Английская Википедия:AES key schedule
Шаблон:Short description AES uses a key schedule to expand a short key into a number of separate round keys. The three AES variants have a different number of rounds. Each variant requires a separate 128-bit round key for each round plus one more.[note 1] The key schedule produces the needed round keys from the initial key.
Round constants
Шаблон:Mvar | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|---|---|---|---|---|---|---|---|---|---|
Шаблон:Mvar | 01 | 02 | 04 | 08 | 10 | 20 | 40 | 80 | 1B | 36 |
The round constant Шаблон:Mvar for round Шаблон:Mvar of the key expansion is the 32-bit word:Шаблон:Refn
- <math>rcon_i = \begin{bmatrix} rc_i & 00_{16} & 00_{16} & 00_{16} \end{bmatrix}</math>
where Шаблон:Mvar is an eight-bit value defined as :
- <math> rc_i =
\begin{cases} 1 & \text{if } i = 1 \\ 2 \cdot rc_{i-1} & \text{if } i > 1 \text{ and } rc_{i-1} < 80_{16} \\ (2 \cdot rc_{i-1}) \oplus \text {11B}_{16} & \text{if } i > 1 \text{ and } rc_{i-1} \ge 80_{16} \end{cases}
</math>
where <math>\oplus</math> is the bitwise XOR operator and constants such as Шаблон:Math and Шаблон:Math are given in hexadecimal. Equivalently:
- <math>rc_i = x^{i-1}</math>
where the bits of Шаблон:Mvar are treated as the coefficients of an element of the finite field <math>\rm{GF}(2)[x]/(x^8 + x^ 4 + x^3 + x + 1)</math>, so that e.g. <math>rc_{10} = 36_{16} = 00110110_2</math> represents the polynomial <math>x^5 + x^4 + x^2 + x</math>.
AES uses up to Шаблон:Math for AES-128 (as 11 round keys are needed), up to Шаблон:Math for AES-192, and up to Шаблон:Math for AES-256.[note 2]
The key schedule
Define:
- Шаблон:Mvar as the length of the key in 32-bit words: 4 words for AES-128, 6 words for AES-192, and 8 words for AES-256
- Шаблон:Math, Шаблон:Math, ... Шаблон:Math as the 32-bit words of the original key
- Шаблон:Mvar as the number of round keys needed: 11 round keys for AES-128, 13 keys for AES-192, and 15 keys for AES-256[note 3]
- Шаблон:Math, Шаблон:Math, ... Шаблон:Math as the 32-bit words of the expanded key[note 4]
Also define Шаблон:Math as a one-byte left circular shift:Шаблон:Refn
- <math>\operatorname{RotWord}(\begin{bmatrix} b_0 & b_1 & b_2 & b_3 \end{bmatrix}) = \begin{bmatrix} b_1 & b_2 & b_3 & b_0 \end{bmatrix}</math>
and Шаблон:Math as an application of the AES S-box to each of the four bytes of the word:
- <math>\operatorname{SubWord}(\begin{bmatrix} b_0 & b_1 & b_2 & b_3 \end{bmatrix}) = \begin{bmatrix} \operatorname{S}(b_0) & \operatorname{S}(b_1) & \operatorname{S}(b_2) & \operatorname{S}(b_3) \end{bmatrix}</math>
Then for <math>i = 0 \ldots 4R-1</math>:
- <math>W_i =
\begin{cases} K_i & \text{if } i < N \\ W_{i-N} \oplus \operatorname{SubWord}(\operatorname{RotWord}(W_{i-1})) \oplus rcon_{i/N} & \text {if } i \ge N \text{ and } i \equiv 0 \pmod{N} \\ W_{i-N} \oplus \operatorname{SubWord}(W_{i-1}) & \text{if } i \ge N \text{, } N > 6 \text{, and } i \equiv 4 \pmod{N} \\ W_{i-N} \oplus W_{i-1} & \text{otherwise.} \\ \end{cases}
</math>
Notes
References
External links
- Description of Rijndael's key schedule
- schematic view of the key schedule for 128 and 256 bit keys for 160-bit keys on Cryptography Stack Exchange
Ошибка цитирования Для существующих тегов <ref>
группы «note» не найдено соответствующего тега <references group="note"/>