Can someone explain to me why does using a key schedule make's AES more secure if instead of calculating and adding your round key's, you just keep on adding the cipher key. ?
Asked
Active
Viewed 519 times
2 Answers
5
Not using separate keys for each AES round would make your cipher vulnerable to slide attacks. Using two plaintexts M and M' with M' being the result of an AES round after calculating M as input, you can differentiate between those plaintexts by calculating the output of an AES round which takes the ciphertext C as input.
Due to the birthday problem, this attack schould reduce the complexity of breaking the AES to $\mathcal{O}(2^{n/2})$.
Source: Silde attack
AleksanderCH
- 6,511
- 10
- 31
- 64
Niklas Entschladen
- 51
- 5
3
Many block ciphers, including AES, encrypt using multiple/iterated rounds (10, 12 or 14 for AES depending on key size). Each round requires a key, called sub-key or round key (always 128-bit for AES), and it would be a weakness¹ if the same sub-key was used at each round.
The key schedule's job is to expand the original key (128, 192 or 256-bit for AES) into one sub-key per round. Without somewhat executing the key schedule, we would not get the right sub-keys, and the result of AES encryption or decryption would be wrong.
The key schedule does not really need to be performed before executing AES, at least for encryption: it can be performed while executing AES, and that's pretty common in hardware, and even in software when speed is less important than key ability and memory size.
¹ This other answer gives an attack, I would not bet there are not others even for AES-128, and for larger key sizes much of the key bits would go unused.
PS: much of the question is about the reasons for multiple subkeys, thus my answer is lacking; upvote another!
fgrieu
- 149,326
- 13
- 324
- 622