Differential Cryptanalysis of a Reduced-Round SEED
We analyze the security of the SEED block cipher against differential attacks. SEED is a 16-round Feistel cipher developed by the Korea Information Security Agency. The SEED proposers estimated their cipher against differential cryptanalysis in a self-estimation document and found a six-round differential characteristic with probability 2-130. We present an improved method of examining the differential characteristics of SEED and show three six-round differential characteristics with probability 2-124. These characteristics allow us to attack sevenround SEED, which surpasses the proposers estimation. Our differential attack needs 2126 chosen-plaintext pairs and 2126 computations of the F function to deduce the subkey used in the last round of seven-round SEED.
Keywordssymmetric block cipher SEED differential attack characteristic probability
Unable to display preview. Download preview PDF.
- 2.E. Biham and A. Shamir, Differential Cryptanalysis of Feal and N-Hash, EUROCRYPT’ 91, Lecture Notes in Computer Science 547, 1–16, 1991.Google Scholar
- 3.Korean Information Security Agency, A Design and Analysis of SEED, 1998 (in Korean). (http://www.kisa.or.kr/technology/sub1/128-seed.pdf)
- 4.Korean Information Security Agency, ANNEX: The Analyses on SEED, seed analysis.doc, 2000. (http://www.kisa.or.kr/seed/algorithm.htm)
- 5.Korean National Body, Contribution for Korean Candidates of Encryption Algorithm (SEED), ISO/IEC JTC1 SC27 N2563, seed english.doc, 2000. (http://www.kisa.or.kr/seed/algorithm.htm)
- 6.H. Lipmaa and S. Moriai, Efficient Algorithms for Computing Differential Properties of Addition, FSE 2001, Lecture Notes in Computer Science 2355, 336–350, 2002.Google Scholar