Differential cryptanalysis of eight-round SEED

Block Cipher SEED is one of the standard 128-bit block ciphers of ISO/IEC together with AES and Camellia (Aoki et al., 2000, ISO/IEC 18033-3, 2005; Korea Information Security Agency, 1999; National Institute of Standards and Technology, 2001) 1], 4], 5] and 6]. Since SEED had been developed, there is no distinguishing cryptanalysis except a 7-round differential attack in 2002 7]. For this, they used the six-round differential characteristics with probability ²−124 and analyzed seven-round SEED with 2¹²⁶ chosen plaintexts. In this paper, we propose a new seven-round differential characteristic with probability ²−122 and analyze eight-round SEED with 2¹²⁵ chosen plaintexts. The attack requires about 2¹²² eight-round encryptions. This is the best-known attack on a reduced version of SEED so far.