AES Key Schedule Algorithm

Cryptography Tutorials - Herong's Tutorial Examples

∟Introduction to AES (Advanced Encryption Standard)

∟AES Key Schedule Algorithm

A quick description of the AES key schedule algorithm is provided. AES key schedule expands the given cipher key into 11 round keys. It uses round constants, S-box lookups and byte rotations.

The first step of the AES encryption algorithm is to call the KeyExpansion() procedure to generate 11 round keys based on a given cipher key. The KeyExpansion() procedure is also called key schedule generation.

Here is the algorithm of the KeyExpansion() procedure should follow for 128-bit cipher keys:

Procedure Name: 
   KeyExpansion(K,k[])

Input:
   K: 128 bits cipher key
   Rcon[]: Round constant array
   SubWord(): Word substitution procedure
   RotWord(): Word rotation procedure

Output:
   k[11]: 11 round keys as 4x4 byte arrays

Algorithm:
   w[4*11]              # a word array holding 11 round keys
   w[0..3] = K          # setting cipher key as the first round key
   
   for i = 4 to 43      # computing words of other round keys
      temp = w[i-1]     # copying previous word to a temp variable
      if (i mod 4 = 0)
         temp = SubWord(RotWord(temp)) 
         temp = temp XOR Rcon[i/4]
      end if
      w[i] = w[i-4] XOR temp
   end for
    
   for i = 0 to 10      # building 11 round keys as 4x4 byte arrays
      k[i] = w[4*i..4*i+3]
   end for

Some notes on KeyExpansion() algorithm:

The KeyExpansion() algorithm is mainly operate on unit of word, which is 4 bytes or 32 bits long.
The RotWord() procedure performs a rotate (cyclic shift) operation of 1 byte to the left on the given word.
The SubWord() procedure performs a byte substitution operation with the same S-box as the encryption algorithm on the given word.
The round constant array, Rcon[], holds 11 constants: 0x8d000000, 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000.