 7 : 8F9B5C84 8A7C8DDD | 32C9838F BA5757CB 77E00C64 CF9F6B32 Passo 8 : D4AB4896 18E93447 | 77E00C64 CF9F6B32 3F09B1F7 DE7D6D58 Passo 9 : CF090F51 5A4C8202 | 3F09B1F7 DE7D6D58 300E5CAA D0BF2345 Passo 10 : 4EC3196F 61B1A0DC | 300E5CAA D0BF2345 9574FDD7 4DF050D1 Passo 11 : 244E07C1 D0D10B12 | 9574FDD7 4DF050D1 A15EDA6F 624265FD Passo 12 : 69917C6C 7FF94FB3 | A15EDA6F 624265FD 9F39B682 D841C76F Passo 13 : 9A7EB482 723B5738 | 9F39B682 D841C76F EEBBAD8B C1F488EF Passo 14 : B97522C5 39CC6349 | EEBBAD8B C1F488EF 45CF5D4E BEEA4AA2 Passo 15 : FFC2AFD5 1412E731 | 45CF5D4E BEEA4AA2 43B7FE1B BCF87781 Passo 16 : A9AF7241 A3E67359 | 43B7FE1B BCF87781 226BC314 2CD40D4A Park, et al. Informational [Page 14] RFC 4009 The SEED Encryption Algorithm February 2005 B.4. Chiave : 28 DB C3 BC 49 FF D8 7D CF A5 09 B1 1D 42 2B E7 Testo in chiaro : B4 1E 6B E2 EB A8 4A 14 8E 2E ED 84 59 3C 5E C7 Testo cifrato : 9B 9B 7B FC D1 81 3C B9 5D 0B 36 18 F4 0F 51 22 Valori Intermedi ------------------------------------------------------------------ K0 K1 L0 L1 R0 R1 ================================================================== Passo 1 : B2B11B63 2EE9E2D1 | B41E6BE2 EBA84A14 8E2EED84 593C5EC7 Passo 2 : 11967260 71A62F24 | 8E2EED84 593C5EC7 1B31F2F7 3DDE00BA Passo 3 : 2E017A5A 35DAD7A7 | 1B31F2F7 3DDE00BA 35CC49C0 2AFB59EA Passo 4 : 1B2AB5FF A3ADA69F | 35CC49C0 2AFB59EA D7AB53AA AE82F1C7 Passo 5 : 519C9903 DA90AAEE | D7AB53AA AE82F1C7 24139958 B840E56F Passo 6 : 29FD95AD B94C3F13 | 24139958 B840E56F 24AB5291 544C9DBA Passo 7 : 6F629D19 8ACE692F | 24AB5291 544C9DBA E8152994 75D0B424 Passo 8 : 30A26E73 2F22338E | E8152994 75D0B424 A2CD1153 F32BB23A Passo 9 : 9721073A 98EE8DAE | A2CD1153 F32BB23A C386008B E3257731 Passo 10 : C597A8A9 27DCDC97 | C386008B E3257731 98396BFD 814F8972 Passo 11 : F5163A00 5FFD0003 | 98396BFD 814F8972 E74D2D0D 11D889D1 Passo 12 : 5CBE65DA A73403E4 | E74D2D0D 11D889D1 29D8C7B3 D1B71C0C Passo 13 : 7D5CF070 1D3B8092 | 29D8C7B3 D1B71C0C C4E692C2 D2F57F18 Passo 14 : 388C702B 1BAA4945 | C4E692C2 D2F57F18 2FAFB300 5F0C4BFF Passo 15 : 87D1AB5A FA13FB5C | 2FAFB300 5F0C4BFF 60E5F17C 5626BB68 Passo 16 : C97D7EED 90724A6E | 60E5F17C 5626BB68 5D0B3618 F40F5122 Park, et al. Informational [Page 15] RFC 4009 The SEED Encryption Algorithm February 2005 Indirizzi degli Autori Jongwook Park Korea Information Security Agency 78, Garak-Dong, Songpa-Gu, Seoul, 138-803 REPUBLIC OF KOREA Phone: +82-2-405-5432 FAX : +82-2-405-5499 EMail: khopri@kisa.or.kr Sungjae Lee Korea Information Security Agency Phone: +82-2-405-5243 FAX : +82-2-405-5499 EMail: sjlee@kisa.or.kr Jeeyeon Kim Korea Information Security Agency Phone: +82-2-405-5238 FAX : +82-2-405-5499 EMail: jykim@kisa.or.kr Jaeil Lee Korea Information Security Agency Phone: +82-2-405-5300 FAX : +82-2-405-5499 EMail: jilee@kisa.or.kr Park, et al. Informational [Page 16] RFC 4009 The SEED Encryption Algorithm February 2005 Dichiarazione Completa di Copyright (in lingua originale) Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Proprieta' Intellettuale (in lingua originale) The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the IETF's procedures with respect to rights in IETF Documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. Ringraziamenti Funding for the RFC Editor function is currently provided by the Internet Society. Park, et al. Informational [Page 17]