An example to demonstrate the point with two Feistel networks:
Cipher A: \begin{align} roundkey = hash(key || counter)\\ roundkey = hash(key || roundkey)\\ left = left\oplus hash(roundkey || right)\\ ... swap\ and\ continue \end{align}
Cipher B: \begin{align} roundkey = hash(key || counter || right)\\ roundkey = hash(key || roundkey)\\ left = left\oplus hash(roundkey || right)\\ ...swap\ and\ continue \end{align}
In the above, Cipher A would produce identical round keys during every encryption/decryption, while the round keys in Cipher B would be different for each set of plaintext/ciphertext pairs.
Do key schedules which incorporate plaintext data to generate randomized round keys offer any particular benefits or complaints compared to key schedules which produce the same round key regardless of the data being operated upon?
I understand that incorporating plaintext data might potentially allow an adversary to influence the key schedule, but the extent of which that is a problem probably depends on the specifics of the algorithm in question. I'm more interested about the general case, if there's anything that can be said about it. I'm also interested in whether or not it could complicate statistical side channel attacks like differential power analysis.
Are there many examples of randomized data dependent key schedules? Or better, papers outlining attacks against them? My search mostly turned up "data dependent rotations".
