Differential attack on nine rounds of the SEED block cipher

The SEED block cipher has a 128-bit block length, a 128-bit user key and a total number of 16 rounds. It is an ISO international standard. In this letter, we describe two 7-round differentials with a trivially larger probability than the best previously known one on SEED, and present a differential cryptanalysis attack on a 9-round reduced version of SEED. The attack requires a memory of 2(69.71) bytes, and has a time complexity of 2(126.36) encryptions with a success probability of 99.9% when using 2(125) chosen plaintexts, or a time complexity of 2(125.36) encryptions with a success probability of 97.8% when using 2(124) chosen plaintexts. Our result is better than any previously published cryptanalytic results on SEED in terms of the numbers of attacked rounds, and it suggests for the first time that the safety margin of SEED decreases below half of the number of rounds. (C) 2013 Elsevier B.V. All rights reserved.