When reading up on the Rijndael key schedule, I learned that the master key itself is used as a round key directly before the key schedule generates additional round keys. When a 256-bit key is used, the first half of the key goes to the first AddRoundKey and the second half goes to the second. This means that, if the 256-bit master key is composed of a single 128-bit value repeated twice, the first and second round key will be the same. I assume the cipher is not designed to remain secure under identical round keys, or there wouldn't be the need to use a key schedule.
Example key schedule test vectors with a 256-bit null key show round keys 1 and 2 are identical:
key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rk01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rk02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rk03: 62 63 63 63 62 63 63 63 62 63 63 63 62 63 63 63
rk04: aa fb fb fb aa fb fb fb aa fb fb fb aa fb fb fb
rk05: 6f 6c 6c cf 0d 0f 0f ac 6f 6c 6c cf 0d 0f 0f ac
rk06: 7d 8d 8d 6a d7 76 76 91 7d 8d 8d 6a d7 76 76 91
rk07: 53 54 ed c1 5e 5b e2 6d 31 37 8e a2 3c 38 81 0e
rk08: 96 8a 81 c1 41 fc f7 50 3c 71 7a 3a eb 07 0c ab
rk09: 9e aa 8f 28 c0 f1 6d 45 f1 c6 e3 e7 cd fe 62 e9
rk10: 2b 31 2b df 6a cd dc 8f 56 bc a6 b5 bd bb aa 1e
rk11: 64 06 fd 52 a4 f7 90 17 55 31 73 f0 98 cf 11 19
rk12: 6d bb a9 0b 07 76 75 84 51 ca d3 31 ec 71 79 2f
rk13: e7 b0 e8 9c 43 47 78 8b 16 76 0b 7b 8e b9 1a 62
rk14: 74 ed 0b a1 73 9b 7e 25 22 51 ad 14 ce 20 d4 3b
rk15: 10 f8 0a 17 53 bf 72 9c 45 c9 79 e7 cb 70 63 85
Do two identical round keys cause any security issues in Rjndael?
