SEED
SEED is a block cipher that almost nobody outside South Korea has ever encountered. It runs broadly through South Korean industry, yet it is seldom found anywhere else in the world. Its origin story starts with a judgment call: 40-bit encryption was not considered strong enough, so the Korea Information Security Agency, known as KISA, built a standard of its own. That single decision rippled outward in ways its designers may not have predicted. For years it shaped which web browsers Koreans could realistically use, and it tied a whole nation's online commerce to one browser plug-in. How does a piece of cryptography end up steering the choices of an entire country? And what happens when the rest of the world quietly walks away from it?
No major SSL libraries or web browsers supported the SEED algorithm in its early years. That gap forced a strange workaround on Korean users. To reach a secure website, they had to rely on an ActiveX control running inside Internet Explorer. The choice locked secure browsing to a single vendor's technology, and it historically limited the competition among web browsers in Korea. A security standard meant to strengthen encryption had narrowed the field of software people could use to get online. On the 1st of April 2015, the Ministry of Science, ICT and Future Planning, abbreviated MSIP, announced a plan to break that dependency. The target was to remove ActiveX from at least 90 percent of the country's top 100 websites by 2017. HTML5-based technologies would take its place, chosen because they run across many platforms, including mobile devices. The ministry intended to start in the private sector, then expand the effort until public websites were freed of the dependency as well.
16 rounds of a Feistel network form the core of SEED, operating on 128-bit blocks with a 128-bit key. It uses two 8 by 8 S-boxes, which, like those of SAFER, are derived from discrete exponentiation, in this case x247 and x251, plus some operations the designers described as incompatible. The structure has a recursive quality that recalls MISTY1. The full 128-bit cipher is a Feistel network whose F-function works on 64-bit halves, while that F-function is itself a Feistel network built from a G-function working on 32-bit halves. The recursion stops there, because the G-function is not a Feistel network. Inside the G-function, the 32-bit word is treated as four 8-bit bytes. Each byte is passed through one or the other of the S-boxes, then combined through a moderately complex set of boolean functions. The arrangement is built so that each output bit depends on 3 of the 4 input bytes. The cipher also carries a fairly complex key schedule, producing thirty-two 32-bit subkeys by applying its G-function to a series of rotations of the raw key. Those rotations are combined with round constants derived, as in TEA, from the Golden ratio.
Several standard protocols formally adopted SEED, giving it a documented place in the wider security ecosystem. It appears in S/MIME under RFC 4010, in TLS and SSL under RFC 4162, in IPSec under RFC 4196, and in ISO/IEC 18033-3:2010. The NSS software security library in Mozilla's Gecko platform implemented support for the algorithm. Mozilla Firefox supported SEED as a TLS cipher beginning with version 3.5.4. That support did not last by default. Mozilla decided to drop SEED in Firefox 27 and above, reasoning that the cipher had no practical positive effect in helping South Korea migrate away from ActiveX-based e-commerce. Other browsers were not offering any SEED-based cipher suites either. NSS itself still supports SEED-based cipher suites. The Linux kernel has supported the cipher since 2007, and Bloombase supports it across their full suite of data cryptography solutions.
Common questions
What is SEED the block cipher and who developed it?
SEED is a block cipher developed by the Korea Information Security Agency, known as KISA. It is used broadly throughout South Korean industry but seldom found elsewhere.
Why was the SEED cipher created in South Korea?
SEED gained popularity in Korea because 40-bit encryption was not considered strong enough, so the Korea Information Security Agency developed its own standard. The decision historically limited the competition of web browsers in Korea.
How does the SEED block cipher work in its design?
SEED is a 16-round Feistel network with 128-bit blocks and a 128-bit key. It uses two 8 by 8 S-boxes derived from discrete exponentiation, x247 and x251, and generates thirty-two 32-bit subkeys through a fairly complex key schedule using round constants from the Golden ratio.
Why did SEED require ActiveX and Internet Explorer in Korea?
No major SSL libraries or web browsers supported the SEED algorithm, so Korean users needed an ActiveX control in Internet Explorer to reach secure websites. On the 1st of April 2015, the Ministry of Science, ICT and Future Planning announced a plan to remove the ActiveX dependency from at least 90 percent of the country's top 100 websites by 2017.
Which standards and software support the SEED cipher?
SEED has been adopted by S/MIME in RFC 4010, TLS and SSL in RFC 4162, IPSec in RFC 4196, and ISO/IEC 18033-3:2010. The Linux kernel has supported SEED since 2007, Bloombase supports it across its data cryptography solutions, and Mozilla's NSS library still supports SEED-based cipher suites.
Why did Mozilla Firefox drop support for SEED?
Mozilla Firefox supported SEED as a TLS cipher starting with version 3.5.4 but dropped it by default in Firefox 27 and above. Mozilla reasoned that SEED support had no practical positive effect in helping South Korea migrate away from ActiveX-based e-commerce, and other browsers offered no SEED-based cipher suites.