Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [key-schedule]

A key schedule is an algorithm that expands a relatively short master key to a relatively large expanded key for later use in an encryption and decryption algorithm.

A key schedule is an algorithm that expands a relatively short master key (typically between 40 and 256 bits long) to a relatively large expanded key (typically several hundred or thousand bits) for later use in an encryption and decryption algorithm. Key schedules are used in several ways:

  • To specify the round keys of a product cipher. DES [NBS77] uses its key schedule in this way, as do many other product ciphers.
  • To initialize some fixed elements of a cryptographic transform. Khufu [Mer91], Blowfish [Sch94], and SEAL [RC94] use a key schedule this way.
  • To initialize the state of a stream cipher prior to generating keystream. RC4 [Sch96] uses a key schedule in this way.
72 questions
15
votes
3 answers

Why do Feistel ciphers need round keys?

Looking at the design for Feistel ciphers, they use a list of round keys which are generated from the main key using the key schedule of the associated block cipher. Some block ciphers need this as to prevent repetition, but why does a Feistel…
Daffy
  • 2,429
  • 20
  • 29
14
votes
1 answer

What are the requirements of a key schedule?

In the first block cipher I designed I used a CSPRNG to generate the round keys. The purpose was to at least have a chance of creating a (hopefully!) secure cipher on the first try (but please don't use it in production). One criticism I got was…
Demi
  • 4,853
  • 1
  • 22
  • 40
13
votes
1 answer

Why expand keys? Why not rather generate a longer key?

AES-128 takes a 128-bit key (four 32-bit words), and expands it to a 352-bit key schedule (11 words). Speck48/72 takes a 72-bit key (three 24-bit words), and expands it to a 528-bit key schedule (22 words). Key expansion is an extremely popular…
Chris Morgan
  • 223
  • 1
  • 7
12
votes
3 answers

AES Inverse Key Schedule

I have a 128-bit input-block and the corresponding cipher-block given. Additionally I have the last round-key given. Is it now possible to get (calculate) the associated cipher-key? I already implemented the normal key-schedule with the rcon to…
Tom
  • 121
  • 1
  • 4
10
votes
2 answers

How secure is the AES master key if Round Keys are found

If an attacker finds some round key of AES256, is it possible to find the master key? How safe is the master key if an attackers finds multiple round keys?
Johnvox
  • 109
  • 1
  • 5
9
votes
1 answer

Is the AES Key Schedule weak?

After reading this paper entitled Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds, I was left wondering why AES's key schedule is invertible. In the paper, the authors use a related-key-attack to recover the round…
user1449
8
votes
1 answer

How complex must round constants be to resist slide attacks?

A key schedule that generates round keys by XORing a round constant with the key is linear and can be vulnerable to related key attacks, but let's ignore that for now. Constants are necessary to avoid the slide attack. How complex do these constants…
forest
  • 15,626
  • 2
  • 49
  • 103
8
votes
1 answer

Why are multiple rounds with generated subkeys used?

In AES-128, 10 rounds are used with subkeys generated from the 128-bit key. In DES, 48-bit subkeys are generated from a 56-bit key. This seems to be common in symmetric encryption. I ask this because of my understanding of entropy and randomness. If…
Doddy
  • 195
  • 3
8
votes
0 answers

Is the key schedule of Serpent a circle?

The creation of the prekeys for Serpent works by XORing some previous values with a counter and a fixed value. Every word is 32 bits big and 4 words form a round key (after applying a S-Box, but this shall not be part of this question). The original…
Nova
  • 3,900
  • 1
  • 18
  • 23
7
votes
2 answers

Security importance of Key Schedule in Block Cipher

For example block cipher AES-128, Key size is 128bit and it is used to make a 10 round key which is total 320bit. Question 1. If i use another Key schedule algorithm in AES, then security decreased or remain same? In other words, if the key schedule…
Seonghwan Cho
  • 73
  • 3
6
votes
1 answer

In AES Keyschedule : Infer all round keys and cipher key from last round key

I am given the last round key in AES and I want to infer all round keys and the first round key which is the cipherkey. Can anyone provide an algorithm to do that?
SebMa
  • 163
  • 1
  • 5
6
votes
1 answer

More rounds after AES related key attack?

In his blog Schneier discusses that there is a new related key attack on 10 rounds of AES-256 "Another attack can break a 10 round version of AES-256 in 245 time, but it uses a stronger type of related subkey attack". My question is how many more…
PYZH
  • 83
  • 6
5
votes
1 answer

Use large key size for RC4 to avoid RC4 bias

I saw a question on StackOverflow where RC4 was initialized by a 1024 bit key (with 2048 the maximum key size, if I'm not mistaken). Will such a large key size possibly solve any of the bias of the initial bits of the key stream produced by RC4?…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
5
votes
1 answer

Why do block ciphers use key schedules instead of round constants? (Even-Mansour)

Let's take AES as an example. What would be wrong with just having a 256 bit key that you XOR into your input and then XOR into your output? No key expansion at all. I believe it's even known as the Even-Mansour construction and is secure under the…
Jack Maluniv
  • 51
  • 1
5
votes
1 answer

Implications of identical round keys in AES (Rijndael)

When reading up on the Rijndael key schedule, I learned that the master key itself is used as a round key directly before the key schedule generates additional round keys. When a 256-bit key is used, the first half of the key goes to the first…
forest
  • 15,626
  • 2
  • 49
  • 103
1
2 3 4 5