Key schedule: Difference between revisions
Content deleted Content added
m Moved explanation of "<<<" to diagram caption |
→Some types of key schedulers: More explanation of some complex kinds of key schedules |
||
| Line 3: | Line 3: | ||
In [[cryptography]], the so-called [[product cipher]]s are a certain kind of ciphers, where the (de-)ciphering of data is done in so-called "rounds", where the general setup of each round is the same, except for some hard-coded parameters and a part of the [[key (cryptography)|cipher key]], called a subkey. A [[key schedule]]r is an algorithm that, given the key, calculates the subkey for these rounds. |
In [[cryptography]], the so-called [[product cipher]]s are a certain kind of ciphers, where the (de-)ciphering of data is done in so-called "rounds", where the general setup of each round is the same, except for some hard-coded parameters and a part of the [[key (cryptography)|cipher key]], called a subkey. A [[key schedule]]r is an algorithm that, given the key, calculates the subkey for these rounds. |
||
== Some types of key |
== Some types of key schedules == |
||
*Some ciphers have simple key schedules. For example, the block cipher [[Tiny_Encryption_Algorithm|TEA]] simply splits the 128-bit key into four 32-bit pieces and uses them repeatedly in successive rounds |
*Some ciphers have simple key schedules. For example, the block cipher [[Tiny_Encryption_Algorithm|TEA]] simply splits the 128-bit key into four 32-bit pieces and uses them repeatedly in successive rounds. |
||
*[[Data Encryption Standard|DES]] uses a key scheduler where the 56 bit key is divided into two 28-bit halves; each half is thereafter treated separately. In successive rounds, both halves are rotated left by one or two bits (specified for each round), and then 48 subkey bits are selected by Permuted Choice 2 (PC-2) — 24 bits from the left half, and 24 from the right. The rotations mean that a different set of bits is used in each subkey; each bit is used in approximately 14 out of the 16 subkeys. |
*[[Data Encryption Standard|DES]] uses a key scheduler where the 56 bit key is divided into two 28-bit halves; each half is thereafter treated separately. In successive rounds, both halves are rotated left by one or two bits (specified for each round), and then 48 subkey bits are selected by Permuted Choice 2 (PC-2) — 24 bits from the left half, and 24 from the right. The rotations mean that a different set of bits is used in each subkey; each bit is used in approximately 14 out of the 16 subkeys. |
||
*In an effort to avoid simple relationships between the cipher key and the subkeys, many modern ciphers use much elaborate key schedules, algorithms that use a [[one-way function]] to generate an "expanded key" from which subkeys are drawn. Some ciphers, such as [[Rijndael key schedule|Rijndael (AES)]] and [[Blowfish (cipher)|Blowfish]], use parts of the cipher algorithm itself for this key expansion, sometimes initialized with some "[[nothing up my sleeve number]]s". Other ciphers, such as [[RC5]], expand keys with functions that are somewhat or completely different from the encryption functions. |
|||
== Notes == |
== Notes == |
||
Revision as of 23:42, 4 December 2006
In cryptography, the so-called product ciphers are a certain kind of ciphers, where the (de-)ciphering of data is done in so-called "rounds", where the general setup of each round is the same, except for some hard-coded parameters and a part of the cipher key, called a subkey. A key scheduler is an algorithm that, given the key, calculates the subkey for these rounds.
Some types of key schedules
- Some ciphers have simple key schedules. For example, the block cipher TEA simply splits the 128-bit key into four 32-bit pieces and uses them repeatedly in successive rounds.
- DES uses a key scheduler where the 56 bit key is divided into two 28-bit halves; each half is thereafter treated separately. In successive rounds, both halves are rotated left by one or two bits (specified for each round), and then 48 subkey bits are selected by Permuted Choice 2 (PC-2) — 24 bits from the left half, and 24 from the right. The rotations mean that a different set of bits is used in each subkey; each bit is used in approximately 14 out of the 16 subkeys.
- In an effort to avoid simple relationships between the cipher key and the subkeys, many modern ciphers use much elaborate key schedules, algorithms that use a one-way function to generate an "expanded key" from which subkeys are drawn. Some ciphers, such as Rijndael (AES) and Blowfish, use parts of the cipher algorithm itself for this key expansion, sometimes initialized with some "nothing up my sleeve numbers". Other ciphers, such as RC5, expand keys with functions that are somewhat or completely different from the encryption functions.
Notes
Knudsen and Mathiassen (2004) give some experimental evidence that indicate that the key-schedule plays a part in providing strength against linear and differential cryptanalysis. For toy Feistel ciphers, it was observed that those with complex and well-designed key schedules can reach a uniform distribution for the probabilities of differentials and linear hulls faster than those with poorly-designed key schedules.
See also
References
- Lars R. Knudsen and John Erik Mathiassen, On the Role of Key Schedules in Attacks on Iterated Ciphers, ESORICS 2004, pp322–334.
