AES uses a
key schedule
In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of ''rounds''. The setup for each round is generally the same, except for round-specific fixed valu ...
to expand a short key into a number of separate round keys. The three AES variants have a different number of rounds. Each variant requires a separate 128-bit round key for each round plus one more.
[Non-AES Rijndael variants require up to 256 bits of expanded key per round] The key schedule produces the needed round keys from the initial key.
Round constants
The round constant for round of the key expansion is the 32-bit word:
:
where is an eight-bit value defined as :
:
where
is the
bitwise XOR
In computer programming, a bitwise operation operates on a bit string, a bit array or a binary numeral (considered as a bit string) at the level of its individual bits. It is a fast and simple action, basic to the higher-level arithmetic operati ...
operator and constants such as and are given in
hexadecimal
In mathematics and computing, the hexadecimal (also base-16 or simply hex) numeral system is a positional numeral system that represents numbers using a radix (base) of 16. Unlike the decimal system representing numbers using 10 symbols, hexa ...
. Equivalently:
:
where the bits of are treated as the coefficients of an element of the
finite field
In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtr ...
, so that e.g.
represents the polynomial
.
AES uses up to for AES-128 (as 11 round keys are needed), up to for AES-192, and up to for AES-256.
[
The Rijndael variants with larger block sizes use more of these constants, up to for Rijndael with 128-bit keys and 256 bit blocks (needs 15 round keys of each 256 bit, which means 30 full rounds of key expansion, which means 29 calls to the ''key schedule core'' using the round constants). The remaining constants for are: 6C, D8, AB, 4D, 9A, 2F, 5E, BC, 63, C6, 97, 35, 6A, D4, B3, 7D, FA, EF and C5]
The key schedule
Define:
* as the length of the key in 32-bit words: 4 words for AES-128, 6 words for AES-192, and 8 words for AES-256
* , , ... as the 32-bit words of the original key
* as the number of round keys needed: 11 round keys for AES-128, 13 keys for AES-192, and 15 keys for AES-256
[Other Rijndael variants require round keys, where is the block size in words]
* , , ... as the 32-bit words of the expanded key
[Other Rijndael variants require words of expanded key, where is the block size in words]
Also define as a one-byte
left circular shift:
:
and as an application of the
AES S-box to each of the four bytes of the word:
:
Then for
:
:
Notes
References
FIPS PUB 197: the official AES standard(
PDF
Portable Document Format (PDF), standardized as ISO 32000, is a file format developed by Adobe in 1992 to present documents, including text formatting and images, in a manner independent of application software, hardware, and operating systems. ...
file)
{{reflist, group=ref
External links
Description of Rijndael's key schedule* schematic view of the key schedul
for 128 and 256 bit keysfor 160-bit keys
on Cryptography Stack Exchange
Stack Exchange is a network of question-and-answer (Q&A) websites on topics in diverse fields, each site covering a specific topic, where questions, answers, and users are subject to a reputation award process. The reputation system allows th ...
Advanced Encryption Standard
Key management